From 5ccd0e06d0e64306082360cac1946037698de54d Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 30 Mar 2023 08:54:40 -0600 Subject: [PATCH 001/279] Adding a new labeling strategy for our Helm charts (#110) * Adding a new labeling strategy for our Helm charts- starting with Arborist. Will also conditionally include Datadog environment variables. * bumping up the chart version and making variables for the datadog_setup.tpl * fixing linting issues * adding code reusability for labeling and datadog labels/environment variables. Made each chart have consistent labeling. * updating the dependency chart versions for umbrella chart * fixing the labeling for indexd and manifest service, so we don't produce an error on install * fix for linting errors * resolving blank line error for linting * Add uwsgi.ini override for indexd --------- Co-authored-by: Jawad Qureshi --- .secrets.baseline | 86 +++++++++---------- helm/ambassador/Chart.yaml | 7 +- helm/ambassador/README.md | 21 ++++- helm/ambassador/templates/_helpers.tpl | 20 +++-- helm/ambassador/templates/deployment.yaml | 16 ++-- helm/ambassador/values.yaml | 34 ++++++-- helm/arborist/Chart.yaml | 4 +- helm/arborist/README.md | 12 ++- helm/arborist/templates/_helpers.tpl | 20 +++-- helm/arborist/templates/deployment.yaml | 11 ++- helm/arborist/values.yaml | 21 +++++ helm/argo-wrapper/Chart.yaml | 7 +- helm/argo-wrapper/README.md | 20 ++++- helm/argo-wrapper/templates/_helpers.tpl | 32 +++---- helm/argo-wrapper/templates/deployment.yaml | 20 +++-- helm/argo-wrapper/values.yaml | 33 +++++-- helm/audit/Chart.yaml | 4 +- helm/audit/README.md | 19 ++-- helm/audit/templates/_helpers.tpl | 20 +++-- helm/audit/templates/deployment.yaml | 11 ++- helm/audit/values.yaml | 36 ++++---- helm/aws-es-proxy/Chart.yaml | 7 +- helm/aws-es-proxy/README.md | 19 +++- helm/aws-es-proxy/templates/_helpers.tpl | 21 +++-- helm/aws-es-proxy/templates/deployment.yaml | 9 ++ helm/aws-es-proxy/values.yaml | 31 +++++++ helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/common/templates/_datadog_setup.tpl | 35 ++++++++ helm/common/templates/_labels_setup.tpl | 37 ++++++++ helm/dicom-server/Chart.yaml | 7 +- helm/dicom-server/README.md | 19 +++- helm/dicom-server/templates/_helpers.tpl | 21 +++-- helm/dicom-server/templates/deployment.yaml | 11 ++- helm/dicom-server/values.yaml | 27 ++++++ helm/dicom-viewer/Chart.yaml | 7 +- helm/dicom-viewer/README.md | 19 +++- helm/dicom-viewer/templates/_helpers.tpl | 21 +++-- helm/dicom-viewer/templates/deployment.yaml | 12 ++- helm/dicom-viewer/values.yaml | 27 ++++++ helm/elasticsearch/Chart.yaml | 7 +- helm/elasticsearch/README.md | 19 +++- helm/elasticsearch/templates/_helpers.tpl | 20 +++-- helm/elasticsearch/templates/deployment.yaml | 9 ++ helm/elasticsearch/values.yaml | 27 ++++++ helm/fence/Chart.yaml | 4 +- helm/fence/README.md | 19 ++-- helm/fence/templates/_helpers.tpl | 20 +++-- helm/fence/templates/fence-deployment.yaml | 11 ++- helm/fence/values.yaml | 52 ++++------- helm/gen3/Chart.yaml | 44 +++++----- helm/gen3/README.md | 44 +++++----- helm/guppy/Chart.yaml | 4 +- helm/guppy/README.md | 12 ++- helm/guppy/templates/_helpers.tpl | 32 +++---- helm/guppy/templates/deployment.yaml | 19 ++-- helm/guppy/values.yaml | 20 +++++ helm/hatchery/Chart.yaml | 7 +- helm/hatchery/README.md | 16 +++- helm/hatchery/templates/_helpers.tpl | 20 +++-- helm/hatchery/templates/deployment.yaml | 9 ++ helm/hatchery/values.yaml | 20 +++++ helm/indexd/Chart.yaml | 4 +- helm/indexd/README.md | 15 +++- helm/indexd/templates/_helpers.tpl | 20 +++-- helm/indexd/templates/deployment.yaml | 12 +++ helm/indexd/templates/uwsgi.yaml | 42 +++++++++ helm/indexd/values.yaml | 27 ++++++ helm/manifestservice/Chart.yaml | 7 +- helm/manifestservice/README.md | 25 ++++-- helm/manifestservice/templates/_helpers.tpl | 21 +++-- .../manifestservice/templates/deployment.yaml | 17 +++- helm/manifestservice/values.yaml | 38 +++++--- helm/metadata/Chart.yaml | 4 +- helm/metadata/README.md | 14 ++- helm/metadata/templates/_helpers.tpl | 34 +++----- helm/metadata/templates/deployment.yaml | 19 ++-- helm/metadata/values.yaml | 28 ++++-- helm/peregrine/Chart.yaml | 4 +- helm/peregrine/README.md | 12 ++- helm/peregrine/templates/_helpers.tpl | 20 +++-- helm/peregrine/templates/deployment.yaml | 9 ++ helm/peregrine/values.yaml | 20 +++++ helm/pidgin/Chart.yaml | 5 +- helm/pidgin/README.md | 12 ++- helm/pidgin/templates/_helpers.tpl | 32 +++---- helm/pidgin/templates/deployment.yaml | 21 +++-- helm/pidgin/values.yaml | 20 +++++ helm/portal/Chart.yaml | 7 +- helm/portal/README.md | 20 +++-- helm/portal/templates/_helpers.tpl | 20 +++-- helm/portal/templates/deployment.yaml | 14 ++- helm/portal/values.yaml | 31 ++++--- helm/requestor/Chart.yaml | 4 +- helm/requestor/README.md | 13 ++- helm/requestor/templates/_helpers.tpl | 33 +++---- helm/requestor/templates/deployment.yaml | 19 ++-- helm/requestor/values.yaml | 25 ++++-- helm/revproxy/Chart.yaml | 7 +- helm/revproxy/README.md | 16 +++- helm/revproxy/templates/_helpers.tpl | 21 +++-- helm/revproxy/templates/deployment.yaml | 9 ++ helm/revproxy/values.yaml | 20 +++++ helm/sheepdog/Chart.yaml | 4 +- helm/sheepdog/README.md | 12 ++- helm/sheepdog/templates/_helpers.tpl | 33 +++---- helm/sheepdog/templates/deployment.yaml | 17 ++-- helm/sheepdog/values.yaml | 20 +++++ helm/ssjdispatcher/Chart.yaml | 7 +- helm/ssjdispatcher/README.md | 20 +++-- helm/ssjdispatcher/templates/_helpers.tpl | 20 +++-- helm/ssjdispatcher/templates/deployment.yaml | 24 ++++-- helm/ssjdispatcher/values.yaml | 32 ++++--- helm/wts/Chart.yaml | 4 +- helm/wts/README.md | 18 ++-- helm/wts/templates/_helpers.tpl | 19 ++-- helm/wts/templates/deployment.yaml | 15 +++- helm/wts/values.yaml | 34 +++++--- 118 files changed, 1618 insertions(+), 625 deletions(-) create mode 100644 helm/common/templates/_datadog_setup.tpl create mode 100644 helm/common/templates/_labels_setup.tpl create mode 100644 helm/indexd/templates/uwsgi.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 4bbd33c5..5efb33af 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-03-16T19:37:11Z", + "generated_at": "2023-03-29T21:20:01Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -88,21 +88,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 38, + "line_number": 43, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 40, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 65, "type": "Secret Keyword" } ], @@ -111,21 +111,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 76, + "line_number": 75, "type": "Secret Keyword" } ], @@ -200,28 +200,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 104, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 101, + "line_number": 106, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 129, + "line_number": 133, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 160, + "line_number": 165, "type": "Secret Keyword" } ], @@ -285,7 +285,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1890, + "line_number": 1874, "type": "Secret Keyword" } ], @@ -365,28 +365,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 40, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 42, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 67, "type": "Secret Keyword" }, { "hashed_secret": "cb87e7ebb6991e08dc8964923e04230d002b7f12", "is_secret": false, "is_verified": false, - "line_number": 90, + "line_number": 99, "type": "Secret Keyword" } ], @@ -413,7 +413,7 @@ "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 67, "type": "Secret Keyword" } ], @@ -454,28 +454,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 42, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 44, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 68, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 89, + "line_number": 97, "type": "Secret Keyword" } ], @@ -525,28 +525,28 @@ "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_secret": false, "is_verified": false, - "line_number": 26, + "line_number": 37, "type": "Base64 High Entropy String" }, { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_secret": false, "is_verified": false, - "line_number": 30, + "line_number": 41, "type": "Base64 High Entropy String" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 57, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 59, "type": "Secret Keyword" } ], @@ -554,13 +554,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 460, + "line_number": 469, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 463, + "line_number": 472, "type": "Base64 High Entropy String" } ], @@ -569,21 +569,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 56, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 71, + "line_number": 76, "type": "Secret Keyword" } ], @@ -592,21 +592,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 33, + "line_number": 44, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 35, + "line_number": 46, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 72, "type": "Secret Keyword" } ], @@ -624,42 +624,42 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 56, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 69, + "line_number": 75, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 89, + "line_number": 96, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 103, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 98, + "line_number": 105, "type": "Secret Keyword" } ], @@ -727,7 +727,7 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 227, + "line_number": 215, "type": "Secret Keyword" } ], @@ -736,21 +736,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 40, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 42, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 69, + "line_number": 70, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 849fad31..6ee0ae58 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.4.2" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9f6c9574..1a1bf24c 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,9 +1,15 @@ # ambassador -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -14,7 +20,15 @@ A Helm chart for deploying ambassador for gen3 | autoscaling.maxReplicas | int | `10` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `60` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `"ambassador-deployment"` | Override the full name of the deployment. | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/datawire/ambassador","tag":"1.4.2"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/datawire/ambassador"` | Docker repository. | @@ -22,9 +36,10 @@ A Helm chart for deploying ambassador for gen3 | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | +| partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `nil` | Annotations to add to the pod. | -| podLabels | map | `nil` | Labels to add to the pod. | | podSecurityContext | map | `{"runAsUser":8888}` | Pod-level security context. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"memory":"400Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"memory":"400Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -33,7 +48,7 @@ A Helm chart for deploying ambassador for gen3 | resources.requests.cpu | string | `"100m"` | The amount of CPU requested | | resources.requests.memory | string | `"100Mi"` | The amount of memory requested | | securityContext | map | `{}` | Container-level security context. | -| selectorLabels | map | `{"service":"ambassador"}` | Labels to use for selecting the deployment. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":8877,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `8877` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/ambassador/templates/_helpers.tpl b/helm/ambassador/templates/_helpers.tpl index f54ca8a8..913976ff 100644 --- a/helm/ambassador/templates/_helpers.tpl +++ b/helm/ambassador/templates/_helpers.tpl @@ -34,21 +34,27 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "ambassador.labels" -}} -helm.sh/chart: {{ include "ambassador.chart" . }} -{{ include "ambassador.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "ambassador.selectorLabels" -}} -service: ambassador +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} - {{/* Create the name of the service account to use */}} diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index 33710fc9..ec6683ca 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -4,13 +4,16 @@ metadata: name: ambassador-deployment labels: {{- include "ambassador.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - app: ambassador + {{- include "ambassador.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -18,10 +21,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - app: ambassador - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end}} + {{- include "ambassador.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: affinity: podAntiAffinity: @@ -46,6 +49,9 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 10 }} + {{- end }} - name: AMBASSADOR_NAMESPACE value: {{ printf "%s-%s" .Values.userNamespace .Release.Name | quote }} - name: AMBASSADOR_SINGLE_NAMESPACE diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index 4f71208a..d7db700e 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -2,6 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + # -- (int) Number of replicas for the deployment. replicaCount: 1 @@ -36,9 +43,6 @@ serviceAccount: # -- (map) Annotations to add to the pod. podAnnotations: -# -- (map) Labels to add to the pod. -podLabels: - # -- (map) Pod-level security context. podSecurityContext: runAsUser: 8888 @@ -60,10 +64,6 @@ service: # -- (int) The port number that the service exposes. port: 8877 -# -- (map) Labels to use for selecting the deployment. -selectorLabels: - service: ambassador - # -- (string) Namespace to use for user resources. userNamespace: "jupyter-pods" @@ -101,3 +101,23 @@ tolerations: [] # -- (map) Affinity to use for the deployment. affinity: {} + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Workspace-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index cb18f4e9..2c97db7f 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 5623f8fd..22c761e9 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -21,6 +21,11 @@ A Helm chart for gen3 arborist | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | | fullnameOverride | string | `""` | Override the full name of the deployment. | @@ -54,6 +59,7 @@ A Helm chart for gen3 arborist | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | +| partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `nil` | Security context to apply to the pod | | postgres | map | `{"database":null,"dbCreate":null,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -66,6 +72,7 @@ A Helm chart for gen3 arborist | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -75,6 +82,7 @@ A Helm chart for gen3 arborist | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context to apply to the container | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/arborist/templates/_helpers.tpl b/helm/arborist/templates/_helpers.tpl index db6153b5..2aed27dc 100644 --- a/helm/arborist/templates/_helpers.tpl +++ b/helm/arborist/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "arborist.labels" -}} -helm.sh/chart: {{ include "arborist.chart" . }} -{{ include "arborist.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "arborist.selectorLabels" -}} -app.kubernetes.io/name: {{ include "arborist.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index 5c7d900d..3fb7963e 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: arborist-deployment labels: {{- include "arborist.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,6 +22,9 @@ spec: {{- end }} labels: {{- include "arborist.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -68,6 +74,9 @@ spec: # run arborist /go/src/github.com/uc-cdis/arborist/bin/arborist env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- toYaml .Values.env | nindent 12 }} - name: PGPASSWORD valueFrom: @@ -123,4 +132,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index db83200b..00e4f3b0 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -186,3 +186,24 @@ env: # -- (string) The URL of the JSON Web Key Set (JWKS) endpoint for authentication - name: JWKS_ENDPOINT value: "http://fence-service/.well-known/jwks" + + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Authentication" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 6ca1354a..aa987bed 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6d9b04d9..50a2a174 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,9 +1,15 @@ # argo-wrapper -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -20,16 +26,25 @@ A Helm chart for gen3 Argo Wrapper Service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | -| dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | environment | string | `"default"` | Environment name. | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/argo-wrapper"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | indexdAdminUser | string | `"fence"` | Admin user for Indexd. | | internalS3Bucket | string | `"argo-internal-bucket"` | Name of the internal Argo bucket for Argo artifacts (does not allow pre-signed URLs). | +| partOf | string | `"Apps-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"argo-wrapper"}` | Annotations to add to the pod. | | pvc | string | `"test-pvc"` | PVC for Argo. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":"100m","memory":"128Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":"100m","memory":"128Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -38,6 +53,7 @@ A Helm chart for gen3 Argo Wrapper Service | revisionHistoryLimit | int | `2` | Number of old revisions to retain | | s3Bucket | string | `"argo-artifact-downloadable"` | S3 bucket name for Argo artifacts (allows pre-signed URLs). | | scalingGroups | list | `[{"user1":"workflow1"},{"user2":"workflow2"},{"user3":"workflow3"}]` | The workflow scaling groups to be used by Argo. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":8000,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `8000` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/argo-wrapper/templates/_helpers.tpl b/helm/argo-wrapper/templates/_helpers.tpl index 01c2e9d2..cd6c98ae 100644 --- a/helm/argo-wrapper/templates/_helpers.tpl +++ b/helm/argo-wrapper/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "argo-wrapper.labels" -}} -helm.sh/chart: {{ include "argo-wrapper.chart" . }} -{{ include "argo-wrapper.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "argo-wrapper.selectorLabels" -}} -app.kubernetes.io/name: {{ include "argo-wrapper.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "argo-wrapper.name" . }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -71,15 +76,4 @@ Define environment {{- else}} {{- .Values.environment }} {{- end }} -{{- end }} - -{{/* -Define ddEnabled -*/}} -{{- define "argo-wrapper.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index 49c068b0..7dfc6e21 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "argo-wrapper.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -23,16 +26,13 @@ spec: template: metadata: labels: + {{- include "argo-wrapper.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' - {{- if eq (include "argo-wrapper.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "argo-wrapper" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "argo-wrapper.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -61,4 +61,8 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} \ No newline at end of file + {{- toYaml .Values.resources | nindent 12 }} + env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} \ No newline at end of file diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index b8ed7154..c8556be0 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -2,8 +2,14 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Deployment +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false +# Deployment # -- (map) Annotations to add to the pod. podAnnotations: {"gen3.io/network-ingress": "argo-wrapper"} @@ -35,11 +41,6 @@ strategy: # -- (int) Maximum amount of pods that can be unavailable during the update. maxUnavailable: 0 -# -- (bool) Whether Datadog is enabled. -dataDog: - enabled: false - env: dev - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -117,3 +118,23 @@ indexdAdminUser: "fence" environment: "default" # -- (string) PVC for Argo. pvc: "test-pvc" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Apps-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 4b2666b1..80179bc2 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 4f35337d..e6abb806 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -30,6 +30,11 @@ A Helm chart for Kubernetes | autoscaling.maxReplicas | int | `4` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | | global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -62,15 +67,9 @@ A Helm chart for Kubernetes | imagePullSecrets | list | `[]` | Docker image pull secrets. | | initEnv | list | `{}` | Volumes to attach to the init container. | | initVolumeMounts | list | `[]` | Volumes to mount to the init container. | -| labels | map | `{"app":"audit","authprovider":"yes","netnolimit":"yes","public":"yes","release":"production","tags.datadoghq.com/service":"audit","userhelper":"yes"}` | Labels to add to the pod. | -| labels.app | string | `"audit"` | Application name. | -| labels.authprovider | string | `"yes"` | Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. | -| labels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | -| labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | -| labels.release | string | `"production"` | Release name. | -| labels.userhelper | string | `"yes"` | Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes | | nameOverride | string | `""` | Override the name of the chart. This can be used to provide a unique name for a chart | | nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"Logging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context for the pod | | postgres | map | `{"database":null,"dbCreate":null,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -83,6 +82,7 @@ A Helm chart for Kubernetes | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -92,6 +92,7 @@ A Helm chart for Kubernetes | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context for the containers in the pod | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | server.AWS_CREDENTIALS | map | `{}` | AWS credentials to access SQS queue. | | server.debug | bool | `false` | Whether to enable or disable debug mode. | | server.pull_from_queue | bool | `false` | Whether to pull logs from sqs queue. | diff --git a/helm/audit/templates/_helpers.tpl b/helm/audit/templates/_helpers.tpl index 65a9c211..e255d758 100644 --- a/helm/audit/templates/_helpers.tpl +++ b/helm/audit/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "audit.labels" -}} -helm.sh/chart: {{ include "audit.chart" . }} -{{ include "audit.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "audit.selectorLabels" -}} -app.kubernetes.io/name: {{ include "audit.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index 68fa5186..6d4db6f6 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: audit-deployment labels: {{- include "audit.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -18,7 +21,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "audit.labels" . | nindent 8 }} + {{- include "audit.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "audit.serviceAccountName" . }} volumes: @@ -50,6 +56,9 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: DB_HOST valueFrom: secretKeyRef: diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index be4928de..3e151813 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -165,22 +165,6 @@ nodeSelector: {} # -- (list) Tolerations for the pods tolerations: [] -# -- (map) Labels to add to the pod. -labels: - # -- (string) Application name. - app: audit - # -- (string) Release name. - release: production - # -- (string) Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. - authprovider: "yes" - # -- (string) Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs - netnolimit: "yes" - # -- (string) Grants ingress from the revproxy service for pods labeled with public=yes - public: "yes" - # -- (string) Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes - userhelper: "yes" - tags.datadoghq.com/service: "audit" - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -250,3 +234,23 @@ api: # -- (bool) Whether to return usernames in query responses and allow querying by username. QUERY_USERNAMES: true + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Logging" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index d4f84358..6fa7b7f6 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 93cd8902..a3f2a4fe 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,9 +1,15 @@ # aws-es-proxy -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -14,13 +20,23 @@ A Helm chart for AWS ES Proxy Service for gen3 | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/aws-es-proxy"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `nil` | Annotations to add to the pod | | ports | list | `[{"containerPort":9200}]` | List of container ports | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"memory":"2Gi"},"requests":{"cpu":0.1,"memory":"250Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | @@ -32,6 +48,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | | secrets.awsAccessKeyId | str | `""` | AWS access key ID | | secrets.awsSecretAccessKey | str | `""` | AWS secret access key | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":9200,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `9200` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/aws-es-proxy/templates/_helpers.tpl b/helm/aws-es-proxy/templates/_helpers.tpl index e33789e2..ed5de17a 100644 --- a/helm/aws-es-proxy/templates/_helpers.tpl +++ b/helm/aws-es-proxy/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "aws-es-proxy.labels" -}} -helm.sh/chart: {{ include "aws-es-proxy.chart" . }} -{{ include "aws-es-proxy.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "aws-es-proxy.selectorLabels" -}} -app.kubernetes.io/name: {{ include "aws-es-proxy.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ "esproxy" }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index 40f2085e..3c74d70e 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "aws-es-proxy.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -25,6 +28,9 @@ spec: labels: {{- include "aws-es-proxy.selectorLabels" . | nindent 8 }} netvpc: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.volumes }} @@ -40,6 +46,9 @@ spec: {{- toYaml . | nindent 12}} {{- end }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: ES_ENDPOINT value: {{ .Values.esEndpoint }} {{- with .Values.volumeMounts }} diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 1cb7d633..2e28d856 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -1,3 +1,14 @@ +# Default values for aws-es-proxy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + # -- (map) Annotations to add to the pod podAnnotations: @@ -84,3 +95,23 @@ secrets: awsAccessKeyId: "" # -- (str) AWS secret access key awsSecretAccessKey: "" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Explorer-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index ec8b6df8..793d5770 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index a17efc00..cdddaf74 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_datadog_setup.tpl b/helm/common/templates/_datadog_setup.tpl new file mode 100644 index 00000000..4775e833 --- /dev/null +++ b/helm/common/templates/_datadog_setup.tpl @@ -0,0 +1,35 @@ +{{/* + Datadog Labels and Environment variables that will be inserted into the deployment.yaml of any chart the sets ddEnabled to "true". + Will use the parent chart's name and versionn as well as the values "environment", "datadogLogsInjection", "datadogProfilingEnabled", and "datadogTraceSampleRate" defined in the values.yaml file. +*/}} + +{{- define "common.datadogLabels" -}} +tags.datadoghq.com/env: {{ .Values.global.environment }} +tags.datadoghq.com/service: {{ .Chart.Name }} +tags.datadoghq.com/version: {{ .Chart.Version }} +{{- end }} + +{{- define "common.datadogEnvVar" -}} +- name: DD_ENV + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/env'] +- name: DD_SERVICE + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/service'] +- name: DD_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.labels['tags.datadoghq.com/version'] +- name: DD_LOGS_INJECTION + value: {{ .Values.datadogLogsInjection | quote }} +- name: DD_PROFILING_ENABLED + value: {{ .Values.datadogProfilingEnabled | quote }} +- name: DD_TRACE_SAMPLE_RATE + value: {{ .Values.datadogTraceSampleRate | quote }} +- name: DD_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP +{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_labels_setup.tpl b/helm/common/templates/_labels_setup.tpl new file mode 100644 index 00000000..b6ba3eb8 --- /dev/null +++ b/helm/common/templates/_labels_setup.tpl @@ -0,0 +1,37 @@ +{{/* + Gen3 Chart Labels + Will use the parent chart's chart, release, and version as well as the values "release", "criticalService", and "partOf" defined in the values.yaml file. + These values can be completely overwritten with the "selectorLabels" and "commonLabels" provided in the parent chart's values.yaml file. + "selectorLabels" are mainly used for the matchLabels and pod labels in the deployment. + "commonLabels" are mainly used for the deployment's labels. +*/}} + +{{- define "common.commonLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.Version }} +app.kubernetes.io/part-of: {{ .Values.partOf }} +app.kubernetes.io/managed-by: "Helm" +app: {{ .Chart.Name }} +{{- if eq .Values.criticalService "true"}} +critical-service: "true" +{{- else }} +critical-service: "false" +{{- end }} +{{- if eq .Values.release "production"}} +release: "production" +{{- else }} +release: "dev" +{{- end }} +{{- end }} + +{{- define "common.selectorLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }} +app.kubernetes.io/instance: {{ .Release.Name }} +app: {{ .Chart.Name }} +{{- if eq .Values.release "production"}} +release: "production" +{{- else }} +release: "dev" +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index be600b52..63155bdb 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 6355ffa0..f6e98911 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,9 +1,15 @@ # dicom-server -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -13,10 +19,20 @@ A Helm chart for gen3 Dicom Server | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/gen3-orthanc"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| partOf | string | `"Imaging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | secrets | map | `{"authenticationEnabled":false,"dataBase":"postgres","enableIndex":true,"enableStorage":true,"host":"postgres-postgresql.postgres.svc.cluster.local","indexConnectionsCount":5,"lock":false,"password":"postgres","port":"5432","userName":"postgres"}` | Secret information | | secrets.authenticationEnabled | bool | `false` | Whether or not the password protection is enabled. | @@ -29,6 +45,7 @@ A Helm chart for gen3 Dicom Server | secrets.password | string | `"postgres"` | Password for Postgres. | | secrets.port | string | `"5432"` | Port for Postgres. | | secrets.userName | string | `"postgres"` | Username for postgres. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"targetport":8042}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.targetport | int | `8042` | The port on the host machine that traffic is directed to. | diff --git a/helm/dicom-server/templates/_helpers.tpl b/helm/dicom-server/templates/_helpers.tpl index 2bfab706..0ad87443 100644 --- a/helm/dicom-server/templates/_helpers.tpl +++ b/helm/dicom-server/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "dicom-server.labels" -}} -helm.sh/chart: {{ include "dicom-server.chart" . }} -{{ include "dicom-server.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "dicom-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "dicom-server.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: "dicom-server" +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/dicom-server/templates/deployment.yaml b/helm/dicom-server/templates/deployment.yaml index 73758607..d7090ab9 100644 --- a/helm/dicom-server/templates/deployment.yaml +++ b/helm/dicom-server/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "dicom-server.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -21,8 +24,10 @@ spec: metadata: labels: {{- include "dicom-server.selectorLabels" . | nindent 8 }} - release: "production" public: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -48,6 +53,10 @@ spec: timeoutSeconds: 30 ports: - containerPort: 8042 + env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index a5538cf1..80e84a68 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -2,6 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + # Deployment # -- (map) Configuration for autoscaling the number of replicas @@ -70,3 +77,23 @@ secrets: indexConnectionsCount: 5 # -- (bool) Whether to lock the database. lock: false + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Imaging" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index c178bd8c..4f3fc523 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 5c7e1f26..bcf867d8 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,9 +1,15 @@ # dicom-viewer -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -13,11 +19,22 @@ A Helm chart for gen3 Dicom Viewer | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ohif-viewer","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ohif-viewer"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| partOf | string | `"Imaging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/dicom-viewer/templates/_helpers.tpl b/helm/dicom-viewer/templates/_helpers.tpl index a47308cd..7bbc396e 100644 --- a/helm/dicom-viewer/templates/_helpers.tpl +++ b/helm/dicom-viewer/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "dicom-viewer.labels" -}} -helm.sh/chart: {{ include "dicom-viewer.chart" . }} -{{ include "dicom-viewer.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "dicom-viewer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "dicom-viewer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: "dicom-viewer" +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/dicom-viewer/templates/deployment.yaml b/helm/dicom-viewer/templates/deployment.yaml index 9e1c2657..a34e4089 100644 --- a/helm/dicom-viewer/templates/deployment.yaml +++ b/helm/dicom-viewer/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "dicom-viewer.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -15,14 +18,15 @@ spec: selector: matchLabels: {{- include "dicom-viewer.selectorLabels" . | nindent 6 }} - release: "production" public: "yes" template: metadata: labels: {{- include "dicom-viewer.selectorLabels" . | nindent 8 }} - release: "production" public: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: containers: - name: "dicom-viewer" @@ -44,6 +48,10 @@ spec: timeoutSeconds: 30 ports: - containerPort: 80 + env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 8711a165..935d86aa 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -2,6 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + # Deployment # -- (map) Configuration for autoscaling the number of replicas @@ -34,3 +41,23 @@ service: type: ClusterIP # -- (int) The port number that the service exposes. port: 80 + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Imaging" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/elasticsearch/Chart.yaml b/helm/elasticsearch/Chart.yaml index 94905e42..42e76886 100644 --- a/helm/elasticsearch/Chart.yaml +++ b/helm/elasticsearch/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.16.0" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md index 06627db3..23fb2d76 100644 --- a/helm/elasticsearch/README.md +++ b/helm/elasticsearch/README.md @@ -1,9 +1,15 @@ # elasticsearch -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart for Kubernetes +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -13,7 +19,15 @@ A Helm chart for Kubernetes | autoscaling.maxReplicas | int | `100` | | | autoscaling.minReplicas | int | `1` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"quay.io/cdis/elasticsearch"` | | | image.tag | string | `"feat_es_dockerfile"` | | @@ -27,14 +41,17 @@ A Helm chart for Kubernetes | ingress.tls | list | `[]` | | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | +| partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | | | resources.limits.cpu | string | `"500m"` | | | resources.limits.memory | string | `"750Mi"` | | | resources.requests.cpu | string | `"500m"` | | | resources.requests.memory | string | `"750Mi"` | | | securityContext | object | `{}` | | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service.port | int | `9200` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | | diff --git a/helm/elasticsearch/templates/_helpers.tpl b/helm/elasticsearch/templates/_helpers.tpl index 4e828574..5c2c702e 100644 --- a/helm/elasticsearch/templates/_helpers.tpl +++ b/helm/elasticsearch/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "elasticsearch.labels" -}} -helm.sh/chart: {{ include "elasticsearch.chart" . }} -{{ include "elasticsearch.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "elasticsearch.selectorLabels" -}} -app.kubernetes.io/name: {{ include "elasticsearch.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/elasticsearch/templates/deployment.yaml b/helm/elasticsearch/templates/deployment.yaml index d1481dc7..03e9a84b 100644 --- a/helm/elasticsearch/templates/deployment.yaml +++ b/helm/elasticsearch/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: elasticsearch-deployment labels: {{- include "elasticsearch.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,6 +22,9 @@ spec: {{- end }} labels: {{- include "elasticsearch.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -34,6 +40,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: ES_JAVA_OPTS value: "-Xms300m -Xmx300m" ports: diff --git a/helm/elasticsearch/values.yaml b/helm/elasticsearch/values.yaml index d4cf8526..2f06d61e 100644 --- a/helm/elasticsearch/values.yaml +++ b/helm/elasticsearch/values.yaml @@ -2,6 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + replicaCount: 1 image: @@ -76,3 +83,23 @@ nodeSelector: {} tolerations: [] affinity: {} + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Explorer-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index f9b57743..3baa4523 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index b666ae2b..208c62af 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -83,7 +83,12 @@ A Helm chart for gen3 Fence | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | | autoscaling.targetMemoryUtilizationPercentage | int | `80` | Target Memory utilization percentage | -| env | list | `[{"name":"DD_ENABLED","valueFrom":{"configMapKeyRef":{"key":"dd_enabled","name":"manifest-global","optional":true}}},{"name":"DD_ENV","valueFrom":{"fieldRef":{"fieldPath":"metadata.labels['tags.datadoghq.com/env']"}}},{"name":"DD_SERVICE","valueFrom":{"fieldRef":{"fieldPath":"metadata.labels['tags.datadoghq.com/service']"}}},{"name":"DD_VERSION","valueFrom":{"fieldRef":{"fieldPath":"metadata.labels['tags.datadoghq.com/version']"}}},{"name":"DD_LOGS_INJECTION","value":"true"},{"name":"DD_PROFILING_ENABLED","value":"true"},{"name":"DD_TRACE_SAMPLE_RATE","value":"1"},{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"}]` | Environment variables to pass to the container | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | @@ -114,16 +119,15 @@ A Helm chart for gen3 Fence | imagePullSecrets | list | `[]` | Docker image pull secrets. | | initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the init container. | | initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | -| labels | map | `{"app":"fence","authprovider":"yes","netnolimit":"yes","public":"yes","release":"production","tags.datadoghq.com/env":"anvilstaging","tags.datadoghq.com/service":"fence","tags.datadoghq.com/version":2021.12,"userhelper":"yes"}` | Labels to add to the pod. | -| labels.app | string | `"fence"` | Application name. | +| labels | map | `{"authprovider":"yes","netnolimit":"yes","public":"yes","userhelper":"yes"}` | Labels to add to the pod. | | labels.authprovider | string | `"yes"` | Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. | | labels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | | labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | -| labels.release | string | `"production"` | Release name. | | labels.userhelper | string | `"yes"` | Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes | | logo | string | `nil` | | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{"fsGroup":101}` | Security context for the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -137,6 +141,7 @@ A Helm chart for gen3 Fence | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | | privacy_policy | string | `nil` | | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | @@ -146,7 +151,7 @@ A Helm chart for gen3 Fence | resources.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.requests.memory | string | `"128Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context for the containers in the pod | -| selectorLabels | map | `{"app":"fence","release":"production"}` | Labels to use for selecting the deployment. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/fence/templates/_helpers.tpl b/helm/fence/templates/_helpers.tpl index 1eeaac06..71ded456 100644 --- a/helm/fence/templates/_helpers.tpl +++ b/helm/fence/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "fence.labels" -}} -helm.sh/chart: {{ include "fence.chart" . }} -{{ include "fence.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "fence.selectorLabels" -}} -app.kubernetes.io/name: {{ include "fence.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 7df97d02..f940689b 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -4,6 +4,9 @@ metadata: name: fence-deployment labels: {{- include "fence.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -18,7 +21,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "fence.labels" . | nindent 8 }} + {{- include "fence.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ include "fence.serviceAccountName" . }} volumes: @@ -61,6 +67,9 @@ spec: fi bash /fence/dockerrun.bash && if [[ -f /dockerrun.sh ]]; then bash /dockerrun.sh; fi env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- toYaml .Values.env | nindent 12 }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index d64e189a..fdcde0d6 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -168,10 +168,6 @@ tolerations: [] # -- (map) Labels to add to the pod. labels: - # -- (string) Application name. - app: fence - # -- (string) Release name. - release: production # -- (string) Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. authprovider: "yes" # -- (string) Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs @@ -180,9 +176,6 @@ labels: public: "yes" # -- (string) Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes userhelper: "yes" - tags.datadoghq.com/service: "fence" - tags.datadoghq.com/env: anvilstaging - tags.datadoghq.com/version: 2021.12 # -- (map) Affinity to use for the deployment. affinity: @@ -206,30 +199,6 @@ affinity: # -- (list) Environment variables to pass to the container env: - - name: DD_ENABLED - valueFrom: - configMapKeyRef: - name: manifest-global - key: dd_enabled - optional: true - - name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] - - name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] - - name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] - - name: DD_LOGS_INJECTION - value: "true" - - name: DD_PROFILING_ENABLED - value: "true" - - name: DD_TRACE_SAMPLE_RATE - value: "1" - name: GEN3_UWSGI_TIMEOUT valueFrom: configMapKeyRef: @@ -433,10 +402,25 @@ initEnv: key: fence-config-public.yaml optional: true -# -- (map) Labels to use for selecting the deployment. +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Authentication" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl selectorLabels: - app: fence - release: production +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 logo: privacy_policy: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 7db78746..335748fd 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,88 +5,88 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.4" + version: "0.1.5" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.5" + version: "0.1.6" repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: "0.1.1" + version: "0.1.2" repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.5" + version: "0.1.6" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: "0.1.3" + version: "0.1.4" repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: "0.1.4" + version: "0.1.5" repository: file://../common - name: fence - version: "0.1.5" + version: "0.1.6" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.4" + version: "0.1.5" repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: "0.1.3" + version: "0.1.4" repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.5" + version: "0.1.6" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.4" + version: "0.1.7" repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.5" + version: "0.1.6" repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.6" + version: "0.1.7" repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.4" + version: "0.1.5" repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.3" + version: "0.1.4" repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.5" + version: "0.1.6" repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.5" + version: "0.1.6" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.6" + version: "0.1.7" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.2" + version: "0.1.3" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.1.6" + version: "0.1.7" repository: "file://../wts" condition: wts.enabled - name: elasticsearch - version: "0.1.2" + version: "0.1.3" repository: "file://../elasticsearch" condition: global.dev - name: postgresql @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bdd7d2ba..94e501a4 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,27 +18,27 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.4 | -| file://../arborist | arborist | 0.1.5 | -| file://../argo-wrapper | argo-wrapper | 0.1.1 | -| file://../audit | audit | 0.1.5 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.3 | -| file://../common | common | 0.1.4 | -| file://../elasticsearch | elasticsearch | 0.1.2 | -| file://../fence | fence | 0.1.5 | -| file://../guppy | guppy | 0.1.4 | -| file://../hatchery | hatchery | 0.1.3 | -| file://../indexd | indexd | 0.1.5 | -| file://../manifestservice | manifestservice | 0.1.4 | -| file://../metadata | metadata | 0.1.5 | -| file://../peregrine | peregrine | 0.1.6 | -| file://../pidgin | pidgin | 0.1.4 | -| file://../portal | portal | 0.1.3 | -| file://../requestor | requestor | 0.1.5 | -| file://../revproxy | revproxy | 0.1.5 | -| file://../sheepdog | sheepdog | 0.1.6 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.2 | -| file://../wts | wts | 0.1.6 | +| file://../ambassador | ambassador | 0.1.5 | +| file://../arborist | arborist | 0.1.6 | +| file://../argo-wrapper | argo-wrapper | 0.1.2 | +| file://../audit | audit | 0.1.6 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.4 | +| file://../common | common | 0.1.5 | +| file://../elasticsearch | elasticsearch | 0.1.3 | +| file://../fence | fence | 0.1.6 | +| file://../guppy | guppy | 0.1.5 | +| file://../hatchery | hatchery | 0.1.4 | +| file://../indexd | indexd | 0.1.6 | +| file://../manifestservice | manifestservice | 0.1.7 | +| file://../metadata | metadata | 0.1.6 | +| file://../peregrine | peregrine | 0.1.7 | +| file://../pidgin | pidgin | 0.1.5 | +| file://../portal | portal | 0.1.4 | +| file://../requestor | requestor | 0.1.6 | +| file://../revproxy | revproxy | 0.1.6 | +| file://../sheepdog | sheepdog | 0.1.7 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.3 | +| file://../wts | wts | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 10954c1c..7f388241 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 80a58e00..f7123f08 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | ## Values @@ -29,8 +29,13 @@ A Helm chart for gen3 Guppy Service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | configIndex | string | `"dev_case-array-config"` | The Elasticsearch configuration index | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dbRestore | bool | `true` | Whether or not to restore elasticsearch indices from a snapshot in s3 | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | @@ -67,6 +72,8 @@ A Helm chart for gen3 Guppy Service | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | indices | list | `[{"index":"dev_case","type":"case"},{"index":"dev_file","type":"file"}]` | Elasticsearch index configurations | +| partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.1,"memory":"500Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | @@ -79,6 +86,7 @@ A Helm chart for gen3 Guppy Service | secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | AWS credentials to access the db restore job S3 bucket | | secrets.awsAccessKeyId | string | `nil` | AWS access key. | | secrets.awsSecretAccessKey | string | `nil` | AWS secret access key. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":8000}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":8000}]` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/guppy/templates/_helpers.tpl b/helm/guppy/templates/_helpers.tpl index 82776b04..07a93c57 100644 --- a/helm/guppy/templates/_helpers.tpl +++ b/helm/guppy/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "guppy.labels" -}} -helm.sh/chart: {{ include "guppy.chart" . }} -{{ include "guppy.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "guppy.selectorLabels" -}} -app.kubernetes.io/name: {{ include "guppy.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "guppy.name" . }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -71,15 +76,4 @@ Define tierAccessLevel {{- else}} {{- .Values.tierAccessLevel }} {{- end }} -{{- end }} - -{{/* -Define ddEnabled -*/}} -{{- define "guppy.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index 32ee6abf..b811aad9 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: guppy-deployment + labels: + {{- include "guppy.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -17,16 +22,13 @@ spec: template: metadata: labels: + {{- include "guppy.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' - {{- if eq (include "guppy.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "guppy" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "guppy.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -55,6 +57,9 @@ spec: ports: - containerPort: 8000 env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: GUPPY_PORT value: "8000" - name: GUPPY_CONFIG_FILEPATH diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 2d9cc8bf..3614b7f7 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -200,3 +200,23 @@ encryptWhitelist: test1 # -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 dbRestore: true + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Explorer-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index e8d1031a..4516342d 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index fa3b7dff..21848cbf 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,9 +1,15 @@ # hatchery -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -14,6 +20,11 @@ A Helm chart for gen3 Hatchery | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -58,6 +69,8 @@ A Helm chart for gen3 Hatchery | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | +| partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -66,6 +79,7 @@ A Helm chart for gen3 Hatchery | resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/hatchery/templates/_helpers.tpl b/helm/hatchery/templates/_helpers.tpl index 7ea986c8..03655ba2 100644 --- a/helm/hatchery/templates/_helpers.tpl +++ b/helm/hatchery/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "hatchery.labels" -}} -helm.sh/chart: {{ include "hatchery.chart" . }} -{{ include "hatchery.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "hatchery.selectorLabels" -}} -app.kubernetes.io/name: {{ include "hatchery.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index 40d02752..4e9401e2 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: hatchery-deployment labels: {{- include "hatchery.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,6 +22,9 @@ spec: {{- end }} labels: {{- include "hatchery.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -50,6 +56,9 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- toYaml .Values.env | nindent 12 }} - name: GEN3_ENDPOINT value: {{ .Values.global.hostname }} diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index b1712608..7a903871 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -201,3 +201,23 @@ hatchery: fs-gid: 100 user-volume-location: "/home/jovyan/pd" gen3-volume-location: "/home/jovyan/.gen3" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Workspace-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 8f254b7c..1124e04b 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 77e31e61..3c2037c9 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -20,6 +20,11 @@ A Helm chart for gen3 indexd | autoscaling.maxReplicas | int | `100` | Maximum number of replicas | | autoscaling.minReplicas | int | `1` | Minimum number of replicas | | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -56,6 +61,7 @@ A Helm chart for gen3 indexd | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"S3-GS"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context for the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -68,6 +74,7 @@ A Helm chart for gen3 indexd | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -78,6 +85,7 @@ A Helm chart for gen3 indexd | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | secrets | map | `{"userdb":{"fence":"test","gateway":null,"gdcapi":null}}` | Values for indexd secret. | | securityContext | map | `{}` | Security context for the containers in the pod | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | @@ -86,8 +94,9 @@ A Helm chart for gen3 indexd | serviceAccount.create | bool | `false` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account | | tolerations | list | `[]` | Tolerations for the pods | +| uwsgi | map | `{"listen":1024}` | Values for overriding uwsgi settings | | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | -| volumes | list | `[{"name":"config-volume","secret":{"secretName":"indexd-settings"}},{"name":"creds-volume","secret":{"secretName":"indexd-creds"}}]` | Volumes to attach to the pod | +| volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}},{"name":"creds-volume","secret":{"secretName":"indexd-creds"}}]` | Volumes to attach to the pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/templates/_helpers.tpl b/helm/indexd/templates/_helpers.tpl index dcb848be..301661dc 100644 --- a/helm/indexd/templates/_helpers.tpl +++ b/helm/indexd/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "indexd.labels" -}} -helm.sh/chart: {{ include "indexd.chart" . }} -{{ include "indexd.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "indexd.selectorLabels" -}} -app.kubernetes.io/name: {{ include "indexd.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index 72c89d3f..6189e84b 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: indexd-deployment labels: {{- include "indexd.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,6 +22,9 @@ spec: {{- end }} labels: {{- include "indexd.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -38,6 +44,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: PGHOST valueFrom: secretKeyRef: @@ -70,6 +79,9 @@ spec: optional: false {{- toYaml .Values.env | nindent 12 }} volumeMounts: + - name: "uwsgi-config" + mountPath: "/etc/uwsgi/uwsgi.ini" + subPath: uwsgi.ini - name: "config-volume" readOnly: true mountPath: "/var/www/indexd/local_settings.py" diff --git a/helm/indexd/templates/uwsgi.yaml b/helm/indexd/templates/uwsgi.yaml new file mode 100644 index 00000000..a6eef58c --- /dev/null +++ b/helm/indexd/templates/uwsgi.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: indexd-uwsgi +data: + uwsgi.ini: | + [uwsgi] + protocol = uwsgi + socket = /var/run/gen3/uwsgi.sock + buffer-size = 32768 + uid = nginx + gid = nginx + chown-socket = nginx:nginx + chmod-socket = 666 + master = true + harakiri-verbose = true + # No global HARAKIRI, using only user HARAKIRI, because export overwrites it + # Cannot overwrite global HARAKIRI with user's: https://git.io/fjYuD + # harakiri = 45 + ; If VIRTUAL_ENV is set then use its value to specify the virtualenv directory + if-env = VIRTUAL_ENV + virtualenv = %(_) + endif = + http-timeout = 45 + socket-timeout = 45 + worker-reload-mercy = 45 + reload-mercy = 45 + mule-reload-mercy = 45 + disable-logging = true + wsgi-file=/indexd/wsgi.py + plugins = python3 + vacuum = true + pythonpath = /indexd/ + stats = 127.0.0.1:9191 + stats-http = true + env = prometheus_multiproc_dir=/var/tmp/uwsgi_flask_metrics + exec-asap = /indexd/clear_prometheus_multiproc /var/tmp/uwsgi_flask_metrics + # Initialize application in worker processes, not master. This prevents the + # workers from all trying to open the same database connections at startup. + lazy = true + lazy-apps = true + listen = {{ .Values.uwsgi.listen }} diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index a9375380..3dcec5c4 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -175,6 +175,9 @@ affinity: {} # -- (list) Volumes to attach to the pod volumes: +- name: uwsgi-config + configMap: + name: indexd-uwsgi - name: config-volume secret: secretName: "indexd-settings" @@ -200,3 +203,27 @@ secrets: fence: test gdcapi: gateway: + +# -- (map) Values for overriding uwsgi settings +uwsgi: + listen: 1024 + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "S3-GS" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 00803ba1..88fe4a6a 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index a3440139..cf53da5f 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,9 +1,15 @@ # manifestservice -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -21,16 +27,22 @@ A Helm chart for Kubernetes | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| labels | map | `{"public":"yes","s3":"yes","userhelper":"yes"}` | Labels to use for the deployment | -| labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | -| labels.s3 | string | `"yes"` | Grants egress to AWS S3 addresses for pods labeled with s3=yes - note that the networkpolicy-s3 grants permissions to a superset of ip addresses that includes S3 | -| labels.userhelper | string | `"yes"` | Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes | +| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | manifestserviceG3auto | map | `{"awsaccesskey":"","awssecretkey":"","bucketName":"testbucket","hostname":"testinstall","prefix":"test"}` | Values for manifestservice secret. | | manifestserviceG3auto.awsaccesskey | string | `""` | AWS access key. | | manifestserviceG3auto.awssecretkey | string | `""` | AWS secret access key. | | manifestserviceG3auto.bucketName | string | `"testbucket"` | Bucket for the manifestservice to read and write to. | | manifestserviceG3auto.prefix | string | `"test"` | Directory name to use within the s3 bucket. | +| partOf | string | `"Workspace-tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | @@ -39,8 +51,7 @@ A Helm chart for Kubernetes | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| selectorLabels.app | string | `"manifestservice"` | | -| selectorLabels.release | string | `"production"` | | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/manifestservice/templates/_helpers.tpl b/helm/manifestservice/templates/_helpers.tpl index c790a343..d0d72644 100644 --- a/helm/manifestservice/templates/_helpers.tpl +++ b/helm/manifestservice/templates/_helpers.tpl @@ -30,24 +30,29 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{/* Common labels */}} {{- define "manifestservice.labels" -}} -helm.sh/chart: {{ include "manifestservice.chart" . }} -{{ include "manifestservice.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "manifestservice.selectorLabels" -}} -app.kubernetes.io/name: {{ include "manifestservice.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 37bfc450..47220350 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: manifestservice-deployment + labels: + {{- include "manifestservice.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -11,11 +16,14 @@ spec: {{- toYaml .Values.strategy | nindent 8 }} template: metadata: - {{- with .Values.labels }} labels: - {{- toYaml . | nindent 8 }} - {{- end }} {{- include "manifestservice.selectorLabels" . | nindent 8 }} + s3: "yes" + public: "yes" + userhelper: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -30,6 +38,9 @@ spec: image: "quay.io/cdis/manifestservice:2022.09" imagePullPolicy: Always env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- toYaml .Values.env | nindent 12 }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 54b36ac2..07072329 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -2,9 +2,12 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -selectorLabels: - app: manifestservice - release: production +# -- (map) Global configuration options. +global: + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (bool) Whether Datadog is enabled. + ddEnabled: false # -- (int) Number of old revisions to retain revisionHistoryLimit: 2 @@ -46,15 +49,6 @@ strategy: # -- (int) Maximum amount of pods that can be unavailable during the update. maxUnavailable: 0 -# -- (map) Labels to use for the deployment -labels: - # -- (string) Grants egress to AWS S3 addresses for pods labeled with s3=yes - note that the networkpolicy-s3 grants permissions to a superset of ip addresses that includes S3 - s3: "yes" - # -- (string) Grants ingress from the revproxy service for pods labeled with public=yes - public: "yes" - # -- (string) Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes - userhelper: "yes" - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -128,3 +122,23 @@ manifestserviceG3auto: awsaccesskey: "" # -- (string) AWS secret access key. awssecretkey: "" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Workspace-tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 8ab843a3..eccff7be 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 51cb1f55..2e7920b7 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -31,7 +31,11 @@ A Helm chart for gen3 Metadata Service | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | command | list | `["/bin/sh"]` | Command to run for the init container. | -| dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -71,6 +75,7 @@ A Helm chart for gen3 Metadata Service | initResources.limits.cpu | string | `0.8` | The maximum amount of CPU the container can use | | initResources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | | initVolumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"}]` | Volumes to mount to the init container. | +| partOf | string | `"Discovery-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | | postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate | @@ -81,7 +86,7 @@ A Helm chart for gen3 Metadata Service | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | -| releaseLabel | string | `"production"` | | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -91,6 +96,7 @@ A Helm chart for gen3 Metadata Service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80}]` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/metadata/templates/_helpers.tpl b/helm/metadata/templates/_helpers.tpl index 8e99ad6d..f8424983 100644 --- a/helm/metadata/templates/_helpers.tpl +++ b/helm/metadata/templates/_helpers.tpl @@ -30,26 +30,29 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} -{{/* Common labels */}} {{- define "metadata.labels" -}} -helm.sh/chart: {{ include "metadata.chart" . }} -{{ include "metadata.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "metadata.selectorLabels" -}} -app.kubernetes.io/name: {{ include "metadata.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "metadata.name" . }} -release: {{ .Values.releaseLabel }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -74,14 +77,3 @@ Create the name of the service account to use {{- default .Values.postgres.password }} {{- end }} {{- end }} - -{{/* -Define ddEnabled -*/}} -{{- define "metadata.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index 18dbef8b..ba6c0378 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: metadata-deployment + labels: + {{- include "metadata.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -17,17 +22,14 @@ spec: template: metadata: labels: + {{- include "metadata.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' userhelper: 'yes' - {{- if eq (include "metadata.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "guppy" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "metadata.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -50,6 +52,9 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: GEN3_DEBUG value: "False" - name: GEN3_ES_ENDPOINT diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index adfecfc0..b6908840 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -84,9 +84,6 @@ postgresql: # -- (bool) Option to persist the dbs data. enabled: false -# Deployment -releaseLabel: "production" - # -- (map) Configuration for autoscaling the number of replicas autoscaling: # -- (bool) Whether autoscaling is enabled @@ -113,11 +110,6 @@ strategy: # -- (int) Maximum amount of pods that can be unavailable during the update. maxUnavailable: 0 -# -- (bool) Whether Datadog is enabled. -dataDog: - enabled: false - env: dev - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -236,3 +228,23 @@ service: port: 80 targetPort: 80 name: http + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Discovery-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 1755a4b6..0248452a 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index b12469ed..1169b107 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -22,6 +22,11 @@ A Helm chart for gen3 Peregrine service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -57,6 +62,7 @@ A Helm chart for gen3 Peregrine service | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context for the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -68,6 +74,7 @@ A Helm chart for gen3 Peregrine service | postgres.separate | string | `false` | Will create a Database for the individual service to help with developing it. | | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -77,6 +84,7 @@ A Helm chart for gen3 Peregrine service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context for the containers in the pod | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/peregrine/templates/_helpers.tpl b/helm/peregrine/templates/_helpers.tpl index 1f786d38..1674a02f 100644 --- a/helm/peregrine/templates/_helpers.tpl +++ b/helm/peregrine/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "peregrine.labels" -}} -helm.sh/chart: {{ include "peregrine.chart" . }} -{{ include "peregrine.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "peregrine.selectorLabels" -}} -app.kubernetes.io/name: {{ include "peregrine.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index 378f016d..561df45c 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: peregrine-deployment labels: {{- include "peregrine.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,6 +22,9 @@ spec: {{- end }} labels: {{- include "peregrine.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -38,6 +44,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: FENCE_DB_USER valueFrom: secretKeyRef: diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 1c5bf907..b68f5225 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -187,3 +187,23 @@ volumes: # -- (list) Volumes to mount to the container. volumeMounts: + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Core-Service" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index be4d4801..afdb15e8 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,8 +23,7 @@ version: 0.1.4 # It is recommended to use it with quotes. appVersion: "master" - dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 87cfce4e..501e2132 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | ## Values @@ -27,7 +27,12 @@ A Helm chart for gen3 Pidgin Service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -58,6 +63,7 @@ A Helm chart for gen3 Pidgin Service | image.pullPolicy | string | `"Always"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/pidgin"` | The Docker image repository for the fence service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| partOf | string | `"Peregrine"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | | postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate | @@ -65,9 +71,11 @@ A Helm chart for gen3 Pidgin Service | postgres.password | string | `nil` | Password for Postgres. Will be autogenerated if left empty. | | postgres.port | string | `"5432"` | Port for Postgres. | | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `nil` | Resource requests and limits for the containers in the pod | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` | The port numbers that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/pidgin/templates/_helpers.tpl b/helm/pidgin/templates/_helpers.tpl index 388e3197..9a3571d9 100644 --- a/helm/pidgin/templates/_helpers.tpl +++ b/helm/pidgin/templates/_helpers.tpl @@ -34,21 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "pidgin.labels" -}} -helm.sh/chart: {{ include "pidgin.chart" . }} -{{ include "pidgin.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "pidgin.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pidgin.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "pidgin.name" . }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -61,14 +66,3 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} - -{{/* -Define ddEnabled -*/}} -{{- define "pidgin.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/pidgin/templates/deployment.yaml b/helm/pidgin/templates/deployment.yaml index 19209962..90d52d48 100644 --- a/helm/pidgin/templates/deployment.yaml +++ b/helm/pidgin/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: pidgin-deployment + labels: + {{- include "pidgin.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -17,16 +22,13 @@ spec: template: metadata: labels: + {{- include "pidgin.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' - {{- if eq (include "pidgin.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "pidgin" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "pidgin.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -36,7 +38,10 @@ spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - env: + env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: GEN3_DEBUG value: "False" livenessProbe: diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index 95e1eb84..68128e1c 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -158,3 +158,23 @@ service: port: 443 targetPort: 443 name: https + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Peregrine" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 3e53cffc..da06718d 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index ef590451..86a24d21 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,9 +1,15 @@ # portal -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -21,6 +27,11 @@ A Helm chart for gen3 data-portal | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | | gitops.createdby | string | `"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg=="` | - createdby.png - base64 | @@ -60,14 +71,13 @@ A Helm chart for gen3 data-portal | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | -| labels | map | `{"app":"portal","public":"yes"}` | Labels for the portal service. | -| labels.app | string | `"portal"` | The application name. | -| labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | +| partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context to apply to the pod | | portalApp | string | `"gitops"` | | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"memory":"4096Mi"},"requests":{"cpu":2,"memory":"4096Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"memory":"4096Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -77,7 +87,7 @@ A Helm chart for gen3 data-portal | resources.requests.memory | string | `"4096Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | | securityContext | map | `{}` | Security context to apply to the container | -| selectorLabels | map | `{"app":"portal"}` | Labels to use for selecting the deployment. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/portal/templates/_helpers.tpl b/helm/portal/templates/_helpers.tpl index c9d82c78..391aa496 100644 --- a/helm/portal/templates/_helpers.tpl +++ b/helm/portal/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "portal.labels" -}} -helm.sh/chart: {{ include "portal.chart" . }} -{{ include "portal.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "portal.selectorLabels" -}} -app.kubernetes.io/name: {{ include "portal.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 9229eda4..08bb11bc 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: portal-deployment + labels: + {{- include "portal.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -16,7 +21,11 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "portal.labels" . | nindent 8 }} + {{- include "portal.selectorLabels" . | nindent 8 }} + public: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -61,6 +70,9 @@ spec: # - /bin/bash # - ./dockerStart.sh env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: HOSTNAME value: revproxy-service # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index f7a9d4d2..9589a406 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -128,10 +128,6 @@ nodeSelector: {} # -- (list) Tolerations to apply to the pod tolerations: [] -# -- (map) Labels to use for selecting the deployment. -selectorLabels: - app: portal - # -- (int) Number of old revisions to retain revisionHistoryLimit: 2 @@ -144,13 +140,6 @@ strategy: # -- (int) Maximum amount of pods that can be unavailable during the update. maxUnavailable: 25% -# -- (map) Labels for the portal service. -labels: - # -- (string) The application name. - app: portal - # -- (string) Grants ingress from the revproxy service for pods labeled with public=yes - public: "yes" - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -187,6 +176,26 @@ resources: # -- (string) The maximum amount of memory the container can use memory: 4096Mi +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Front-End" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 + portalApp: "gitops" # -- (map) GitOps configuration for portal diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 10573f1a..5a1ae21e 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 2106030f..46496f4a 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -31,7 +31,11 @@ A Helm chart for gen3 Requestor Service | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | command | list | `["/bin/sh"]` | Command to run for the init container. | -| dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -68,6 +72,7 @@ A Helm chart for gen3 Requestor Service | initResources.limits | map | `{"cpu":0.8,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | initResources.limits.cpu | string | `0.8` | The maximum amount of CPU the container can use | | initResources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | +| partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | | postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate | @@ -78,6 +83,7 @@ A Helm chart for gen3 Requestor Service | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | releaseLabel | string | `"production"` | | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | @@ -88,6 +94,7 @@ A Helm chart for gen3 Requestor Service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80}]` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/requestor/templates/_helpers.tpl b/helm/requestor/templates/_helpers.tpl index 36ae7f51..899b723c 100644 --- a/helm/requestor/templates/_helpers.tpl +++ b/helm/requestor/templates/_helpers.tpl @@ -34,22 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "requestor.labels" -}} -helm.sh/chart: {{ include "requestor.chart" . }} -{{ include "requestor.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "requestor.selectorLabels" -}} -app.kubernetes.io/name: {{ include "requestor.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "requestor.name" . }} -release: {{ .Values.releaseLabel }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -63,17 +67,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* -Define ddEnabled -*/}} -{{- define "requestor.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} -{{- end }} - {{/* Postgres Password lookup */}} diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 3e52124b..24876c59 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -2,6 +2,11 @@ apiVersion: apps/v1 kind: Deployment metadata: name: requestor-deployment + labels: + {{- include "requestor.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -17,17 +22,14 @@ spec: template: metadata: labels: + {{- include "requestor.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' dbrequestor: 'yes' - {{- if eq (include "requestor.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "requestor" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "requestor.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -107,6 +109,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: DB_PORT value: "5432" - name: DB_HOST diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 9d2697f1..2da68dbe 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -113,11 +113,6 @@ strategy: # -- (int) Maximum amount of pods that can be unavailable during the update. maxUnavailable: 0 -# -- (bool) Whether Datadog is enabled. -dataDog: - enabled: false - env: dev - # -- (map) Affinity to use for the deployment. affinity: podAntiAffinity: @@ -206,3 +201,23 @@ service: port: 80 targetPort: 80 name: http + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Authentication" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index d2ab3af6..3c8d674b 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index b2a380e2..18af8bbb 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,9 +1,15 @@ # revproxy -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -14,6 +20,11 @@ A Helm chart for gen3 revproxy | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | @@ -55,6 +66,7 @@ A Helm chart for gen3 revproxy | ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | +| partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod. | | podSecurityContext | map | `{}` | Pod-level security context. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -64,6 +76,7 @@ A Helm chart for gen3 revproxy | postgres.password | string | `nil` | Password for Postgres. Will be autogenerated if left empty. | | postgres.port | string | `"5432"` | Port for Postgres. | | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -75,6 +88,7 @@ A Helm chart for gen3 revproxy | revisionHistoryLimit | int | `2` | Number of old revisions to retain | | revproxyElb | map | `{"gen3SecretsFolder":"Gen3Secrets","sslCert":"","targetPortHTTP":80,"targetPortHTTPS":443}` | Configuration for depricated revproxy service ELB. | | securityContext | map | `{}` | Container-level security context. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"NodePort"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"NodePort"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/revproxy/templates/_helpers.tpl b/helm/revproxy/templates/_helpers.tpl index 2019b5ad..24011557 100644 --- a/helm/revproxy/templates/_helpers.tpl +++ b/helm/revproxy/templates/_helpers.tpl @@ -34,10 +34,12 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "revproxy.labels" -}} -helm.sh/chart: {{ include "revproxy.chart" . }} -{{ include "revproxy.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} {{- end }} @@ -45,10 +47,13 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} Selector labels */}} {{- define "revproxy.selectorLabels" -}} -app.kubernetes.io/name: {{ include "revproxy.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: revproxy -#GEN3_DATE_LABEL +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 3294cac2..043b4e7a 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: revproxy-deployment labels: {{- include "revproxy.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} annotations: gen3.io/network-ingress: "portal,sowerjob" spec: @@ -26,6 +29,9 @@ spec: {{- end }} labels: {{- include "revproxy.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} {{- if .Values.userhelperEnabled }} userhelper: "yes" {{- end}} @@ -77,6 +83,9 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: POD_NAMESPACE valueFrom: fieldRef: diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 8c206519..2686908d 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -210,3 +210,23 @@ revproxyElb: targetPortHTTP: 80 gen3SecretsFolder: Gen3Secrets + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Front-End" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 8e13a69a..7a192521 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 5e76e8f3..c78bb9ab 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -30,7 +30,12 @@ A Helm chart for gen3 Sheepdog Service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -65,6 +70,7 @@ A Helm chart for gen3 Sheepdog Service | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | | image.tag | string | `"helm-test"` | Overrides the image tag whose default is the chart appVersion. | | indexdUrl | string | `"http://indexd-service"` | URL for the indexd service | +| partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"sheepdog"}` | Annotations to add to the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | @@ -76,6 +82,7 @@ A Helm chart for gen3 Sheepdog Service | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | releaseLabel | string | `"production"` | | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.3,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | @@ -100,6 +107,7 @@ A Helm chart for gen3 Sheepdog Service | secrets.sheepdog.host | string | `"postgres-postgresql.postgres.svc.cluster.local"` | Host for sheepdog's db. | | secrets.sheepdog.password | string | `"postgres"` | Password to sheepdog's db. | | secrets.sheepdog.user | string | `"postgres"` | User for sheepdog's db. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/sheepdog/templates/_helpers.tpl b/helm/sheepdog/templates/_helpers.tpl index e98750a2..1c935c37 100644 --- a/helm/sheepdog/templates/_helpers.tpl +++ b/helm/sheepdog/templates/_helpers.tpl @@ -34,22 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "sheepdog.labels" -}} -helm.sh/chart: {{ include "sheepdog.chart" . }} -{{ include "sheepdog.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "sheepdog.selectorLabels" -}} -app.kubernetes.io/name: {{ include "sheepdog.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app: {{ include "sheepdog.name" . }} -release: {{ .Values.releaseLabel }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* @@ -87,17 +91,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* -Define ddEnabled -*/}} -{{- define "sheepdog.ddEnabled" -}} -{{- if .Values.global }} -{{- .Values.global.ddEnabled }} -{{- else}} -{{- .Values.dataDog.enabled }} -{{- end }} -{{- end }} - {{/* Define dictionaryUrl */}} diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index a7035eed..1ecf872e 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- end }} labels: {{- include "sheepdog.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -23,17 +26,14 @@ spec: template: metadata: labels: + {{- include "sheepdog.selectorLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' s3: 'yes' - {{- if eq (include "sheepdog.ddEnabled" . ) "true" }} - tags.datadoghq.com/service: "sheepdog" - # TODO: move this to helpers so we can have this populated from a configmap - tags.datadoghq.com/env: {{ .Values.dataDog.env }} - tags.datadoghq.com/version: {{ .Values.image.tag | default .Chart.AppVersion }} - {{- end }} - {{- include "sheepdog.selectorLabels" . | nindent 8 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -51,6 +51,9 @@ spec: - name: sheepdog-init image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} - name: DICTIONARY_URL value: {{ .Values.dictionaryUrl }} - name: PGHOST diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index e8914320..837877a2 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -227,3 +227,23 @@ secrets: indexd: # -- (string) Password to indexd's db. password: postgres + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Core-Service" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 4f471ede..31393ee3 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,10 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "master" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 1c631f51..68b9b140 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,9 +1,15 @@ # ssjdispatcher -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + ## Values | Key | Type | Default | Description | @@ -23,6 +29,11 @@ A Helm chart for gen3 ssjdispatcher | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | | awsRegion | string | `"us-east-1"` | AWS region to be used. | | awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | @@ -59,14 +70,13 @@ A Helm chart for gen3 ssjdispatcher | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | indexing | string | `"707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/indexs3client:2022.08"` | Image to use for the "indexing" job. | -| labels | map | `{"netnolimit":"yes","public":"yes"}` | Labels for the ssjdispatcher service. | -| labels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | -| labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podSecurityContext | map | `{"fsGroup":1000,"runAsUser":1000}` | Security context to apply to the pod | | podSecurityContext.fsGroup | int | `1000` | Group that Kubernetes will change the permissions of all files in volumes to when volumes are mounted by a pod. | | podSecurityContext.runAsUser | int | `1000` | User that all the processes will run under in the container. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"2400Mi"},"requests":{"cpu":0.1,"memory":"128Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"2400Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -76,7 +86,7 @@ A Helm chart for gen3 ssjdispatcher | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"128Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context for the containers in the pod | -| selectorLabels | map | `{"app":"ssjdispatcher","release":"production"}` | Labels to use for selecting the deployment. | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | diff --git a/helm/ssjdispatcher/templates/_helpers.tpl b/helm/ssjdispatcher/templates/_helpers.tpl index 2fbe0deb..c7ffa9d8 100644 --- a/helm/ssjdispatcher/templates/_helpers.tpl +++ b/helm/ssjdispatcher/templates/_helpers.tpl @@ -34,20 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "ssjdispatcher.labels" -}} -helm.sh/chart: {{ include "ssjdispatcher.chart" . }} -{{ include "ssjdispatcher.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "ssjdispatcher.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ssjdispatcher.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index f9c8baba..6d05a1ac 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -2,24 +2,27 @@ apiVersion: apps/v1 kind: Deployment metadata: name: ssjdispatcher + labels: + {{- include "ssjdispatcher.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} spec: selector: - {{- with .Values.selectorLabels }} matchLabels: - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} revisionHistoryLimit: 2 strategy: {{- toYaml .Values.strategy | nindent 8 }} template: metadata: - {{- with .Values.labels }} labels: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.selectorLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} + netnolimit: "yes" + public: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -38,6 +41,9 @@ spec: volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} {{- with .Values.awsRegion }} - name: AWS_REGION value: {{ . }} diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index d9b1c165..0c0b1e2f 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -112,18 +112,6 @@ nodeSelector: {} # -- (list) Tolerations for the pods tolerations: [] -# -- (map) Labels to use for selecting the deployment. -selectorLabels: - app: ssjdispatcher - release: production - -# -- (map) Labels for the ssjdispatcher service. -labels: - # -- (string) Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs - netnolimit: "yes" - # -- (string) Grants ingress from the revproxy service for pods labeled with public=yes - public: "yes" - # -- (map) Security context to apply to the pod podSecurityContext: # -- (int) User that all the processes will run under in the container. @@ -235,3 +223,23 @@ serviceAccount: # -- (string) The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "ssjdispatcher-service-account" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Workspace-Tab" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index a728a368..23f8f74b 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.4 + version: 0.1.5 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index e1511ce5..ea514c1e 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.4 | +| file://../common | common | 0.1.5 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -21,6 +21,11 @@ A Helm chart for gen3 workspace token service | autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | | autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | @@ -59,12 +64,8 @@ A Helm chart for gen3 workspace token service | nodeSelector | map | `{}` | Node Selector for the pods | | oidc_client_id | string | `nil` | Id for the OIDC client. | | oidc_client_secret | string | `nil` | Secret for the OIDC client. | +| partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod. | -| podLabels | map | `{"netnolimit":"yes","public":"yes","release":"production","tags.datadoghq.com/service":"token-service","userhelper":"yes"}` | Labels to add to the pod. | -| podLabels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | -| podLabels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | -| podLabels.release | string | `"production"` | Release name. | -| podLabels.userhelper | string | `"yes"` | Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes | | podSecurityContext | map | `{}` | Security context for the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | @@ -75,7 +76,7 @@ A Helm chart for gen3 workspace token service | postgres.separate | string | `false` | Will create a Database for the individual service to help with developing it. | | postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | -| release | string | `"production"` | Release name. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":0.5,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":0.5,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -87,6 +88,7 @@ A Helm chart for gen3 workspace token service | roleName | string | `"workspace-token-service"` | Name of the role to be used for the role binding. | | secrets | map | `{"external_oidc":null}` | Values for wts secret. | | securityContext | map | `{}` | Security context for the containers in the pod | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"httpPort":80,"httpsPort":443,"type":"ClusterIP"}` | Configuration for the service | | service.httpPort | int | `80` | Port on which the service is exposed | | service.httpsPort | int | `443` | Secure port on which the service is exposed | diff --git a/helm/wts/templates/_helpers.tpl b/helm/wts/templates/_helpers.tpl index d13a9fca..f8cebb83 100644 --- a/helm/wts/templates/_helpers.tpl +++ b/helm/wts/templates/_helpers.tpl @@ -34,19 +34,26 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "wts.labels" -}} -helm.sh/chart: {{ include "wts.chart" . }} -{{ include "wts.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} {{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} {{- define "wts.selectorLabels" -}} -app: wts +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} {{- end }} {{/* diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 8d76f320..db04380a 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: wts-deployment labels: {{- include "wts.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} annotations: gen3.io/network-ingress: "mariner" spec: @@ -26,11 +29,14 @@ spec: annotations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.podLabels }} labels: {{- include "wts.selectorLabels" . | nindent 8 }} - {{- toYaml . | nindent 8 }} - {{- end }} + public: "yes" + netnolimit: "yes" + userhelper: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} spec: affinity: podAntiAffinity: @@ -78,6 +84,9 @@ spec: path: /_status port: 80 env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 11 }} + {{- end }} - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 1caa019a..c8d554da 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -121,18 +121,6 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -# -- (map) Labels to add to the pod. -podLabels: - # -- (string) Release name. - release: production - # -- (string) Grants ingress from the revproxy service for pods labeled with public=yes - public: "yes" - # -- (string) Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs - netnolimit: "yes" - # -- (string) Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes - userhelper: "yes" - tags.datadoghq.com/service: "token-service" - # -- (map) Annotations to add to the pod. podAnnotations: {} @@ -196,8 +184,6 @@ affinity: {} # -- (string) Name of the role to be used for the role binding. roleName: workspace-token-service -# -- (string) Release name. -release: production # -- (map) Values for wts secret. secrets: @@ -229,3 +215,23 @@ secrets: # "db_passwurd": "WTS_DB_PWD.REPLACE", # "db_database": "wts_default" # } + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Authentication" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 From a8e44f110e5655dc55a06cbbf344ced5af0f3199 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 5 Apr 2023 16:39:51 -0500 Subject: [PATCH 002/279] update ff --- .secrets.baseline | 8 +- helm/frontend-framework/Chart.yaml | 29 +++ helm/frontend-framework/README.md | 97 +++++++++ helm/frontend-framework/templates/NOTES.txt | 1 + .../templates/deployment.yaml | 99 +++++++++ .../frontend-framework/templates/service.yaml | 21 ++ .../templates/serviceaccount.yaml | 12 ++ helm/frontend-framework/values.yaml | 197 ++++++++++++++++++ helm/gen3/Chart.yaml | 8 +- helm/gen3/README.md | 7 +- helm/gen3/values.yaml | 11 + 11 files changed, 482 insertions(+), 8 deletions(-) create mode 100644 helm/frontend-framework/Chart.yaml create mode 100644 helm/frontend-framework/README.md create mode 100644 helm/frontend-framework/templates/NOTES.txt create mode 100644 helm/frontend-framework/templates/deployment.yaml create mode 100644 helm/frontend-framework/templates/service.yaml create mode 100644 helm/frontend-framework/templates/serviceaccount.yaml create mode 100644 helm/frontend-framework/values.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 5efb33af..9abe4cb2 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-03-29T21:20:01Z", + "generated_at": "2023-04-05T21:22:44Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -294,21 +294,21 @@ "hashed_secret": "4caa5dcab48a481e96f4352e45459c0ecd6f3cf7", "is_secret": false, "is_verified": false, - "line_number": 76, + "line_number": 77, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 89, + "line_number": 90, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 91, + "line_number": 92, "type": "Secret Keyword" } ], diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml new file mode 100644 index 00000000..5c92d545 --- /dev/null +++ b/helm/frontend-framework/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: frontend-framework +description: A Helm chart for the gen3 frontend framework + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.5 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "PXP-10877" + +dependencies: +- name: common + version: 0.1.5 + repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md new file mode 100644 index 00000000..1f789b5f --- /dev/null +++ b/helm/frontend-framework/README.md @@ -0,0 +1,97 @@ +# frontend-framework + +![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) + +A Helm chart for the gen3 frontend framework + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.5 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["frontend-framework"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["frontend-framework"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0] | int | `{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["frontend-framework"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}` | Weight value for preferred scheduling. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0] | list | `{"key":"app","operator":"In","values":["frontend-framework"]}` | Label key for match expression. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator | string | `"In"` | Operation type for the match expression. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["frontend-framework"]` | Value for the match expression key. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | +| automountServiceAccountToken | bool | `false` | Automount the default service account token | +| autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | +| autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | +| autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | +| autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| fullnameOverride | string | `""` | Override the full name of the deployment. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.dev | bool | `true` | Whether the deployment is for development purposes. | +| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | +| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.hostname | string | `"localhost"` | Hostname for the deployment. | +| global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | +| global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.portalApp | string | `"gitops"` | Portal application name. | +| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | +| global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | +| global.postgres.master.host | string | `nil` | hostname of postgres server | +| global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | +| global.postgres.master.port | string | `"5432"` | Port for Postgres. | +| global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | +| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | +| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | +| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/frontend-framework","tag":"PXP-10877"}` | Docker image information. | +| image.pullPolicy | string | `"Always"` | Docker pull policy. | +| image.repository | string | `"quay.io/cdis/frontend-framework"` | Docker repository. | +| image.tag | string | `"PXP-10877"` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Docker image pull secrets. | +| nameOverride | string | `""` | Override the name of the chart. | +| nodeSelector | map | `{}` | Node selector to apply to the pod | +| partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| podAnnotations | map | `{}` | Annotations to add to the pod | +| podSecurityContext | map | `{}` | Security context to apply to the pod | +| release | string | `"dev"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | +| replicaCount | int | `1` | Number of replicas for the deployment. | +| resources | map | `{"limits":{"memory":"4096Mi"},"requests":{"cpu":1,"memory":"4096Mi"}}` | Resource requests and limits for the containers in the pod | +| resources.limits | map | `{"memory":"4096Mi"}` | The maximum amount of resources that the container is allowed to use | +| resources.limits.memory | string | `"4096Mi"` | The maximum amount of memory the container can use | +| resources.requests | map | `{"cpu":1,"memory":"4096Mi"}` | The amount of resources that the container requests | +| resources.requests.cpu | string | `1` | The amount of CPU requested | +| resources.requests.memory | string | `"4096Mi"` | The amount of memory requested | +| revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| securityContext | map | `{}` | Security context to apply to the container | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | +| service | map | `{"port":3000,"type":"ClusterIP"}` | Kubernetes service information. | +| service.port | int | `3000` | The port number that the service exposes. | +| service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | +| serviceAccount | map | `{"annotations":{},"create":true,"name":""}` | Service account to use or create. | +| serviceAccount.annotations | map | `{}` | Annotations to add to the service account. | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| strategy | map | `{"rollingUpdate":{"maxSurge":2,"maxUnavailable":"25%"},"type":"RollingUpdate"}` | Rolling update deployment strategy | +| strategy.rollingUpdate.maxSurge | int | `2` | Number of additional replicas to add during rollout. | +| strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | +| tolerations | list | `[]` | Tolerations to apply to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/frontend-framework/templates/NOTES.txt b/helm/frontend-framework/templates/NOTES.txt new file mode 100644 index 00000000..c1e7e1ae --- /dev/null +++ b/helm/frontend-framework/templates/NOTES.txt @@ -0,0 +1 @@ +{{ .Chart.Name }} has been deployed successfully. diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml new file mode 100644 index 00000000..36664405 --- /dev/null +++ b/helm/frontend-framework/templates/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend-framework-deployment + labels: + {{- include "frontend-framework.labels" . | nindent 4 }} + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "frontend-framework.selectorLabels" . | nindent 6 }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.strategy | nindent 8 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "frontend-framework.selectorLabels" . | nindent 8 }} + public: "yes" + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogLabels" . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken}} + containers: + - name: frontend-framework + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # livenessProbe: + # httpGet: + # path: / + # port: 80 + # initialDelaySeconds: 60 + # periodSeconds: 30 + # timeoutSeconds: 30 + # failureThreshold: 30 + readinessProbe: + httpGet: + path: /ff + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 30 + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - containerPort: 3000 + # command: + # - /bin/bash + # - ./dockerStart.sh + env: + {{- if .Values.global.ddEnabled }} + {{- include "common.datadogEnvVar" . | nindent 12 }} + {{- end }} + - name: HOSTNAME + value: revproxy-service + - name: BASE_PATH + value: /ff + # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up + # see https://github.com/npm/cli/issues/3163 + - name: NPM_CONFIG_UPDATE_NOTIFIER + value: "false" + - name: NODE_ENV + value: "production" + - name: APP + value: {{ .Values.frontendFrameworkApp | quote }} + - name: GEN3_BUNDLE + # optional: true + value: "" +#needed to be adjusted to use the gen3 umbrella chart or local var ^ +#adding a var in helpers.tpl for later- Elise + {{- with .Values.datadogApplicationId }} + - name: DATADOG_APPLICATION_ID + # Optional client token for Datadog + value: {{ . }} + {{- end }} + {{- with .Values.datadogClientToken }} + - name: DATADOG_CLIENT_TOKEN + # Optional client token for Datadog + value: {{ . }} + {{- end }} + {{- with .Values.dataUploadBucket }} + - name: DATA_UPLOAD_BUCKET + value: {{ . }} + {{- end }} + # S3 bucket name for data upload, for setting up CSP + #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| + # - name: BASENAME + diff --git a/helm/frontend-framework/templates/service.yaml b/helm/frontend-framework/templates/service.yaml new file mode 100644 index 00000000..cb6bd2ba --- /dev/null +++ b/helm/frontend-framework/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: frontend-framework-service + labels: + {{- include "frontend-framework.labels" . | nindent 4 }} +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 3000 + name: http + nodePort: null + - protocol: TCP + port: 443 + targetPort: 3000 + name: https + nodePort: null + type: ClusterIP + selector: + {{- include "frontend-framework.selectorLabels" . | nindent 4 }} diff --git a/helm/frontend-framework/templates/serviceaccount.yaml b/helm/frontend-framework/templates/serviceaccount.yaml new file mode 100644 index 00000000..5357e89e --- /dev/null +++ b/helm/frontend-framework/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "frontend-framework.serviceAccountName" . }} + labels: + {{- include "frontend-framework.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml new file mode 100644 index 00000000..6779e0be --- /dev/null +++ b/helm/frontend-framework/values.yaml @@ -0,0 +1,197 @@ +# Default values for frontend-framework. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +# -- (map) Global configuration options. +global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: + # -- (bool) Whether the deployment is for development purposes. + dev: true + # -- (map) Postgres database configuration. + postgres: + # -- (bool) Whether the database should be created. + dbCreate: true + # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres + master: + # -- (string) hostname of postgres server + host: + # -- (string) username of superuser in postgres. This is used to create or restore databases + username: postgres + # -- (string) password for superuser in postgres. This is used to create or restore databases + password: + # -- (string) Port for Postgres. + port: "5432" + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (string) Hostname for the deployment. + hostname: localhost + # -- (string) ARN of the reverse proxy certificate. + revproxyArn: arn:aws:acm:us-east-1:123456:certificate + # -- (string) URL of the data dictionary. + dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json + # -- (string) Portal application name. + portalApp: gitops + # -- (string) S3 bucket name for Kubernetes manifest files. + kubeBucket: kube-gen3 + # -- (string) S3 bucket name for log files. + logsBucket: logs-gen3 + # -- (bool) Whether to sync data from dbGaP. + syncFromDbgap: false + # -- (string) Path to the user.yaml file in S3. + userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + # -- (bool) Whether public datasets are enabled. + publicDataSets: true + # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. + tierAccessLevel: libre + # -- (bool) Whether network policies are enabled. + netPolicy: true + # -- (int) Number of dispatcher jobs. + dispatcherJobNum: 10 + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + +# -- (int) Number of replicas for the deployment. +replicaCount: 1 + +# -- (map) Docker image information. +image: + # -- (string) Docker repository. + repository: quay.io/cdis/frontend-framework + # -- (string) Docker pull policy. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "PXP-10877" + +# -- (list) Docker image pull secrets. +imagePullSecrets: [] + +# -- (string) Override the name of the chart. +nameOverride: "" + +# -- (string) Override the full name of the deployment. +fullnameOverride: "" + +# -- (map) Service account to use or create. +serviceAccount: + # -- (bool) Specifies whether a service account should be created. + create: true + # -- (map) Annotations to add to the service account. + annotations: {} + # -- (string) The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- (map) Annotations to add to the pod +podAnnotations: {} + +# -- (map) Security context to apply to the pod +podSecurityContext: {} + # fsGroup: 2000 + +# -- (map) Security context to apply to the container +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# -- (map) Kubernetes service information. +service: + # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". + type: ClusterIP + # -- (int) The port number that the service exposes. + port: 3000 + +# -- (map) Configuration for autoscaling the number of replicas +autoscaling: + # -- (bool) Whether autoscaling is enabled + enabled: false + # -- (int) The minimum number of replicas to scale down to + minReplicas: 1 + # -- (int) The maximum number of replicas to scale up to + maxReplicas: 100 + # -- (int) The target CPU utilization percentage for autoscaling + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# -- (map) Node selector to apply to the pod +nodeSelector: {} + +# -- (list) Tolerations to apply to the pod +tolerations: [] + +# -- (int) Number of old revisions to retain +revisionHistoryLimit: 2 + +# -- (map) Rolling update deployment strategy +strategy: + type: RollingUpdate + rollingUpdate: + # -- (int) Number of additional replicas to add during rollout. + maxSurge: 2 + # -- (int) Maximum amount of pods that can be unavailable during the update. + maxUnavailable: 25% + +# -- (map) Affinity to use for the deployment. +affinity: + podAntiAffinity: + # -- (map) Option for scheduling to be required or preferred. + preferredDuringSchedulingIgnoredDuringExecution: + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - frontend-framework + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" + +# -- (bool) Automount the default service account token +automountServiceAccountToken: false + +# -- (map) Resource requests and limits for the containers in the pod +resources: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 1.0 + # -- (string) The amount of memory requested + memory: 4096Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of memory the container can use + memory: 4096Mi + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "dev" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "true" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Front-End" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: + +# Values to configure datadog if ddEnabled is set to "true". +# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. +datadogLogsInjection: true +# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. +datadogProfilingEnabled: true +# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. +datadogTraceSampleRate: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 335748fd..32e634d0 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -27,6 +27,10 @@ dependencies: - name: common version: "0.1.5" repository: file://../common +- name: frontend-framework + version: "0.0.5" + repository: "file://../frontend-framework" + condition: frontend-framework.enabled - name: fence version: "0.1.6" repository: "file://../fence" @@ -83,8 +87,6 @@ dependencies: version: "0.1.7" repository: "file://../wts" condition: wts.enabled - - - name: elasticsearch version: "0.1.3" repository: "file://../elasticsearch" @@ -107,7 +109,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 94e501a4..e45b9025 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -26,6 +26,7 @@ Helm chart to deploy Gen3 Data Commons | file://../common | common | 0.1.5 | | file://../elasticsearch | elasticsearch | 0.1.3 | | file://../fence | fence | 0.1.6 | +| file://../frontend-framework | frontend-framework | 0.0.5 | | file://../guppy | guppy | 0.1.5 | | file://../hatchery | hatchery | 0.1.4 | | file://../indexd | indexd | 0.1.6 | @@ -72,6 +73,10 @@ Helm chart to deploy Gen3 Data Commons | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | +| frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | +| frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | +| frontend-framework.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index ae8164e6..61af5cb0 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -129,6 +129,17 @@ fence: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: + # -- (map) Configurations for frontend-framework chart. +frontend-framework: + # -- (bool) Whether to deploy the frontend-framework subchart. + enabled: true + # -- (map) Docker image information. + image: + # -- (string) The Docker image repository for the guppy service. + repository: + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: + # -- (map) Configurations for guppy chart. guppy: # -- (bool) Whether to deploy the guppy subchart. From 9933b8ce1801217fb12f29b9c4f2222aa1fdef20 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 5 Apr 2023 16:40:09 -0500 Subject: [PATCH 003/279] update secrets --- .secrets.baseline | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 9abe4cb2..c5b1ab05 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-04-05T21:22:44Z", + "generated_at": "2023-04-05T21:39:32Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -294,21 +294,21 @@ "hashed_secret": "4caa5dcab48a481e96f4352e45459c0ecd6f3cf7", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 81, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 90, + "line_number": 94, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 92, + "line_number": 96, "type": "Secret Keyword" } ], From 5d8d021bf8eabb18631c399151bcee0db4c06e1f Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 5 Apr 2023 17:44:45 -0500 Subject: [PATCH 004/279] fix error --- .../frontend-framework/templates/_helpers.tpl | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 helm/frontend-framework/templates/_helpers.tpl diff --git a/helm/frontend-framework/templates/_helpers.tpl b/helm/frontend-framework/templates/_helpers.tpl new file mode 100644 index 00000000..851e1655 --- /dev/null +++ b/helm/frontend-framework/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "frontend-framework.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "frontend-framework.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "frontend-framework.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "frontend-framework.labels" -}} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "frontend-framework.selectorLabels" -}} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "frontend-framework.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "frontend-framework.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define tierAccessLevel +*/}} +{{- define "frontend-framework.tierAccessLevel" -}} +{{- if .Values.global }} +{{- .Values.global.tierAccessLevel }} +{{- else}} +{{- .Values.tierAccessLevel }} +{{- end }} +{{- end }} \ No newline at end of file From 44efa6134cc23f26a044a952a2ca090ae5cb84dc Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Thu, 6 Apr 2023 16:58:07 -0500 Subject: [PATCH 005/279] more ff changes --- helm/frontend-framework/README.md | 12 ++++++------ .../templates/deployment.yaml | 18 ++++++++++++++---- helm/frontend-framework/values.yaml | 5 +++-- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 1f789b5f..e274bf26 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -72,12 +72,12 @@ A Helm chart for the gen3 frontend framework | podSecurityContext | map | `{}` | Security context to apply to the pod | | release | string | `"dev"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | -| resources | map | `{"limits":{"memory":"4096Mi"},"requests":{"cpu":1,"memory":"4096Mi"}}` | Resource requests and limits for the containers in the pod | -| resources.limits | map | `{"memory":"4096Mi"}` | The maximum amount of resources that the container is allowed to use | -| resources.limits.memory | string | `"4096Mi"` | The maximum amount of memory the container can use | -| resources.requests | map | `{"cpu":1,"memory":"4096Mi"}` | The amount of resources that the container requests | -| resources.requests.cpu | string | `1` | The amount of CPU requested | -| resources.requests.memory | string | `"4096Mi"` | The amount of memory requested | +| resources | map | `{"limits":{"cpu":0.6,"memory":"4096Mi"},"requests":{"cpu":0.6,"memory":"512Mi"}}` | Resource requests and limits for the containers in the pod | +| resources.limits | map | `{"cpu":0.6,"memory":"4096Mi"}` | The maximum amount of resources that the container is allowed to use | +| resources.limits.cpu | string | `0.6` | The maximum amount of memory the container can use | +| resources.requests | map | `{"cpu":0.6,"memory":"512Mi"}` | The amount of resources that the container requests | +| resources.requests.cpu | string | `0.6` | The amount of CPU requested | +| resources.requests.memory | string | `"512Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | | securityContext | map | `{}` | Security context to apply to the container | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 36664405..e49a1c06 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: # failureThreshold: 30 readinessProbe: httpGet: - path: /ff + path: / port: 3000 initialDelaySeconds: 30 periodSeconds: 60 @@ -55,9 +55,6 @@ spec: {{- toYaml .Values.resources | nindent 12 }} ports: - containerPort: 3000 - # command: - # - /bin/bash - # - ./dockerStart.sh env: {{- if .Values.global.ddEnabled }} {{- include "common.datadogEnvVar" . | nindent 12 }} @@ -96,4 +93,17 @@ spec: # S3 bucket name for data upload, for setting up CSP #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| # - name: BASENAME + volumeMounts: + - name: "cert-volume" + readOnly: true + mountPath: "/mnt/ssl/service.crt" + subPath: "service.crt" + - name: "cert-volume" + readOnly: true + mountPath: "/mnt/ssl/service.key" + subPath: "service.key" + - name: "ca-volume" + readOnly: true + mountPath: "/usr/local/share/ca-certificates/cdis/cdis-ca.crt" + subPath: "ca.pem" diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 6779e0be..e3ec36b4 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -168,12 +168,13 @@ resources: # -- (map) The amount of resources that the container requests requests: # -- (string) The amount of CPU requested - cpu: 1.0 + cpu: 0.6 # -- (string) The amount of memory requested - memory: 4096Mi + memory: 512Mi # -- (map) The maximum amount of resources that the container is allowed to use limits: # -- (string) The maximum amount of memory the container can use + cpu: 0.6 memory: 4096Mi # Values to determine the labels that are used for the deployment, pod, etc. From 54e8b467af7a3d01d699c7d9a873196746c41f33 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 7 Apr 2023 10:26:58 -0500 Subject: [PATCH 006/279] add frontend_root --- helm/gen3/templates/global-manifest.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index bdc3950e..f7f3b17f 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -17,6 +17,7 @@ data: "netpolicy": {{ .Values.global.netPolicy | quote }} "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} "dd_enabled": {{ .Values.global.ddEnabled | quote }} + "frontend_root": {{ .Values.global.frontendRoot | quote }} {{- with .Values.global.origins_allow_credentials }} "origins_allow_credentials": {{ . | toJson | quote }} {{- end -}} \ No newline at end of file From 512e23253e2bbdb35668393fd9418be1bc9a4651 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Fri, 7 Apr 2023 12:58:53 -0500 Subject: [PATCH 007/279] Fix bug in indexd and presigned-url-fence (#114) --- helm/gen3/Chart.yaml | 6 +++--- helm/gen3/README.md | 6 +++--- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 4 ++-- helm/indexd/values.yaml | 2 ++ helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/revproxy/gen3.nginx.conf/fence-service.conf | 4 ++-- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 335748fd..3fee76ce 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -40,7 +40,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.6" + version: "0.1.7" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -68,7 +68,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.6" + version: "0.1.7" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 94e501a4..60b7a097 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -28,14 +28,14 @@ Helm chart to deploy Gen3 Data Commons | file://../fence | fence | 0.1.6 | | file://../guppy | guppy | 0.1.5 | | file://../hatchery | hatchery | 0.1.4 | -| file://../indexd | indexd | 0.1.6 | +| file://../indexd | indexd | 0.1.7 | | file://../manifestservice | manifestservice | 0.1.7 | | file://../metadata | metadata | 0.1.6 | | file://../peregrine | peregrine | 0.1.7 | | file://../pidgin | pidgin | 0.1.5 | | file://../portal | portal | 0.1.4 | | file://../requestor | requestor | 0.1.6 | -| file://../revproxy | revproxy | 0.1.6 | +| file://../revproxy | revproxy | 0.1.7 | | file://../sheepdog | sheepdog | 0.1.7 | | file://../ssjdispatcher | ssjdispatcher | 0.1.3 | | file://../wts | wts | 0.1.7 | diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 1124e04b..a2c51814 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 3c2037c9..ecbe4373 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -25,7 +25,7 @@ A Helm chart for gen3 indexd | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| env | list | `[{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | +| env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 3dcec5c4..34c4ec7b 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -194,6 +194,8 @@ volumeMounts: # -- (list) Environment variables to pass to the container env: + - name: "ARBORIST" + value: "true" - name: "GEN3_DEBUG" value: "False" diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 3c8d674b..566b09b0 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 18af8bbb..abe9c5da 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/revproxy/gen3.nginx.conf/fence-service.conf b/helm/revproxy/gen3.nginx.conf/fence-service.conf index 5a792424..dccbfa83 100644 --- a/helm/revproxy/gen3.nginx.conf/fence-service.conf +++ b/helm/revproxy/gen3.nginx.conf/fence-service.conf @@ -46,8 +46,8 @@ location /user/data/download { return 403 "failed csrf check"; } - set $proxy_service "presigned_url_fence"; - set $upstream http://presigned_url_fence-service$des_domain; + set $proxy_service "presigned-url-fence"; + set $upstream http://presigned-url-fence-service$des_domain; rewrite ^/user/(.*) /$1 break; proxy_pass $upstream; } From 130f39ee09d055f9298ba0b2558c57661a77a4e0 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Sun, 9 Apr 2023 13:38:09 -0500 Subject: [PATCH 008/279] update README --- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 6 ++-- .../templates/deployment.yaml | 29 ++++--------------- .../frontend-framework/templates/service.yaml | 10 +++---- helm/frontend-framework/values.yaml | 2 +- helm/gen3/Chart.yaml | 4 +-- helm/gen3/README.md | 4 +-- 7 files changed, 18 insertions(+), 39 deletions(-) diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 5c92d545..4b57cfd1 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.5 +version: 0.0.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index e274bf26..8a455a85 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.0.5](https://img.shields.io/badge/Version-0.0.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -81,8 +81,8 @@ A Helm chart for the gen3 frontend framework | revisionHistoryLimit | int | `2` | Number of old revisions to retain | | securityContext | map | `{}` | Security context to apply to the container | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | -| service | map | `{"port":3000,"type":"ClusterIP"}` | Kubernetes service information. | -| service.port | int | `3000` | The port number that the service exposes. | +| service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | +| service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | | serviceAccount | map | `{"annotations":{},"create":true,"name":""}` | Service account to use or create. | | serviceAccount.annotations | map | `{}` | Annotations to add to the service account. | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index e49a1c06..97d321e2 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -12,6 +12,7 @@ spec: matchLabels: {{- include "frontend-framework.selectorLabels" . | nindent 6 }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + strategy: {{- toYaml .Values.strategy | nindent 8 }} template: @@ -47,33 +48,26 @@ spec: readinessProbe: httpGet: path: / - port: 3000 + port: 80 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 30 resources: {{- toYaml .Values.resources | nindent 12 }} ports: - - containerPort: 3000 + - containerPort: 80 + name: http + protocol: TCP env: {{- if .Values.global.ddEnabled }} {{- include "common.datadogEnvVar" . | nindent 12 }} {{- end }} - name: HOSTNAME value: revproxy-service - - name: BASE_PATH - value: /ff # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up # see https://github.com/npm/cli/issues/3163 - name: NPM_CONFIG_UPDATE_NOTIFIER value: "false" - - name: NODE_ENV - value: "production" - - name: APP - value: {{ .Values.frontendFrameworkApp | quote }} - - name: GEN3_BUNDLE - # optional: true - value: "" #needed to be adjusted to use the gen3 umbrella chart or local var ^ #adding a var in helpers.tpl for later- Elise {{- with .Values.datadogApplicationId }} @@ -93,17 +87,4 @@ spec: # S3 bucket name for data upload, for setting up CSP #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| # - name: BASENAME - volumeMounts: - - name: "cert-volume" - readOnly: true - mountPath: "/mnt/ssl/service.crt" - subPath: "service.crt" - - name: "cert-volume" - readOnly: true - mountPath: "/mnt/ssl/service.key" - subPath: "service.key" - - name: "ca-volume" - readOnly: true - mountPath: "/usr/local/share/ca-certificates/cdis/cdis-ca.crt" - subPath: "ca.pem" diff --git a/helm/frontend-framework/templates/service.yaml b/helm/frontend-framework/templates/service.yaml index cb6bd2ba..01fa8dd9 100644 --- a/helm/frontend-framework/templates/service.yaml +++ b/helm/frontend-framework/templates/service.yaml @@ -8,14 +8,12 @@ spec: ports: - protocol: TCP port: 80 - targetPort: 3000 + targetPort: 80 name: http - nodePort: null - - protocol: TCP - port: 443 - targetPort: 3000 + - protocol: TCP + port: 443 + targetPort: 80 name: https - nodePort: null type: ClusterIP selector: {{- include "frontend-framework.selectorLabels" . | nindent 4 }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index e3ec36b4..5f101687 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -108,7 +108,7 @@ service: # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". type: ClusterIP # -- (int) The port number that the service exposes. - port: 3000 + port: 80 # -- (map) Configuration for autoscaling the number of replicas autoscaling: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 6962b7d0..bad121a9 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.5" repository: file://../common - name: frontend-framework - version: "0.0.5" + version: "0.0.8" repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence @@ -109,7 +109,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index a9c8a223..dabb5c5b 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -26,7 +26,7 @@ Helm chart to deploy Gen3 Data Commons | file://../common | common | 0.1.5 | | file://../elasticsearch | elasticsearch | 0.1.3 | | file://../fence | fence | 0.1.6 | -| file://../frontend-framework | frontend-framework | 0.0.5 | +| file://../frontend-framework | frontend-framework | 0.0.8 | | file://../guppy | guppy | 0.1.5 | | file://../hatchery | hatchery | 0.1.4 | | file://../indexd | indexd | 0.1.7 | From e19a2b7c0fa998ac75ac327a31f09d89d1fd7bde Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 10 Apr 2023 18:02:33 -0500 Subject: [PATCH 009/279] refactor revproxy portal and frontend-framework nginx config --- .secrets.baseline | 6 +++--- helm/frontend-framework/templates/deployment.yaml | 15 ++++++++++++++- helm/gen3/README.md | 3 ++- helm/gen3/values.yaml | 2 ++ helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/portal/templates/deployment.yaml | 8 ++++++++ helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/revproxy/gen3.nginx.conf/portal-service.conf | 12 ------------ helm/revproxy/templates/configMaps.yaml | 12 ++++++++++++ 11 files changed, 45 insertions(+), 21 deletions(-) delete mode 100644 helm/revproxy/gen3.nginx.conf/portal-service.conf diff --git a/.secrets.baseline b/.secrets.baseline index c5b1ab05..b3657e17 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-04-05T21:39:32Z", + "generated_at": "2023-04-10T23:01:05Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -301,14 +301,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 94, + "line_number": 95, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 97, "type": "Secret Keyword" } ], diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 97d321e2..e42f6671 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} # livenessProbe: # httpGet: - # path: / + # path: /ff # port: 80 # initialDelaySeconds: 60 # periodSeconds: 30 @@ -47,7 +47,13 @@ spec: # failureThreshold: 30 readinessProbe: httpGet: + {{- if eq "portal" .Values.global.frontendRoot }} + path: /ff + {{- else }} path: / + {{- end }} + # name: + # {{ .Values.global.frontendRoot }} port: 80 initialDelaySeconds: 30 periodSeconds: 60 @@ -64,6 +70,13 @@ spec: {{- end }} - name: HOSTNAME value: revproxy-service + {{- if eq "portal" .Values.global.frontendRoot }} + - name: BASE_PATH + value: /ff + {{- else}} + - name: NEXT_PUBLIC_PORTAL_BASENAME + value: /portal + {{- end }} # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up # see https://github.com/npm/cli/issues/3163 - name: NPM_CONFIG_UPDATE_NOTIFIER diff --git a/helm/gen3/README.md b/helm/gen3/README.md index dabb5c5b..3d4059ec 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -77,7 +77,7 @@ Helm chart to deploy Gen3 Data Commons | frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | | frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | | frontend-framework.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","frontendRoot":"gen3ff","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | @@ -85,6 +85,7 @@ Helm chart to deploy Gen3 Data Commons | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.frontendRoot | string | `"gen3ff"` | which frontend to use "portal" or "gen3ff" | | global.gcp | map | `true` | AWS configuration | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 61af5cb0..e12072ea 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -61,6 +61,8 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- which frontend to use "portal" or "gen3ff" + frontendRoot: gen3ff tags: diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index da06718d..b8c5d7aa 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 86a24d21..32576f52 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 08bb11bc..71289d33 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -56,7 +56,11 @@ spec: # failureThreshold: 30 readinessProbe: httpGet: + {{- if eq "portal" .Values.global.frontendRoot }} path: / + {{- else }} + path: /portal + {{- end }} port: 80 initialDelaySeconds: 30 periodSeconds: 60 @@ -170,6 +174,10 @@ spec: {{- with .Values.dataUploadBucket }} - name: DATA_UPLOAD_BUCKET value: {{ . }} + {{- end }} + {{- if eq "portal" .Values.global.frontendRoot }} + - name: BASENAME + value: /portal {{- end }} # S3 bucket name for data upload, for setting up CSP #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 566b09b0..677c0b7b 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index abe9c5da..d67cf27a 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/revproxy/gen3.nginx.conf/portal-service.conf b/helm/revproxy/gen3.nginx.conf/portal-service.conf deleted file mode 100644 index 35d64cca..00000000 --- a/helm/revproxy/gen3.nginx.conf/portal-service.conf +++ /dev/null @@ -1,12 +0,0 @@ - location / { - if ($csrf_check !~ ^ok-\S.+$) { - return 403 "failed csrf check"; - } - - - set $proxy_service "portal"; - # $upstream is written to the logs - set $upstream http://portal-service.$namespace.svc.cluster.local; - - proxy_pass $upstream; - } diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index ad7441f9..eb2b5e60 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -7,6 +7,18 @@ data: {{ ($a := split "/" $path)._1 }}: | {{- $bytes | toString | nindent 4 }} {{- end}} +{{- if eq "portal" .Values.global.frontendRoot }} + {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/portal-as-root/*.conf" }} + {{ ($a := split "/" $path)._2 }}: | + {{- $bytes | toString | nindent 4 }} + {{- end}} +{{- end}} +{{- if eq "gen3ff" .Values.global.frontendRoot }} + {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/gen3ff-as-root/*.conf" }} + {{ ($a := split "/" $path)._2 }}: | + {{- $bytes | toString | nindent 4 }} + {{- end}} +{{- end}} --- apiVersion: v1 kind: ConfigMap From 2c14bde5329c447875e072544643699c89d09f8c Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 10 Apr 2023 18:19:53 -0500 Subject: [PATCH 010/279] update Chart version --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index bad121a9..9a2c93f4 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -64,7 +64,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.4" + version: "0.1.6" repository: "file://../portal" condition: portal.enabled - name: requestor @@ -72,7 +72,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.7" + version: "0.1.9" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 3d4059ec..4dd41578 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -34,9 +34,9 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.6 | | file://../peregrine | peregrine | 0.1.7 | | file://../pidgin | pidgin | 0.1.5 | -| file://../portal | portal | 0.1.4 | +| file://../portal | portal | 0.1.6 | | file://../requestor | requestor | 0.1.6 | -| file://../revproxy | revproxy | 0.1.7 | +| file://../revproxy | revproxy | 0.1.9 | | file://../sheepdog | sheepdog | 0.1.7 | | file://../ssjdispatcher | ssjdispatcher | 0.1.3 | | file://../wts | wts | 0.1.7 | diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index b8c5d7aa..cbce74af 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 32576f52..ac679dda 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 677c0b7b..6a904386 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index d67cf27a..95275d55 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From 62ec8f6036b265e616c810b787509e7f3630ee4f Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Tue, 11 Apr 2023 11:23:05 -0500 Subject: [PATCH 011/279] add rule for frontend=framework session api --- .../gen3ff-as-root/frontend-framework-service.conf | 6 ++++++ .../portal-as-root/frontend-framework-service.conf | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf b/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf index ac2cb75f..212e3b75 100644 --- a/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf +++ b/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf @@ -6,3 +6,9 @@ set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; proxy_pass $upstream; } + + location /api/auth/sessionToken { + set $proxy_service "frontend-framework"; + set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; + proxy_pass $upstream; + } diff --git a/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf b/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf index dbb24e4b..3531a5b7 100644 --- a/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf +++ b/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf @@ -11,3 +11,9 @@ set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; proxy_pass $upstream; } + + location /ff/api/auth/sessionToken { + set $proxy_service "frontend-framework"; + set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; + proxy_pass $upstream; + } From a74969871e9e54bc0f5c6fd0a7c0a5d674deba59 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 13 Apr 2023 11:25:57 -0500 Subject: [PATCH 012/279] Add CONTRIBUTION.md (#115) * Add CONTRIBUTION.md * Docs/contributor review (#112) * Updates to contributing.md * Update Contributing.md * Move the CONTRIBUTING.md file to root * Adding issues and communication channels (#117) * Update CONTRIBUTING.md * remove DS_store * Delete .gitignore * Create .gitignore * Update .gitignore * Update .gitignore * Update CONTRIBUTING.md * add .DS_Store to .gitignore --------- Co-authored-by: michaelfitzo <116322184+michaelfitzo@users.noreply.github.com> --- .gitignore | 3 +- CONTRIBUTING.md | 134 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 CONTRIBUTING.md diff --git a/.gitignore b/.gitignore index 66497221..907fdd00 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ postgres.txt **/charts/ notes/ -Chart.lock \ No newline at end of file +Chart.lock +.DS_Store \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..c81ac0d3 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,134 @@ +# Contributing + +We welcome contributions to the gen3-helm repository! This document outlines the guidelines for contributing to this project. + +## Git and GitHub resources + +Before starting a new contribution, you need to be familiar with [Git](https://git-scm.com/) and [GitHub](https://github.com/) concepts like: ***commit, branch, push, pull, remote, fork, repository***, etc. There are plenty of resources online to learn Git and GitHub, for example: +- [Git Guide](https://github.com/git-guides/) +- [GitHub Quick start](https://docs.github.com/en/get-started/quickstart) +- [GitHub on YouTube](https://www.youtube.com/github) +- [Git and GitHub learning resources](https://docs.github.com/en/get-started/quickstart/git-and-github-learning-resources) +- [Collaborating with Pull Requests](https://docs.github.com/en/github/collaborating-with-pull-requests) +- [GitHub Documentation, guides and help topics](https://docs.github.com/en/github) +- And many more... + + +## Before You Begin + + +If you have an idea for a new feature or a bugfix, it is best to communicate with the University of Chicago Center for Translational Data Science (CTDS) developers early. The primary venue for this is the [GitHub issue tracker](https://github.com/uc-cdis/gen3-helm/issues). Browse through existing GitHub issues and if one seems related, comment on it. For more direct communication, CTDS developers are generally available via Slack. + + +## Reporting a New Issue + +If you have identified a potential new issue the first step is to ask the community whether this is something they are familiar with and for which they may already have a solution. The slack channel #gen3_helm_ext is the preferred forum for communication regarding helm. Please inquire in #gen3_community if you would like access ([request access here](https://docs.google.com/forms/d/e/1FAIpQLSczyhhOXeCK9FdVtpQpelOHYnRj1EAq1rwwnm9q6cPAe5a7ug/viewform)). + +If the community has no solution and no existing gen3-helm issue seems appropriate, a new issue can be opened using [this form](https://github.com/uc-cdis/gen3-helm/issues/new). Please be specific in your comment and include instructions on how to reproduce the issue. Please also make sure to add a short descriptive title. + +## How to Contribute + +All changes to the gen3-helm repository should be made through pull requests. + +1. Fork the [gen3-helm repository](https://github.com/uc-cdis/gen3-helm) on GitHub to make your changes. + +4. Run the relevant tests for the features added or bugs fixed by your pull request. + +5. Write a descriptive commit message. + +6. Commit and push your changes to your fork. + +7. Open a pull request with these changes. + +8. Your pull request will be reviewed by a project maintainer and merged if it is deemed appropriate. + +## Style Guidelines + +### Helm + +- `gen3-helm` follows [General Conventions](https://helm.sh/docs/chart_best_practices/) for helm charts. + +## Documentation + +Documentation is found in the ``docs/`` directory. + +The documentation source files are written in [Markdown](https://daringfireball.net/projects/markdown/syntax) format. + +Each chart has its own README.md that is automatically built with [helm-docs](https://github.com/norwoodj/helm-docs). This happens in the pre-commit so make sure to check in all the changed files. + +## Helm chart release strategy + +It is important to understand that when a branch is merged into the main branch, a GitHub action will generate a new helm chart release if the helm chart version in the chart.yaml file has been incremented. Consider the following example where a change to the Helm chart has been made and the contributor wants a new version to be released: + +The original Chart.yaml file: + + ```yaml + apiVersion: v2 + name: Sheepdog + description: A Helm chart for Kubernetes + type: application + version: 0.1.0 + ``` + +If a modification to the Helm chart is made (an update to the values.yaml file for instance) the version in Chart.yaml is incremented to `0.2.0`: + + ```yaml + apiVersion: v2 + name: Sheepdog + description: A Helm chart for Kubernetes + type: application + version: 0.2.0 # version updates to 0.2.0 + ``` + +Once the associated branch is merged into the main branch, the GitHub action packages and publishes an artifact, making it available for consumption. The release name is based off the 'name' field and the 'version' field in the Chart.yaml file. Given the example above, GitHub action will produce a release called `sheepdog-0.2.0`. + + +## Branch Naming Conventions + +Branches are named as `type/scope`, and commit messages are written as `type(scope): explanation`, where + +- `scope` identifies the thing that was added or modified, +- `explanation` is a brief description of the changes in imperative present tense (such as “add function to _”, not “added function”), +- and `type` is defined as: + ``` + type = "chore" | "docs" | "feat" | "fix" | "refactor" | "style" | "test" + ``` + +Some example branch names: + +- `refactor/db-calls` +- `test/user` +- `docs/deployment` + +Some example commit messages: + +- `fix(scope): remove admin scope from client` +- `feat(project_members): list all members given project` +- `docs(generation): fix generation script and update docs` + +## Pull Requests (PRs) + + +Before submitting a PR for review, try to make sure you’ve accomplished these things: + +The PR: +- contains a brief description of what it changes and/or adds +- passes status checks +- If there are changes to the charts, it bumps the chart versions + + +To merge the PR: + +If the branch now has conflicts with the master branch, follow these steps to update it: + +```bash +git checkout master +git pull origin master +git checkout $YOUR_BRANCH_NAME +git merge master +git commit +# The previous command should open an editor with the default merge commit +# message; simply save and exit +git push + +``` From ce5779e63f436c274a926b78787f94d132939a9e Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 4 May 2023 14:37:50 -0600 Subject: [PATCH 013/279] adding pod disruption budgets to help improve availability. The common chart has the pdb template and each chart has the ability to enable the pdb from the global values section. The gen3 umbrella chart also has this ability and will override the subchart options if enabled. --- .secrets.baseline | 126 +++++++++--------- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 6 +- helm/ambassador/templates/pdb.yaml | 3 + helm/ambassador/values.yaml | 4 + helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 6 +- helm/arborist/templates/pdb.yaml | 3 + helm/arborist/values.yaml | 4 + helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 6 +- helm/argo-wrapper/templates/pdb.yaml | 3 + helm/argo-wrapper/values.yaml | 4 + helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 6 +- helm/audit/templates/pdb.yaml | 3 + helm/audit/values.yaml | 4 + helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 6 +- helm/aws-es-proxy/templates/pdb.yaml | 3 + helm/aws-es-proxy/values.yaml | 4 + helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/common/templates/_pdb.tpl | 16 +++ helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 6 +- helm/dicom-server/templates/pdb.yaml | 3 + helm/dicom-server/values.yaml | 4 + helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 6 +- helm/dicom-viewer/templates/pdb.yaml | 3 + helm/dicom-viewer/values.yaml | 4 + helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 6 +- helm/fence/templates/pdb.yaml | 3 + helm/fence/values.yaml | 4 + helm/gen3/Chart.yaml | 42 +++--- helm/gen3/README.md | 46 ++++--- helm/gen3/values.yaml | 4 + helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 6 +- helm/guppy/templates/pdb.yaml | 3 + helm/guppy/values.yaml | 5 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 6 +- helm/hatchery/templates/pdb.yaml | 3 + helm/hatchery/values.yaml | 4 + helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 6 +- helm/indexd/templates/pdb.yaml | 3 + helm/indexd/values.yaml | 4 + helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 7 +- .../manifestservice/templates/deployment.yaml | 3 + helm/manifestservice/templates/pdb.yaml | 3 + helm/manifestservice/values.yaml | 7 + helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 6 +- helm/metadata/templates/pdb.yaml | 3 + helm/metadata/values.yaml | 4 + helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 6 +- helm/peregrine/templates/pdb.yaml | 3 + helm/peregrine/values.yaml | 4 + helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 6 +- helm/pidgin/templates/pdb.yaml | 3 + helm/pidgin/values.yaml | 4 + helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 6 +- helm/portal/templates/pdb.yaml | 3 + helm/portal/values.yaml | 4 + helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 6 +- helm/requestor/templates/pdb.yaml | 3 + helm/requestor/values.yaml | 4 + helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 6 +- helm/revproxy/templates/pdb.yaml | 3 + helm/revproxy/values.yaml | 4 + helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 6 +- helm/sheepdog/templates/pdb.yaml | 3 + helm/sheepdog/values.yaml | 4 + helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 6 +- helm/ssjdispatcher/templates/pdb.yaml | 3 + helm/ssjdispatcher/values.yaml | 4 + helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 6 +- helm/wts/templates/pdb.yaml | 3 + helm/wts/values.yaml | 4 + 92 files changed, 389 insertions(+), 172 deletions(-) create mode 100644 helm/ambassador/templates/pdb.yaml create mode 100644 helm/arborist/templates/pdb.yaml create mode 100644 helm/argo-wrapper/templates/pdb.yaml create mode 100644 helm/audit/templates/pdb.yaml create mode 100644 helm/aws-es-proxy/templates/pdb.yaml create mode 100644 helm/common/templates/_pdb.tpl create mode 100644 helm/dicom-server/templates/pdb.yaml create mode 100644 helm/dicom-viewer/templates/pdb.yaml create mode 100644 helm/fence/templates/pdb.yaml create mode 100644 helm/guppy/templates/pdb.yaml create mode 100644 helm/hatchery/templates/pdb.yaml create mode 100644 helm/indexd/templates/pdb.yaml create mode 100644 helm/manifestservice/templates/pdb.yaml create mode 100644 helm/metadata/templates/pdb.yaml create mode 100644 helm/peregrine/templates/pdb.yaml create mode 100644 helm/pidgin/templates/pdb.yaml create mode 100644 helm/portal/templates/pdb.yaml create mode 100644 helm/requestor/templates/pdb.yaml create mode 100644 helm/revproxy/templates/pdb.yaml create mode 100644 helm/sheepdog/templates/pdb.yaml create mode 100644 helm/ssjdispatcher/templates/pdb.yaml create mode 100644 helm/wts/templates/pdb.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 5efb33af..4a4ee094 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-03-29T21:20:01Z", + "generated_at": "2023-05-04T20:37:29Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -88,21 +88,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 43, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 67, "type": "Secret Keyword" } ], @@ -111,21 +111,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 77, "type": "Secret Keyword" } ], @@ -134,7 +134,7 @@ "hashed_secret": "7c150ec931dbb741d0bfd6c8f4ef914026c0b44b", "is_secret": false, "is_verified": false, - "line_number": 42, + "line_number": 61, "type": "Secret Keyword" } ], @@ -175,14 +175,14 @@ "hashed_secret": "b47233f6f28e9716c72d5eba0278edea3a24baad", "is_secret": false, "is_verified": false, - "line_number": 21, + "line_number": 39, "type": "Secret Keyword" }, { "hashed_secret": "3f6d5580af2ddf647ca25346aa6ec9c434577d05", "is_secret": false, "is_verified": false, - "line_number": 36, + "line_number": 55, "type": "Secret Keyword" } ], @@ -191,7 +191,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 68, + "line_number": 79, "type": "Secret Keyword" } ], @@ -200,28 +200,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 104, + "line_number": 106, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 106, + "line_number": 108, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 133, + "line_number": 135, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 165, + "line_number": 167, "type": "Secret Keyword" } ], @@ -285,7 +285,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1874, + "line_number": 1878, "type": "Secret Keyword" } ], @@ -301,14 +301,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 89, + "line_number": 91, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 91, + "line_number": 93, "type": "Secret Keyword" } ], @@ -317,14 +317,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 62, "type": "Secret Keyword" } ], @@ -333,21 +333,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 34, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 36, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 59, "type": "Secret Keyword" } ], @@ -356,7 +356,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 186, + "line_number": 190, "type": "Secret Keyword" } ], @@ -365,28 +365,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 67, + "line_number": 69, "type": "Secret Keyword" }, { "hashed_secret": "cb87e7ebb6991e08dc8964923e04230d002b7f12", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 101, "type": "Secret Keyword" } ], @@ -413,7 +413,7 @@ "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 67, + "line_number": 70, "type": "Secret Keyword" } ], @@ -431,21 +431,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 81, "type": "Secret Keyword" } ], @@ -454,28 +454,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 68, + "line_number": 70, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 97, + "line_number": 99, "type": "Secret Keyword" } ], @@ -502,21 +502,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 69, "type": "Secret Keyword" } ], @@ -539,14 +539,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 57, + "line_number": 59, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 61, "type": "Secret Keyword" } ], @@ -554,13 +554,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 469, + "line_number": 473, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 472, + "line_number": 476, "type": "Base64 High Entropy String" } ], @@ -569,21 +569,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 56, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 76, + "line_number": 78, "type": "Secret Keyword" } ], @@ -592,21 +592,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 44, + "line_number": 46, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 48, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 72, + "line_number": 74, "type": "Secret Keyword" } ], @@ -624,42 +624,42 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 77, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 98, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 103, + "line_number": 105, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 105, + "line_number": 107, "type": "Secret Keyword" } ], @@ -686,7 +686,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 229, + "line_number": 233, "type": "Secret Keyword" } ], @@ -695,21 +695,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 44, + "line_number": 57, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 46, + "line_number": 59, "type": "Secret Keyword" }, { "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", "is_secret": false, "is_verified": false, - "line_number": 104, + "line_number": 116, "type": "Secret Keyword" } ], @@ -727,7 +727,7 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 215, + "line_number": 219, "type": "Secret Keyword" } ], @@ -736,21 +736,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 70, + "line_number": 72, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 6ee0ae58..ff9762bb 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 1a1bf24c..f0eb589a 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -26,9 +26,11 @@ A Helm chart for deploying ambassador for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `"ambassador-deployment"` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/datawire/ambassador","tag":"1.4.2"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/datawire/ambassador"` | Docker repository. | diff --git a/helm/ambassador/templates/pdb.yaml b/helm/ambassador/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/ambassador/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index d7db700e..f3f6be41 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -8,6 +8,10 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 2c97db7f..700292e6 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 22c761e9..4ed7b662 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -29,7 +29,7 @@ A Helm chart for gen3 arborist | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -38,7 +38,9 @@ A Helm chart for gen3 arborist | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/arborist/templates/pdb.yaml b/helm/arborist/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/arborist/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index 00e4f3b0..ba09a43f 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -48,6 +48,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index aa987bed..bd64577e 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 50a2a174..603abc62 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -32,9 +32,11 @@ A Helm chart for gen3 Argo Wrapper Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | environment | string | `"default"` | Environment name. | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/argo-wrapper"` | Docker repository. | diff --git a/helm/argo-wrapper/templates/pdb.yaml b/helm/argo-wrapper/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/argo-wrapper/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index c8556be0..47c711b0 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -8,6 +8,10 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # Deployment # -- (map) Annotations to add to the pod. diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 80179bc2..88fea999 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index e6abb806..0d68abde 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -37,7 +37,7 @@ A Helm chart for Kubernetes | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -46,7 +46,9 @@ A Helm chart for Kubernetes | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/audit/templates/pdb.yaml b/helm/audit/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/audit/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 3e151813..6f39dbf5 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -47,6 +47,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 6fa7b7f6..5e149091 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index a3f2a4fe..c4492699 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -26,9 +26,11 @@ A Helm chart for AWS ES Proxy Service for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/aws-es-proxy"` | Docker repository. | diff --git a/helm/aws-es-proxy/templates/pdb.yaml b/helm/aws-es-proxy/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/aws-es-proxy/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 2e28d856..5367ba70 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -8,6 +8,10 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Annotations to add to the pod podAnnotations: diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 793d5770..73b4812a 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index cdddaf74..03781358 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_pdb.tpl b/helm/common/templates/_pdb.tpl new file mode 100644 index 00000000..9fca9c95 --- /dev/null +++ b/helm/common/templates/_pdb.tpl @@ -0,0 +1,16 @@ +{{/* + Gen3 Pod Disruption Budgets + Pdb will help increase availability by ensuring that one pod for each service is always avialable. + Will use the parent chart's name. +*/}} +{{ define "common.pod_disruption_budget" -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Chart.Name }}-pdb +spec: + minAvailable: {{ .Values.global.minAvialable }} + selector: + matchLabels: + app: {{ .Chart.Name }} +{{- end }} \ No newline at end of file diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 63155bdb..82413994 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f6e98911..5cb9d02a 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -24,9 +24,11 @@ A Helm chart for gen3 Dicom Server | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/gen3-orthanc"` | Docker repository. | diff --git a/helm/dicom-server/templates/pdb.yaml b/helm/dicom-server/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/dicom-server/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index 80e84a68..d4dcdcc7 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -8,6 +8,10 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # Deployment diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 4f3fc523..24e69864 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index bcf867d8..39b3b4c5 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -24,9 +24,11 @@ A Helm chart for gen3 Dicom Viewer | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ohif-viewer","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ohif-viewer"` | Docker repository. | diff --git a/helm/dicom-viewer/templates/pdb.yaml b/helm/dicom-viewer/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/dicom-viewer/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 935d86aa..0fa31147 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -8,6 +8,10 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # Deployment diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 3baa4523..eb897b63 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 208c62af..de995ec0 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -90,7 +90,7 @@ A Helm chart for gen3 Fence | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -99,7 +99,9 @@ A Helm chart for gen3 Fence | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/fence/templates/pdb.yaml b/helm/fence/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/fence/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index fdcde0d6..14affefc 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -48,6 +48,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 3fee76ce..8b9b60bc 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,82 +5,82 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.5" + version: "0.1.6" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.6" + version: "0.1.7" repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: "0.1.2" + version: "0.1.3" repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.6" + version: "0.1.7" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: "0.1.4" + version: "0.1.5" repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: "0.1.5" + version: "0.1.6" repository: file://../common - name: fence - version: "0.1.6" + version: "0.1.7" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.5" + version: "0.1.6" repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: "0.1.4" + version: "0.1.5" repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.7" + version: "0.1.8" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.7" + version: "0.1.8" repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.6" + version: "0.1.7" repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.7" + version: "0.1.8" repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.5" + version: "0.1.6" repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.4" + version: "0.1.5" repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.6" + version: "0.1.7" repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.7" + version: "0.1.8" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.7" + version: "0.1.8" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.3" + version: "0.1.4" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.1.7" + version: "0.1.8" repository: "file://../wts" condition: wts.enabled @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 60b7a097..a4a22d61 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,27 +18,27 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.5 | -| file://../arborist | arborist | 0.1.6 | -| file://../argo-wrapper | argo-wrapper | 0.1.2 | -| file://../audit | audit | 0.1.6 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.4 | -| file://../common | common | 0.1.5 | +| file://../ambassador | ambassador | 0.1.6 | +| file://../arborist | arborist | 0.1.7 | +| file://../argo-wrapper | argo-wrapper | 0.1.3 | +| file://../audit | audit | 0.1.7 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.5 | +| file://../common | common | 0.1.6 | | file://../elasticsearch | elasticsearch | 0.1.3 | -| file://../fence | fence | 0.1.6 | -| file://../guppy | guppy | 0.1.5 | -| file://../hatchery | hatchery | 0.1.4 | -| file://../indexd | indexd | 0.1.7 | -| file://../manifestservice | manifestservice | 0.1.7 | -| file://../metadata | metadata | 0.1.6 | -| file://../peregrine | peregrine | 0.1.7 | -| file://../pidgin | pidgin | 0.1.5 | -| file://../portal | portal | 0.1.4 | -| file://../requestor | requestor | 0.1.6 | -| file://../revproxy | revproxy | 0.1.7 | -| file://../sheepdog | sheepdog | 0.1.7 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.3 | -| file://../wts | wts | 0.1.7 | +| file://../fence | fence | 0.1.7 | +| file://../guppy | guppy | 0.1.6 | +| file://../hatchery | hatchery | 0.1.5 | +| file://../indexd | indexd | 0.1.8 | +| file://../manifestservice | manifestservice | 0.1.8 | +| file://../metadata | metadata | 0.1.7 | +| file://../peregrine | peregrine | 0.1.8 | +| file://../pidgin | pidgin | 0.1.6 | +| file://../portal | portal | 0.1.5 | +| file://../requestor | requestor | 0.1.7 | +| file://../revproxy | revproxy | 0.1.8 | +| file://../sheepdog | sheepdog | 0.1.8 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.4 | +| file://../wts | wts | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -72,7 +72,7 @@ Helm chart to deploy Gen3 Data Commons | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | @@ -84,7 +84,9 @@ Helm chart to deploy Gen3 Data Commons | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index ae8164e6..4be19977 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -61,6 +61,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 tags: diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 7f388241..904f3542 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f7123f08..23bf7175 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -40,7 +40,7 @@ A Helm chart for gen3 Guppy Service | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -53,7 +53,9 @@ A Helm chart for gen3 Guppy Service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/guppy/templates/pdb.yaml b/helm/guppy/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/guppy/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 3614b7f7..ba984f62 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -56,7 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false - + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Configuration for autoscaling the number of replicas autoscaling: diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 4516342d..eca2e813 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 21848cbf..7a4b0447 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -27,7 +27,7 @@ A Helm chart for gen3 Hatchery | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -40,7 +40,9 @@ A Helm chart for gen3 Hatchery | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/hatchery/templates/pdb.yaml b/helm/hatchery/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/hatchery/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 7a903871..200385bd 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index a2c51814..1136129a 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index ecbe4373..b5049d44 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -27,7 +27,7 @@ A Helm chart for gen3 indexd | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -40,7 +40,9 @@ A Helm chart for gen3 indexd | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/indexd/templates/pdb.yaml b/helm/indexd/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/indexd/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 34c4ec7b..7ddeccfb 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 88fe4a6a..5ebb5862 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index cf53da5f..89c11ef5 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -33,9 +33,11 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | manifestserviceG3auto | map | `{"awsaccesskey":"","awssecretkey":"","bucketName":"testbucket","hostname":"testinstall","prefix":"test"}` | Values for manifestservice secret. | | manifestserviceG3auto.awsaccesskey | string | `""` | AWS access key. | | manifestserviceG3auto.awssecretkey | string | `""` | AWS secret access key. | @@ -43,6 +45,7 @@ A Helm chart for Kubernetes | manifestserviceG3auto.prefix | string | `"test"` | Directory name to use within the s3 bucket. | | partOf | string | `"Workspace-tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | +| replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 47220350..426774be 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- include "common.datadogLabels" . | nindent 4 }} {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: {{- include "manifestservice.selectorLabels" . | nindent 8 }} diff --git a/helm/manifestservice/templates/pdb.yaml b/helm/manifestservice/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/manifestservice/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 07072329..3aa80925 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -8,10 +8,17 @@ global: environment: default # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (int) Number of old revisions to retain revisionHistoryLimit: 2 +# -- (int) Number of replicas for the deployment. +replicaCount: 1 + # -- (map) Kubernetes service information. service: # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index eccff7be..2b4e6d4d 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 2e7920b7..e2460ceb 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -38,7 +38,7 @@ A Helm chart for gen3 Metadata Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -51,7 +51,9 @@ A Helm chart for gen3 Metadata Service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/metadata/templates/pdb.yaml b/helm/metadata/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/metadata/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index b6908840..0cd45435 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 0248452a..3f1ef902 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 1169b107..a974d7e9 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -29,7 +29,7 @@ A Helm chart for gen3 Peregrine service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -42,7 +42,9 @@ A Helm chart for gen3 Peregrine service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/peregrine/templates/pdb.yaml b/helm/peregrine/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/peregrine/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index b68f5225..b18e788b 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -55,6 +55,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index afdb15e8..44f0b34c 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 501e2132..c074f02b 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -33,7 +33,7 @@ A Helm chart for gen3 Pidgin Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -46,7 +46,9 @@ A Helm chart for gen3 Pidgin Service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/pidgin/templates/pdb.yaml b/helm/pidgin/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/pidgin/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index 68128e1c..230d59ca 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index da06718d..b8c5d7aa 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 86a24d21..6036dc21 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -39,7 +39,7 @@ A Helm chart for gen3 data-portal | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | | gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -52,7 +52,9 @@ A Helm chart for gen3 data-portal | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/portal/templates/pdb.yaml b/helm/portal/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/portal/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 9589a406..0abea50e 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -55,6 +55,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 5a1ae21e..1cc44156 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 46496f4a..d552f6ef 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -36,7 +36,7 @@ A Helm chart for gen3 Requestor Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -49,7 +49,9 @@ A Helm chart for gen3 Requestor Service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/requestor/templates/pdb.yaml b/helm/requestor/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/requestor/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 2da68dbe..9dcdb2c7 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 566b09b0..677c0b7b 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index abe9c5da..73b90253 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -26,7 +26,7 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -39,7 +39,9 @@ A Helm chart for gen3 revproxy | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/revproxy/templates/pdb.yaml b/helm/revproxy/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/revproxy/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 2686908d..da86b622 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -59,6 +59,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 7a192521..82bf4858 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index c78bb9ab..d3cdd26a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -38,7 +38,7 @@ A Helm chart for gen3 Sheepdog Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -51,7 +51,9 @@ A Helm chart for gen3 Sheepdog Service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/sheepdog/templates/pdb.yaml b/helm/sheepdog/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/sheepdog/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 837877a2..8e76a2b7 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 31393ee3..25bdaac2 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 68b9b140..8d1175fd 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -37,7 +37,7 @@ A Helm chart for gen3 ssjdispatcher | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -50,7 +50,9 @@ A Helm chart for gen3 ssjdispatcher | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/ssjdispatcher/templates/pdb.yaml b/helm/ssjdispatcher/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/ssjdispatcher/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index 0c0b1e2f..a24f7f6b 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 23f8f74b..f333c4ed 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index ea514c1e..549d0dec 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -27,7 +27,7 @@ A Helm chart for gen3 workspace token service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -40,7 +40,9 @@ A Helm chart for gen3 workspace token service | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | diff --git a/helm/wts/templates/pdb.yaml b/helm/wts/templates/pdb.yaml new file mode 100644 index 00000000..2ef2de13 --- /dev/null +++ b/helm/wts/templates/pdb.yaml @@ -0,0 +1,3 @@ +{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} +{{ include "common.pod_disruption_budget" . }} +{{- end }} \ No newline at end of file diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index c8d554da..8ed969bc 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -56,6 +56,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. + pdb: false + # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. + minAvialable: 1 # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: From 4336c41b9d8e31f7afb47186ce0d7a50eedf673a Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 4 May 2023 14:48:29 -0600 Subject: [PATCH 014/279] updated the commons chart version. --- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/elasticsearch/Chart.yaml | 4 ++-- helm/elasticsearch/README.md | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 44 files changed, 46 insertions(+), 46 deletions(-) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index ff9762bb..66dc8a46 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index f0eb589a..42c8393f 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 700292e6..a2ee04ce 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 4ed7b662..bb3e98ad 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index bd64577e..7584c917 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 603abc62..33e20cae 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 88fea999..9e60e096 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 0d68abde..20e26077 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 5e149091..934a077d 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index c4492699..48bdac36 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 82413994..380f19cd 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 5cb9d02a..b8d69c62 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 24e69864..7ab4bdea 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 39b3b4c5..8c98e773 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/elasticsearch/Chart.yaml b/helm/elasticsearch/Chart.yaml index 42e76886..6b59b465 100644 --- a/helm/elasticsearch/Chart.yaml +++ b/helm/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.16.0" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md index 23fb2d76..2eac645e 100644 --- a/helm/elasticsearch/README.md +++ b/helm/elasticsearch/README.md @@ -1,6 +1,6 @@ # elasticsearch -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index eb897b63..1d9afdd6 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index de995ec0..3a88e3ee 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 904f3542..a2e4a2d4 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 23bf7175..8967c662 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index eca2e813..8acfcd66 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 7a4b0447..3151d032 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 1136129a..3e50dfe3 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index b5049d44..35ac634b 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 5ebb5862..2131625f 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 89c11ef5..b04efdd3 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 2b4e6d4d..5784ee70 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index e2460ceb..40b3043c 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 3f1ef902..a9ee0522 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index a974d7e9..9a4d1310 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 44f0b34c..51d95965 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index c074f02b..df496235 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index b8c5d7aa..1bf879c0 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index 6036dc21..91a5cd5e 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 1cc44156..e16dde3f 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index d552f6ef..a8a6ada5 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 677c0b7b..61f025e5 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 73b90253..c2a9c59c 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 82bf4858..33ba0a34 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index d3cdd26a..22605c5f 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 25bdaac2..cdbe45c8 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 8d1175fd..de0fb75b 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index f333c4ed..dcc7827f 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.5 + version: 0.1.6 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index 549d0dec..e163b435 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From c4f0169ffcb458a99b41a50b1289cac7300961d3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 4 May 2023 14:52:25 -0600 Subject: [PATCH 015/279] bumping up elasticsearch chart version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 8b9b60bc..b89cfabd 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -86,7 +86,7 @@ dependencies: - name: elasticsearch - version: "0.1.3" + version: "0.1.4" repository: "file://../elasticsearch" condition: global.dev - name: postgresql diff --git a/helm/gen3/README.md b/helm/gen3/README.md index a4a22d61..53767823 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -24,7 +24,7 @@ Helm chart to deploy Gen3 Data Commons | file://../audit | audit | 0.1.7 | | file://../aws-es-proxy | aws-es-proxy | 0.1.5 | | file://../common | common | 0.1.6 | -| file://../elasticsearch | elasticsearch | 0.1.3 | +| file://../elasticsearch | elasticsearch | 0.1.4 | | file://../fence | fence | 0.1.7 | | file://../guppy | guppy | 0.1.6 | | file://../hatchery | hatchery | 0.1.5 | From b3c2798727e53f11acfe8cbc3ae93995717b7f1f Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Mon, 8 May 2023 12:42:06 -0500 Subject: [PATCH 016/279] Documentation and various fixes/updates (#121) - Add sower helm chart - Add more documentation - Add custom ingress resource --- .gitignore | 3 +- .secrets.baseline | 146 +-- README.md | 97 +- docs/CONFIGURATION.md | 537 +++++++++++ docs/INGRESS.md | 35 + docs/PREREQUISITES.md | 96 ++ docs/PRODUCTION.md | 15 + docs/SECRETS.md | 2 + docs/databases.md | 43 +- examples/aws_dev_values.yaml | 61 ++ examples/gke_dev_values.yaml | 69 ++ examples/gke_values.yaml | 84 ++ examples/local_dev_values.yaml | 36 + helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/ambassador/templates/deployment.yaml | 6 +- helm/ambassador/templates/service.yaml | 4 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 10 +- helm/audit/values.yaml | 4 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 11 +- helm/fence/templates/_helpers.tpl | 18 + helm/fence/templates/fence-deployment.yaml | 1 + helm/fence/templates/jwt-keys.yaml | 2 +- helm/fence/values.yaml | 15 +- helm/gen3/Chart.yaml | 20 +- helm/gen3/README.md | 120 ++- helm/gen3/templates/global-manifest.yaml | 1 + helm/gen3/values.yaml | 180 ++-- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 7 +- helm/guppy/templates/_helpers.tpl | 11 - helm/guppy/templates/deployment.yaml | 6 +- helm/guppy/values.yaml | 6 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 10 +- helm/indexd/indexd-settings/local_settings.py | 2 +- helm/indexd/templates/_helpers.tpl | 3 - helm/indexd/templates/deployment.yaml | 2 + helm/indexd/templates/indexd-secret.yaml | 26 +- helm/indexd/templates/pre-install.yaml | 7 +- helm/indexd/values.yaml | 14 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 6 +- helm/portal/templates/deployment.yaml | 6 +- helm/portal/values.yaml | 4 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 9 +- helm/revproxy/logrotate-nginx.conf | 9 - .../{ingress.yaml => ingress_aws.yaml} | 14 +- helm/revproxy/templates/ingress_default.yaml | 61 ++ helm/revproxy/templates/ingress_dev.yaml | 22 + helm/revproxy/values.yaml | 4 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sheepdog/sheepdog-secret/wsgi.py | 2 +- helm/sheepdog/templates/deployment.yaml | 2 +- helm/sower/.helmignore | 23 + helm/sower/Chart.yaml | 29 + helm/sower/README.md | 110 +++ helm/sower/templates/NOTES.txt | 1 + helm/sower/templates/_helpers.tpl | 68 ++ helm/sower/templates/deployment.yaml | 73 ++ helm/sower/templates/hpa.yaml | 28 + helm/sower/templates/manifest-sower.yaml | 140 +++ helm/sower/templates/pelican-creds.yaml | 15 + helm/sower/templates/service.yaml | 16 + helm/sower/templates/serviceaccount.yaml | 12 + .../templates/tests/test-connection.yaml | 15 + helm/sower/values.yaml | 234 +++++ helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 10 +- helm/wts/templates/deployment.yaml | 4 +- helm/wts/templates/wts-oidc.yaml | 2 +- helm/wts/values.yaml | 4 +- sample-values/fence-config.yaml | 885 ------------------ sample-values/user.yaml | 92 -- sample-values/values_aws_dev.yaml | 69 -- sample-values/values_google_cloud_dev.yaml | 9 - sample-values/values_local_dev.yaml | 10 - 81 files changed, 2271 insertions(+), 1449 deletions(-) create mode 100644 docs/CONFIGURATION.md create mode 100644 docs/INGRESS.md create mode 100644 docs/PREREQUISITES.md create mode 100644 docs/PRODUCTION.md create mode 100644 docs/SECRETS.md create mode 100644 examples/aws_dev_values.yaml create mode 100644 examples/gke_dev_values.yaml create mode 100644 examples/gke_values.yaml create mode 100644 examples/local_dev_values.yaml delete mode 100644 helm/revproxy/logrotate-nginx.conf rename helm/revproxy/templates/{ingress.yaml => ingress_aws.yaml} (79%) create mode 100644 helm/revproxy/templates/ingress_default.yaml create mode 100644 helm/revproxy/templates/ingress_dev.yaml create mode 100644 helm/sower/.helmignore create mode 100644 helm/sower/Chart.yaml create mode 100644 helm/sower/README.md create mode 100644 helm/sower/templates/NOTES.txt create mode 100644 helm/sower/templates/_helpers.tpl create mode 100644 helm/sower/templates/deployment.yaml create mode 100644 helm/sower/templates/hpa.yaml create mode 100644 helm/sower/templates/manifest-sower.yaml create mode 100644 helm/sower/templates/pelican-creds.yaml create mode 100644 helm/sower/templates/service.yaml create mode 100644 helm/sower/templates/serviceaccount.yaml create mode 100644 helm/sower/templates/tests/test-connection.yaml create mode 100644 helm/sower/values.yaml delete mode 100644 sample-values/fence-config.yaml delete mode 100644 sample-values/user.yaml delete mode 100644 sample-values/values_aws_dev.yaml delete mode 100644 sample-values/values_google_cloud_dev.yaml delete mode 100644 sample-values/values_local_dev.yaml diff --git a/.gitignore b/.gitignore index 907fdd00..df2d04fe 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ postgres.txt **/charts/ notes/ Chart.lock -.DS_Store \ No newline at end of file +.DS_Store +_sample-*/ \ No newline at end of file diff --git a/.secrets.baseline b/.secrets.baseline index 4a4ee094..ad391fd4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-04T20:37:29Z", + "generated_at": "2023-05-08T17:09:14Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -60,26 +60,69 @@ "results": { "README.md": [ { - "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", + "hashed_secret": "64ab0c1d3edc1c8c166351207b840ac7b2a90523", "is_secret": false, "is_verified": false, - "line_number": 83, + "line_number": 87, "type": "Secret Keyword" - }, + } + ], + "docs/CONFIGURATION.md": [ { "hashed_secret": "64ab0c1d3edc1c8c166351207b840ac7b2a90523", + "is_secret": true, + "is_verified": false, + "line_number": 135, + "type": "Secret Keyword" + }, + { + "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", + "is_secret": true, + "is_verified": false, + "line_number": 301, + "type": "Secret Keyword" + } + ], + "docs/PREREQUISITES.md": [ + { + "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", "is_secret": false, "is_verified": false, - "line_number": 112, + "line_number": 94, "type": "Secret Keyword" } ], "docs/databases.md": [ + { + "hashed_secret": "de469a49b80aa4bb9aed52a9eda64dea425dff69", + "is_secret": true, + "is_verified": false, + "line_number": 22, + "type": "Secret Keyword" + }, { "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", "is_secret": false, "is_verified": false, - "line_number": 22, + "line_number": 38, + "type": "Secret Keyword" + } + ], + "examples/gke_dev_values.yaml": [ + { + "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", + "is_secret": false, + "is_verified": false, + "line_number": 13, + "type": "Secret Keyword" + } + ], + "examples/gke_values.yaml": [ + { + "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", + "is_secret": true, + "is_verified": false, + "line_number": 14, "type": "Secret Keyword" } ], @@ -214,14 +257,14 @@ "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 135, + "line_number": 136, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 167, + "line_number": 168, "type": "Secret Keyword" } ], @@ -285,30 +328,25 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1878, + "line_number": 1887, "type": "Secret Keyword" } ], "helm/gen3/README.md": [ { - "hashed_secret": "4caa5dcab48a481e96f4352e45459c0ecd6f3cf7", + "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 76, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 91, + "line_number": 106, "type": "Secret Keyword" - }, + } + ], + "helm/gen3/values.yaml": [ { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", + "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 93, + "line_number": 189, "type": "Secret Keyword" } ], @@ -365,28 +403,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 48, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 50, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 69, + "line_number": 71, "type": "Secret Keyword" }, { - "hashed_secret": "cb87e7ebb6991e08dc8964923e04230d002b7f12", - "is_secret": false, + "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", + "is_secret": true, "is_verified": false, - "line_number": 101, + "line_number": 103, "type": "Secret Keyword" } ], @@ -399,15 +437,6 @@ "type": "Basic Auth Credentials" } ], - "helm/indexd/templates/indexd-secret.yaml": [ - { - "hashed_secret": "c2dae5a3c7ce218639b38d8a0256f02fe81d439e", - "is_secret": false, - "is_verified": false, - "line_number": 19, - "type": "Secret Keyword" - } - ], "helm/manifestservice/README.md": [ { "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", @@ -606,7 +635,7 @@ "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 75, "type": "Secret Keyword" } ], @@ -690,6 +719,31 @@ "type": "Secret Keyword" } ], + "helm/sower/README.md": [ + { + "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", + "is_secret": false, + "is_verified": false, + "line_number": 51, + "type": "Secret Keyword" + }, + { + "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", + "is_secret": false, + "is_verified": false, + "line_number": 53, + "type": "Secret Keyword" + } + ], + "helm/sower/templates/pelican-creds.yaml": [ + { + "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", + "is_secret": false, + "is_verified": false, + "line_number": 13, + "type": "Secret Keyword" + } + ], "helm/ssjdispatcher/README.md": [ { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", @@ -754,24 +808,6 @@ "type": "Secret Keyword" } ], - "sample-values/fence-config.yaml": [ - { - "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", - "is_secret": false, - "is_verified": false, - "line_number": 560, - "type": "Secret Keyword" - } - ], - "sample-values/values_aws_dev.yaml": [ - { - "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", - "is_secret": false, - "is_verified": false, - "line_number": 34, - "type": "Secret Keyword" - } - ], "skaffold.yaml": [ { "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3", diff --git a/README.md b/README.md index aef945f3..6eb475ed 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,7 @@ Helm charts for deploying [Gen3](https://gen3.org) on any kubernetes cluster. -# Deployment instructions -For a full set of configuration options see the [README.md for gen3](./helm/gen3/README.md) - -To see documentation around setting up gen3 developer environments see [gen3_developer_environments.md](./docs/gen3_developer_environments.md) +# Deploying gen3 with helm ## TL;DR ``` @@ -17,23 +14,36 @@ helm repo update helm upgrade --install gen3 gen3/gen3 -f ./values.yaml ``` -Use the following as a template for your `values.yaml` file for a minimum deployment of gen3 using these helm charts. +Assuming you already have the [prerequisites](./docs/PREREQUISITES.md) installed and configured, you can deploy Gen3 with the helm command. +> **Warning** +> The default Helm chart configuration is not intended for production. The default chart creates a proof of concept (PoC) implementation where all Gen3 services are deployed in the cluster, including postgres and elasticsearch. For production deployments, you must follow the [Production/Cloud Native/Hybrid architecture](./docs/PRODUCTION.md) -```yaml -global: - hostname: example-commons.com -fence: - FENCE_CONFIG: - OPENID_CONNECT: - google: - client_id: "insert.google.client_id.here" - client_secret: "insert.google.client_secret.here" -``` +For a production deployment, you should have strong working knowledge of Kubernetes. This method of deployment has different management, observability, and concepts than traditional deployments. + +In a production deployment: + +- The stateful components, like PostgreSQL or Elasticsearch, must run outside the cluster on PaaS or compute instances. This configuration is required to scale and reliably service the variety of workloads found in production Gen3 environments. + +- You should use Cloud PaaS for PostgreSQL, Elasticsearch, and object storage. + + +## Configuration + +For a full set of configuration options see the [CONFIGURATION.md](./docs/CONFIGURATION.md) for a more in depth instructions on how to configure each service. + +There's also an auto-generated table of basic configuration options here: + +[README.md for gen3 chart](./helm/gen3/README.md) (auto-generated documentation) or + + +To see documentation around setting up gen3 developer environments see [gen3_developer_environments.md](./docs/gen3_developer_environments.md) + + +Use the following as a template for your `values.yaml` file for a minimum deployment of gen3 using these helm charts. -This is to have a gen3 deployment with google login. You may also use MOCK_AUTH using the following config. NB! This will bypass any login and is only recommended for testing environments ```yaml @@ -42,15 +52,18 @@ global: fence: FENCE_CONFIG: - # if true, will automatically login a user with username "test" - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - MOCK_AUTH: true + # Any fence-config overrides here. ``` + ## Selective deployments -All service helm charts are sub-charts of the gen3 chart (which acts as an umbrella chart) -To enable or disable a service you can add this pattern to your `values.yaml` +All gen3 services are sub-charts of the gen3 chart (which acts as an umbrella chart). + +For your specific installation of gen3, you may not require all our services. + + +To enable or disable a service you can use this pattern in your `values.yaml` ```yaml fence: @@ -60,50 +73,12 @@ wts: enabled: false ``` - -## Prerequisites - -### Kubernetes cluster -Any kubernetes cluster _should_ work. We are testing with EKS, AKS, GKE and Rancher Desktop. - -It is suggested to use [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your laptop, especially on M1 Mac's. You also get ingress and other benefits out of the box. - -### Postgres -We need a postgres database. For development/CI clusters an instance of postgres is deployed and automatically configured for you. - -For production environments please fill out these values and provide a master password for postgres - -``` -global: - postgres: - db_create: true - master: - host: insert.postgres.hostname.here - username: postgres - password: - port: "5432" -``` - - -### Login Options +## Gen3 Login Options Gen3 does not have any IDP, but can integrate with many. We will cover Google login here, but refer to the fence documentation for additional options. TL/DR: At minimum to have google logins working you need to set these settings in your `values.yaml` file ``` -global: - aws: - # If you're deploying to an EKS set this to true. This will annotate ingress/service accounts appropriately. - # In the future we will be adding support for GKE/AKS using same method. - enabled: true - aws_access_key_id: - aws_secret_access_key: - postgres: - master: - host: "rds.host.com" - username: "postgres" - password: "test" - port: "5432" fence: FENCE_CONFIG: OPENID_CONNECT: @@ -134,7 +109,7 @@ For `"Authorized redirect URIs"` add `https:///user/login/google/logi After configuration is complete, take note of the client ID that was created. You will need the client ID and client secret to complete the next steps. # Production deployments -For production deployments you have to use an external postgres server and elasticsearch server. +Please read [this](./docs/PRODUCTION.md) for more details on production deployments. NOTE: Gen3 helm charts are currently not used in production by CTDS, but we are aiming to do that soon and will have additional documentation on that. diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md new file mode 100644 index 00000000..06d5a575 --- /dev/null +++ b/docs/CONFIGURATION.md @@ -0,0 +1,537 @@ +# Gen3 Services + +# Ambassador + +## What Does it Do + +Ambassador is an envoy proxy. We use this service to direct traffic toward our workspaces, hatchery and jupyter containers. + +## How to Configure it + +For a full set of configuration see the [helm README.md for ambassador](../helm/ambassador/README.md) or read the [values.yaml](../helm/ambassador/values.yaml) directly + +Example configuration using gen3 umbrella chart: + +```yaml +ambassador: + # Whether or not to deploy the service or not + enabled: true + + # What image/ tag to pull + image: + repository: quay.io/datawire/ambassador + tag: "1.4.2" + pullPolicy: Always +``` + + +## Extra Information + +Ambassador is only necessary if there is a hatchery deployment, as this is used as an envoy proxy primarily for workspaces. This may change in the future. + +--- + +# aws-es-proxy + +## What Does it Do + +The aws-es-proxy is a proxy for hitting the elasticsearch service running in AWS. It is required for guppy, ETL and metadata, if you are running managed elasticsearch in AWS, as they leverage this pod to talk to elasticsearch. + +## How to Configure it + + +For a full set of configuration see the [helm README.md for aws-es-proxy](../helm/aws-es-proxy/README.md) or read the [values.yaml](../helm/aws-es-proxy/values.yaml) directly + + +Some important configuration items for `aws-es-proxy` in helm: + +```yaml +# -- AWS user to use to connect to ES +aws-es-proxy: + # Whether or not to deploy the service or not + enabled: true + + # What image/ tag to pull + image: + repository: + tag: + + # AWS secrets + secrets: + awsAccessKeyId: "" + awsSecretAccessKey: "" + + # Elasticsearch endpoint in AWS + esEndpoint: test.us-east-1.es.amazonaws.com +``` + + +## Extra Information + +This pod can also be used to make direct queries to elastic search. If you know you want to make a manaul query to elastic search. You can exec into the aws-es-proxy pod and run the following, filling in the appropriate endpoint you want to hit to query elasticsearch. + +```bash +curl http://localhost:9200/ +``` + +--- + +# Arborist + +## What Does it Do + +Arborist is the authorization service. It works with fence to assign authortizations to a user based on their authentication information. Information around user authorizations are set within a useryaml, or telemetry file for dbgap authorized users, and put into the arborist db during usersync. + +## How to configure it + +For a full set of configuration see the [helm README.md for arborist](../helm/arborist/README.md) or read the [values.yaml](../helm/arborist/values.yaml) directly + +Some configuration options include: +- postgres configuration +- image repo/ tag + + +```yaml +arborist: + # Whether or not to deploy the service or not + enabled: true + + # What image/ tag to pull + image: + tag: + repository: +``` + +## Extra Information + +Common arborist database queries can be found [here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#arborist-database). + +--- + +# Fence + +## What Does it Do + +Fence is a core service for a gen3 datacommons which handles authentication. It is necessary for a commons to run and will handle authentication on the /login endpoint as well as creating presigned url's in the presigned-url-fence pods. + +## How to Configure it + + +```yaml +fence: + # Whether or not to deploy the service or not + enabled: true + + # What image/ tag to pull + image: + tag: + repository: + + # FENCE_CONFIG + FENCE_CONFIG: + OPENID_CONNECT: + google: + client_id: "insert.google.client_id.here" + client_secret: "insert.google.client_secret.here" + + # -- (string) USER YAML. Passed in as a multiline string. + USER_YAML: | + + + +``` + +You need to ensure a proper working fence-config file. Fence is highly configurable and a lot of config is commons specific, but some important fields to configure are as follows. + +1. BASE_URL + * This should be (the url of the commons)/user. +2. DB + * This should contain the psql connection string, which should contain the correct database, user, password and hostname. +3. OPENID_CONNECT + * This is where different IdP's can be configured. To be able to leverage an IdP as a login option you need to add the client id's/secrets and any other necesary config to the predefined blocks. +4. ENABLED_IDENTITY_PROVIDERS/LOGIN_OPTIONS + * Use one of these blocks to enable/configure buttons for logging into the IdP's defined in the OPENID_CONNECT block. +5. DEFAULT_LOGIN_IDP/DEFAULT_LOGIN_URL + * These blocks will define the default login option, which will be used by most external oidc clients. +6. dbGaP + * This will be used to connect to an sftp server which will contain telemetry files for usersync. Is necessary for setting up authorizations outside of the useryaml. +7. AWS_CREDENTIALS/S3_BUCKETS/DATA_UPLOAD_BUCKET + * The AWS_CREDENTIALS block will define credentials for service accounts used to access s3 buckets. The s3 buckets are defined in the S3_BUCKETS block, which will reference a credential in the AWS_CREDENTIALS block. The DATA_UPLOAD_BUCKET block defines the data upload bucket, which is the bucket used in the data upload flow, to upload files to a commons. +8. CIRRUS_CFG + * If google buckets are used you need to configure this block. It is used to setup the google bucket workflow, which essentially creates google users and google bucket access groups, which get filled with users and added to bucket policies to allow implicit access to users. + +For more infomation see [this](https://github.com/uc-cdis/fence/blob/master/fence/config-default.yaml) + + +For user.yaml see this how to construct one properly. This will control access to your data commons: + +https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md + +## Extra Information + +### Fence Pods + +Fence is split into 2 deployments. There is the regular fence deployment which handles commons authentication. We also split the presigned url feature of fence into a seperate deployment, the presigned-url-fence deployment. They will both get setup/deployed with a gen3 installation. + +### Troubleshooting Fence + +There are some commons sql queries that can be found [here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#fence-database). + +### Setting up OIDC clients + +OIDC clients are used by applications to authenticate to fence. Many times this is external users to setup apps which leverage gen3 and an OIDC will have to be client will need to be setup for them. After creation, the client_id/secret will need to be shared with the application owner. To create these clients you will need to exec into a fence container and run the [following commands](https://github.com/uc-cdis/fence#register-oauth-client). + + +--- + +# Guppy + +## What Does it Do + +Guppy is used to render the explorer page. It uses elastic search indices to render the page. + +## How to Configure it + + +For a full set of configuration see the [helm README.md for guppy](../helm/guppy/README.md) or read the [values.yaml](../helm/guppy/values.yaml) directly + + +There is also config that needs to be set within the global block around the tier access level, defining how the explorer page should handle displaying unauthorized files, and the limit to how far unauthroized user can filter down files. Last there is a guppy block that needs to be configured with the elastic search indices guppy will use to render the explorer page. + +``` +global: + tierAccessLevel: "(libre|regular|private)" + +guppy: + # -- (int) Only relevant if tireAccessLevel is set to "regular". + # The minimum amount of files unauthorized users can filter down to + tierAccessLimit: 1000 + + # -- (list) Elasticsearch index configurations + indices: + - index: dev_case + type: case + - index: dev_file + type: file + + # -- (string) The Elasticsearch configuration index + configIndex: dev_case-array-config + # -- (string) The field used for access control and authorization filters + authFilterField: auth_resource_path + # -- (bool) Whether or not to enable encryption for specified fields + enableEncryptWhitelist: true + # -- (string) A comma-separated list of fields to encrypt + encryptWhitelist: test1 + + + # -- (string) Elasticsearch endpoint. + # defaults to "elasticsearch:9200" + esEndpoint: "" +``` + + +You will also need a mapping file to map the fields you want to pull from postgres into the elasticsearch indices. There are too many fields to describe here, but an example mapping file can be found [here](https://github.com/uc-cdis/cdis-manifest/blob/master/gen3.biodatacatalyst.nhlbi.nih.gov/etlMapping.yaml). + +Last, guppy works closely with portal to render the explorer page. You will need to ensure a proper [dataExplorer block](https://github.com/uc-cdis/cdis-manifest/blob/master/gen3.biodatacatalyst.nhlbi.nih.gov/portal/gitops.json#L212) is setup within the gitops.json file, referencing fields that have been pulled from postgres into the elasticsearch indices. + +## Extra Information + +Guppy relies on indices being created to run, if there are no indices created guppy will fail to start up. + +To create these indices you can run etl, however a valid ETL mapping file needs to be created and data needs to be submitted to the commons. + + +--- +# Hatchery + +## What Does it Do + +Hatchery is used to create workspaces. It contains information about workspaces images and resources set around those images to run. + +## How to Configure it + + +For a full set of configuration see the [helm README.md for hatchery](../helm/hatchery/README.md) or read the [values.yaml](../helm/hatchery/values.yaml) directly + + +``` +hatchery: + enabled: true + image: + repository: + tag: + + + # -- (map) Hatchery sidcar container configuration. + hatchery: + sidecarContainer: + cpu-limit: '0.1' + memory-limit: 256Mi + image: quay.io/cdis/ecs-ws-sidecar:master + + env: + NAMESPACE: "{{ .Release.Namespace }}" + HOSTNAME: "{{ .Values.global.hostname }}" + + args: [] + + command: + - "/bin/bash" + - "./sidecar.sh" + + lifecycle-pre-stop: + - su + - "-c" + - echo test + - "-s" + - "/bin/sh" + - root + + containers: + - target-port: 8888 + cpu-limit: '1.0' + memory-limit: 2Gi + name: "(Tutorials) Example Analysis Jupyter Lab Notebooks" + image: quay.io/cdis/heal-notebooks:combined_tutorials__latest + env: + FRAME_ANCESTORS: https://{{ .Values.global.hostname }} + args: + - "--NotebookApp.base_url=/lw-workspace/proxy/" + - "--NotebookApp.default_url=/lab" + - "--NotebookApp.password=''" + - "--NotebookApp.token=''" + - "--NotebookApp.shutdown_no_activity_timeout=5400" + - "--NotebookApp.quit_button=False" + command: + - start-notebook.sh + path-rewrite: "/lw-workspace/proxy/" + use-tls: 'false' + ready-probe: "/lw-workspace/proxy/" + lifecycle-post-start: + - "/bin/sh" + - "-c" + - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; + ln -s /data /home/$IAM/pd/; true + user-uid: 1000 + fs-gid: 100 + user-volume-location: "/home/jovyan/pd" + gen3-volume-location: "/home/jovyan/.gen3" +``` + + +## Extra Information + +--- + +# Indexd + +## What Does it Do + +Indexd is a core service of the commons. It is used to index files within the commons, to be used by fence to download data. + +## How to Configure it + +For a full set of configuration see the [helm README.md for indexd](../helm/indexd/README.md) or read the [values.yaml](../helm/indexd/values.yaml) directly + + +```yaml +indexd: + enabled: true + + image: + repository: + tag: + + # default prefix that gets added to all indexd records. + defaultPrefix: "TEST/" + + # Secrets for fence and sheepdog to use to authenticate with indexd. + # If left blank, will be autogenerated. + secrets: + userdb: + fence: + sheepdog: +``` + +## Extra Information + +Indexd is used to hold information regarding files in the commons. We can index any files we want, but should ensure that bucket in indexd are configured within fence, so that downloading the files will work. To index files We have a variety of tools. First, data upload will automatically create indexd records for files uploaded. If we want to index files from external buckets we can also use [indexd-utils](https://github.com/uc-cdis/indexd_utils), or if the commons has dirm setup, create a manifest and upload it to the /indexing endpoint of a commons. From there GUID's will be created and/or assigned to objects. You can view the information about the records by hitting the (commons url)/index/(GUID) endpoint. To test that the download works for these files you will want to hit the (commons url)/user/data/download/(GUID) endpoint, while ensuring you user has the proper access to the ACL/Authz assigned to the indexd record. + +# Manifestservice + +## What Does it Do + +The manifestservice is used by the workspaces to mount files to a workspace. Workspace pods get setup with a sidecar container which will mount files to the data directory. This is used so that users can access files directly on the worskpace container. The files pulled are defined by manifests, created through the export to workspace button in the explorer page. These manifests live in an s3 bucket which the manifestservice can query. + +## How to Configure it + + + +## Extra Information + +--- +# Metadata + +## What Does it Do + +The Metadata Service provides an API for retrieving JSON metadata of GUIDs. It is a flexible option for "semi-structured" data (key:value mappings). + +The GUID (the key) can be any string that is unique within the instance. The value is the metadata associated with the GUID, it’s a JSON blob whose structure is not enforced on the server side. + + + +## How to Configure it + + +``` +manifestservice: + enabled: true + + manifestserviceG3auto: + hostname: testinstall + # -- (string) Bucket for the manifestservice to read and write to. + bucketName: testbucket + # -- (string) Directory name to use within the s3 bucket. + prefix: test + # -- (string) AWS access key. + awsaccesskey: "" + # -- (string) AWS secret access key. + awssecretkey: "" +``` + +## Extra Information + + +--- +# Peregrine + +## What Does it Do + +The peregrine service is used to query data in postgres. It works similar to guppy, but relies on querying postgres directly. It will create the charts on the front page of the commons, as well as the /query endpoint of a commons. + +## How to Configure it + +To configure peregrine we require an entry in the versions block. It also requires a dictionary in the global block. + + +```yaml +``` + + +## Extra Information + + +--- + +# Portal + +## What Does it Do + +Portal is a core service that renders the complete commons webpage, it is the front end service. + +## How to Configure it + +To configure portal we require an entry in the versions block. The portal_app also needs to be defined in the global block. Gitops sets to use the files in the ~/cdis-manifest/(commons url)/ portal directory, dev is the common setup for development environments and [there are default gitops.json](https://github.com/uc-cdis/data-portal/tree/master/data/config) files for most commons that the portal app can be set to. + +```yaml +portal: + enabled: true + + gitops: + # -- (string) multiline string - gitops.json + json: | + {} + # -- (string) - favicon in base64 + favicon: "" + # -- (string) - multiline string - gitops.css + css: | + /* gitops default css */ + # -- (string) - logo in base64 + logo: "" + # -- (string) - createdby.png - base64 + createdby: "" + sponsors: +``` + + +To do this you can follow the example [here](https://github.com/uc-cdis/data-portal/blob/master/docs/portal_config.md). + +Portal can also be configured with different images and icons by updating the values, similar to [this](https://github.com/uc-cdis/cdis-manifest/tree/master/gen3.biodatacatalyst.nhlbi.nih.gov/portal). + +## Extra Information + +--- +# Revproxy + +## What Does it Do + +Revproxy is a core service to a commons which handles networking within the kuberentes cluster. + +## How to Configure it + + + +## Extra Information + +Revproxy is essentially an nginx container, which contains informtation about the endpoints within the cluster. There needs to be an endpoint setup for revproxy to be able to send traffic to it and start normally. Because we have many services that may or may not be setup, we only configure revproxy with the services that are deployed to a commons. The kube-setup-revproxy script will look at current deployments and add configuration files from [here](https://github.com/uc-cdis/cloud-automation/tree/master/kube/services/revproxy/gen3.nginx.conf) to the pod. So if a new service is added, you will need to run kube-setup-revproxy to setup the endpoint. + +--- + +# Sheepdog + +## What Does it Do + +Sheepdog is a core service that handles data submission. Data gets submitted to the commons, using the dictionary as a schema, which is reflected within the sheepdog database. + +## How to Configure it + + +## Extra Information + + + + +## Extra Information --> \ No newline at end of file diff --git a/docs/INGRESS.md b/docs/INGRESS.md new file mode 100644 index 00000000..c51f74d6 --- /dev/null +++ b/docs/INGRESS.md @@ -0,0 +1,35 @@ +# Ingress in Gen3 + +# Dev +if `global.dev` is set to true, a very basic ingress is created, that works out of the box with `traefik` service that is included in `Rancher-Desktop` + +# AWS + +if `global.aws.` is set to true, there is a special ingress resource that will be created, that has prepoulated annotations for the `alb-controller` to create an alb with similar settings as `cloud-automation`. + +# Custom Ingress + +There is a custom ingress that can be deployed and manipulated. This is a default helm ingress resource, and can be enabled using values like the ones below: + + +``` +revproxy: + ingress: + # Enable the custom ingress resource included by helm. Add any configurations as needed. + enabled: true + # Any annotations that needs to be passed to the ingress resource + annotations: + hosts: + # Replace with your hostname + - host: qureshi.planx-pla.net + paths: + - path: / + pathType: Prefix + tls: + # this is the secret generated by the cert and key from global.tls + # if you have your own secret, reference that. + - secretName: gen3-certs + hosts: + # Replace with your hostname + - qureshi.planx-pla.net +``` \ No newline at end of file diff --git a/docs/PREREQUISITES.md b/docs/PREREQUISITES.md new file mode 100644 index 00000000..bbdda80e --- /dev/null +++ b/docs/PREREQUISITES.md @@ -0,0 +1,96 @@ +# Pre-Requisites + +Before deploying the Gen3 application using Helm, ensure that the following prerequisites are met: + +- Kubernetes cluster with minimum version 1.21. We use [Amazon EKS](#) for our production deployments + +- + +- Postgres 13. + + - We use Amazon aurora serverless v2 for our production deployments. + - **Note:** Managing a database on Kubernetes can be a complex topic, and may result in data loss. We recommend using a managed database service outside of Kubernetes. In production, we use Amazon Aurora Serverless V2 or RDS for Postgres. + - It is possible for development purposes to run Postgres on kubernetes, if you set `global.dev=true` in your `Values.yaml` file, the postgres will be deployed. See [this document](docs/databases.md) for more information on running postgres on kubernetes + + + +- Elasticsearch version 6.8 + - **Note:** Managing elasticsearch on Kubernetes can be a complex topic, and may result in data loss. We recommend using a managed elasticsearch service outside of Kubernetes. In production, we use Amazon Opensearch service for Elasticsearch. + - We are working on supporting newer versions of elasticsearch in gen3, and should soon support ES7/8, but as of now we require version 6.8 + + + + +## Prerequisites + +### Kubernetes cluster +Any kubernetes cluster _should_ work. We are testing with EKS, AKS, GKE and Rancher Desktop. + +It is suggested to use [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your laptop, especially on M1 Mac's. You also get ingress and other benefits out of the box. + + +### Postgres + +We recommend managing postgres outside of Gen3 deployments, so your deployments are stateless, and the state of gen3 is managed outside of the helm deployments. This way you may upgrade, or take down the helm deployments, and can restore the state of your gen3 deployment. + +However, there is a possibility to run postgres on kubernetes, alongside gen3 for development purposes. + +To deploy `postgres` and `elasticsearch` that is bundled with gen3 helm charts set the `global.dev` to true. By default these will run with no persistence storage enabled, and are mostly for CI/Development environments. + +If you want to enable persistence for postgres add the following to your values.yaml file for the gen3 chart + +``` +postgresql: + primary: + persistence: + enabled: true +``` + +This will create a [PVC]() for the postgres container. Unfortunately, helm [does not delete PVC on uninstall](https://github.com/helm/helm/issues/5156), so if you enable persistence you might have to manually clean this up between installs by running the following command: + +```bash +kubectl delete pvc data--postgresql-0 +``` + + +**NOTE**: Gen3 will autogenerate the secrets for postgres if you delete and re-install, unless the credentials for each service are supplied via the values.yaml + +In cases where you are using persistent postgres, provide the postgres username and password explicitely using the values.yaml file, so the gen3 deployments will skip generating those credentials. + +Example: + +``` +arborist: + postgres: + dbCreate: true + username: gen3_arborist + password: + +(Repeat for all services) +``` + + + + + + +For a detailed description of each service and it's configuration options see [CONFIGURATION.md](./docs/CONFIGURATION.md) for more information. + + + +We need a postgres database. + +For development/CI clusters an instance of postgres is deployed and automatically configured for you. + +For production environments please provision postgres outside of helm, and fill out these values to provide a master password for postgres. + +``` +global: + postgres: + dbCreate: true + master: + host: insert.postgres.hostname.here + username: postgres + password: + port: "5432" +``` diff --git a/docs/PRODUCTION.md b/docs/PRODUCTION.md new file mode 100644 index 00000000..01b85073 --- /dev/null +++ b/docs/PRODUCTION.md @@ -0,0 +1,15 @@ +# Gen3 using helm in production + + +The postgres and helm charts are included as conditionals in the Gen3 [umbrella chart](https://helm.sh/docs/howto/charts_tips_and_tricks/#complex-charts-with-many-dependencies) + +``` +- name: elasticsearch + version: "0.1.3" + repository: "file://../elasticsearch" + condition: global.dev +- name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: global.dev + ``` diff --git a/docs/SECRETS.md b/docs/SECRETS.md new file mode 100644 index 00000000..1831d49c --- /dev/null +++ b/docs/SECRETS.md @@ -0,0 +1,2 @@ +# Gen3 Secrets +TBD \ No newline at end of file diff --git a/docs/databases.md b/docs/databases.md index 47d784cb..2a03ecba 100644 --- a/docs/databases.md +++ b/docs/databases.md @@ -1,21 +1,37 @@ # Databases in gen3 helm charts -This document will describe how databases are provisioned in gen3 when deploying with helm charts +This document will describe how databases are provisioned, and used in gen3 when deploying gen3 with helm charts. -## Database credentials -The detault behaviour of gen3 helm charts is to auto-generate database credentials and save them as kubernetes secrets. +We hihgly recommend the use of a managed postgres service such as AWS RDS/Aurora, or manage postgres outside of the helm deployment, when deploying gen3 to production environments. -Each service then consumes this same secret and mounts them as ENV vars to access databases. +The bundled version of postgres, that is used for development purposes, is deployed using this helm chart https://bitnami.com/stack/postgresql/helm -You can override this default behaviour by providing postgres credentials through Values.yaml files. +## Database credentials -If you are deploying a dev/CI environment, a postgres server is deployed alongside gen3, and that is used to hold databases for testing. +Every service that requires a postgres database, has the it's credentials stored in a kubernetes secret. + +Example (The secret values have been base64 decoded for documentation purposes): + +```yaml +kubectl get secret fence-dbcreds -o yaml +apiVersion: v1 +kind: Secret +data: + database: fence_gen3 # The default value of this is _ + dbcreated: true # This is updated by the dbCreate job, when a database is created, and configured. + host: gen3-postgresql # Default depends on whether or not `global.dev` is true or false. If it's true this will default to -postgresql. If this is a production deployment, it will look for either `global.postgres.master.host` or `postgres.host` in the Values.yaml + password: example_pass # If not explicitely provided via the values, this is auto-generated. + port: 5432 # Defaults to 5432, will read from `global.postgres.master.port` or `postgres.port` for ovverrides. + username: fence_gen3 # Defaults to _. Will look for overrides in `postgres.username`. +``` -For production deployments you need to provide the master credentials for a postgres server through these values. +Each service then consumes this same secret and mounts them as ENV vars to access databases. + +For production deployments you must at minimum provide the master credentials for a postgres server through these values. ``` global: postgres: - db_create: true + dbCreate: true master: host: insert.postgres.hostname.here username: postgres @@ -24,23 +40,20 @@ global: ``` -These values will then be used to provision databases for the environment. +These values can then be used to provision and configure databases for the gen3 environment. ## Automatic database creation through jobs -When deploying gen3 helm charts you need to specifiy a postgres server. For dev/CI environments an installation of postgres is included, and is not intended for use in production. - -We hihgly recommend the use of a managed postgres service such as RDS when deploying gen3 to cloud environments. -The dev/ci postgres is deployed using this helm chart https://bitnami.com/stack/postgresql/helm -If you set the `global.postgres.db_create` value to true, then a job is kicked off for each service that relies on postgres to provision databases. +If you set the `global.postgres.dbCreate` value to true, then a job is kicked off for each service that relies on postgres to provision databases. This will kick off a [database creation job](../helm/common/templates/_db_setup_job.tpl) + -## Database restoration. +## Database restoration. (BETA) There is a job to restore dummy data for Postgres and Elasticsearch to speed up setting up ephemeral enviornments for testing purposes, and to avoid running expensive ETL jobs in CI to have a fully featured gen3 environment In the future this job may be used to set up fully tested production environments, negating the need to run ETL in production, and have all your databases tested before doing a data-release. diff --git a/examples/aws_dev_values.yaml b/examples/aws_dev_values.yaml new file mode 100644 index 00000000..a579069c --- /dev/null +++ b/examples/aws_dev_values.yaml @@ -0,0 +1,61 @@ +global: + # Deploys aws specific ingress + aws: + enabled: true + environment: devplanetv2 + # Deploys elasticsearch and postgres in k8s + dev: true + # Replace with your dev environment url. + hostname: qureshi.planx-pla.net + # this is arn to a certificate in AWS that needs to match the hostname. + # This one is for *.planx-pla.net + revproxyArn: arn:aws:acm:us-east-1:707767160287:certificate/520ede2f-fc82-4bb9-af96-4b4af7deabbd + + +# configuration for fence helm chart. You can add it for all our services. +fence: + # Override image + image: + repository: quay.io/cdis/fence + tag: master + + # Fence config overrides + FENCE_CONFIG: + APP_NAME: 'Gen3 Data Commons' + # A URL-safe base64-encoded 32-byte key for encrypting keys in db + # in python you can use the following script to generate one: + # import base64 + # import os + # key = base64.urlsafe_b64encode(os.urandom(32)) + # print(key) + ENCRYPTION_KEY: REPLACEME + + DEBUG: True + OPENID_CONNECT: + google: + client_id: "" + client_secret: "" + + AWS_CREDENTIALS: + 'fence-bot': + aws_access_key_id: '' + aws_secret_access_key: '' + + S3_BUCKETS: + # Name of the actual s3 bucket + jq-helm-testing: + cred: 'fence-bot' + region: us-east-1 + + # This is important for data upload. + DATA_UPLOAD_BUCKET: 'jq-helm-testing' + + + +# -- (map) To configure postgresql subchart +# Persistence is disabled by default +postgresql: + primary: + persistence: + # -- (bool) Option to persist the dbs data. + enabled: true diff --git a/examples/gke_dev_values.yaml b/examples/gke_dev_values.yaml new file mode 100644 index 00000000..8011210c --- /dev/null +++ b/examples/gke_dev_values.yaml @@ -0,0 +1,69 @@ +global: + # to disable local es/postgre + dev: true + hostname: qureshi.planx-pla.net + tls: + cert: + key: + # Postgres instance that is managed outside of helm + postgres: + master: + host: "postgres-host-address" + username: "postgres" + password: "postgres-password" + + +# configuration for fence helm chart. You can add it for all our services. +fence: + # Fence config overrides + FENCE_CONFIG: + OPENID_CONNECT: + google: + client_id: "" + client_secret: "" + + AWS_CREDENTIALS: + 'fence-bot': + aws_access_key_id: '' + aws_secret_access_key: '' + + S3_BUCKETS: + # Name of the actual s3 bucket + jq-helm-testing: + cred: 'fence-bot' + region: us-east-1 + + # This is important for data upload. + DATA_UPLOAD_BUCKET: 'jq-helm-testing' + + + +revproxy: + ingress: + # Enable the default ingress included by helm. Add any configurations as needed. + enabled: true + hosts: + # Replace with your hostname + - host: qureshi.planx-pla.net + paths: + - path: / + pathType: Prefix + tls: + # this is the secret generated by the cert and key from global.tls + # if you have your own secret, reference that. + - secretName: gen3-certs + hosts: + # Replace with your hostname + - qureshi.planx-pla.net + + +# -- (map) To configure postgresql subchart +# Persistence is disabled by default +postgresql: + primary: + persistence: + # -- (bool) Option to persist the dbs data. + enabled: true + + +# Add configuration overrides for fence and other services below as needed \ No newline at end of file diff --git a/examples/gke_values.yaml b/examples/gke_values.yaml new file mode 100644 index 00000000..6e83543c --- /dev/null +++ b/examples/gke_values.yaml @@ -0,0 +1,84 @@ +global: + # to disable local es/postgre + dev: false + hostname: qureshi.planx-pla.net + esEndpoint: "" + tls: + cert: + key: + # Postgres instance that is managed outside of k8s + postgres: + master: + host: "postgres-host-address" + username: "postgres" + password: "postgres-password" + +# configuration for fence helm chart. You can add it for all our services. +fence: + # Override image + image: + repository: quay.io/cdis/fence + tag: master + + # Fence config overrides + FENCE_CONFIG: + APP_NAME: 'Gen3 Data Commons' + # A URL-safe base64-encoded 32-byte key for encrypting keys in db + # in python you can use the following script to generate one: + # import base64 + # import os + # key = base64.urlsafe_b64encode(os.urandom(32)) + # print(key) + ENCRYPTION_KEY: REPLACEME + + DEBUG: True + OPENID_CONNECT: + google: + client_id: "" + client_secret: "" + + AWS_CREDENTIALS: + 'fence-bot': + aws_access_key_id: '' + aws_secret_access_key: '' + + S3_BUCKETS: + # Name of the actual s3 bucket + jq-helm-testing: + cred: 'fence-bot' + region: us-east-1 + + # This is important for data upload. + DATA_UPLOAD_BUCKET: 'jq-helm-testing' + + + +# -- (map) To configure postgresql subchart +# Persistence is disabled by default +postgresql: + primary: + persistence: + # -- (bool) Option to persist the dbs data. + enabled: true + + +revproxy: + ingress: + # Enable the default ingress included by helm. Add any configurations as needed. + enabled: true + hosts: + # Replace with your hostname + - host: qureshi.planx-pla.net + paths: + - path: / + pathType: Prefix + tls: + # this is the secret generated by the cert and key from global.tls + # if you have your own secret, reference that. + - secretName: gen3-certs + hosts: + # Replace with your hostname + - qureshi.planx-pla.net + + +# Add configuration overrides for fence and other services below as needed \ No newline at end of file diff --git a/examples/local_dev_values.yaml b/examples/local_dev_values.yaml new file mode 100644 index 00000000..1250b2c5 --- /dev/null +++ b/examples/local_dev_values.yaml @@ -0,0 +1,36 @@ +global: + dev: true + hostname: localhost + +# configuration for fence helm chart. You can add it for all our services. +fence: + # Fence config overrides + FENCE_CONFIG: + OPENID_CONNECT: + google: + client_id: "" + client_secret: "" + + AWS_CREDENTIALS: + 'fence-bot': + aws_access_key_id: '' + aws_secret_access_key: '' + + S3_BUCKETS: + # Name of the actual s3 bucket + jq-helm-testing: + cred: 'fence-bot' + region: us-east-1 + + # This is important for data upload. + DATA_UPLOAD_BUCKET: 'jq-helm-testing' + + +portal: + image: + repository: quay.io/cdis/data-portal-prebuilt + tag: brh.data-commons.org-feat-pr_comment + resources: + requests: + cpu: 0.2 + memory: 500Mi \ No newline at end of file diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 66dc8a46..40487016 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 42c8393f..d5eae225 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index ec6683ca..8c813687 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -53,7 +53,11 @@ spec: {{- include "common.datadogEnvVar" . | nindent 10 }} {{- end }} - name: AMBASSADOR_NAMESPACE - value: {{ printf "%s-%s" .Values.userNamespace .Release.Name | quote }} + value: {{ if eq .Release.Namespace "default" -}} + {{- printf "%s" .Values.userNamespace | quote -}} + {{- else -}} + {{- printf "%s-%s" .Values.userNamespace .Release.Name | quote -}} + {{- end }} - name: AMBASSADOR_SINGLE_NAMESPACE value: "true" ports: diff --git a/helm/ambassador/templates/service.yaml b/helm/ambassador/templates/service.yaml index 082ddbfd..8fc57bfe 100644 --- a/helm/ambassador/templates/service.yaml +++ b/helm/ambassador/templates/service.yaml @@ -17,7 +17,7 @@ apiVersion: v1 kind: Service metadata: labels: - service: ambassador + app: ambassador name: ambassador-service spec: ports: @@ -25,4 +25,4 @@ spec: targetPort: 8080 name: proxy selector: - service: ambassador \ No newline at end of file + {{- include "ambassador.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 9e60e096..f4508e02 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index 20e26077..a8c03f3d 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -86,13 +86,13 @@ A Helm chart for Kubernetes | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | -| resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | +| resources | map | `{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":0.2,"memory":"120Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":1,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | | resources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | -| resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | -| resources.requests.cpu | string | `0.1` | The amount of CPU requested | -| resources.requests.memory | string | `"12Mi"` | The amount of memory requested | +| resources.requests | map | `{"cpu":0.2,"memory":"120Mi"}` | The amount of resources that the container requests | +| resources.requests.cpu | string | `0.2` | The amount of CPU requested | +| resources.requests.memory | string | `"120Mi"` | The amount of memory requested | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | server.AWS_CREDENTIALS | map | `{}` | AWS credentials to access SQS queue. | diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 6f39dbf5..c2cef92c 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -140,9 +140,9 @@ resources: # -- (map) The amount of resources that the container requests requests: # -- (string) The amount of CPU requested - cpu: 0.1 + cpu: 0.2 # -- (string) The amount of memory requested - memory: 12Mi + memory: 120Mi # -- (map) The maximum amount of resources that the container is allowed to use limits: # -- (string) The maximum amount of CPU the container can use diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 1d9afdd6..b26e34ce 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 3a88e3ee..cf587e7a 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -15,7 +15,7 @@ A Helm chart for gen3 Fence | Key | Type | Default | Description | |-----|------|---------|-------------| -| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":null,"ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":null,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":null,"INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","proxy_user":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Configuration settings for Fence app | +| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":"http://arborist-service","ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":false,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":"http://indexd-service","INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","proxy_user":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Configuration settings for Fence app | | FENCE_CONFIG.APP_NAME | string | `"Gen3 Data Commons"` | Name of the Fence app | | FENCE_CONFIG.AUTHLIB_INSECURE_TRANSPORT | bool | `true` | allow OIDC traffic on http for development. By default it requires https. WARNING: ONLY set to true when fence will be deployed in such a way that it will ONLY receive traffic from internal clients and can safely use HTTP. | | FENCE_CONFIG.CLIENT_ALLOWED_SCOPES | list | `["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | These are the *possible* scopes a client can be given, NOT scopes that are given to all clients. You can be more restrictive during client creation | @@ -88,9 +88,9 @@ A Helm chart for gen3 Fence | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"}]` | Environment variables to pass to the container | +| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -114,12 +114,13 @@ A Helm chart for gen3 Fence | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | -| initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the init container. | +| initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"FENCE_DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the init container. | | initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | | labels | map | `{"authprovider":"yes","netnolimit":"yes","public":"yes","userhelper":"yes"}` | Labels to add to the pod. | | labels.authprovider | string | `"yes"` | Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. | diff --git a/helm/fence/templates/_helpers.tpl b/helm/fence/templates/_helpers.tpl index 71ded456..f7011103 100644 --- a/helm/fence/templates/_helpers.tpl +++ b/helm/fence/templates/_helpers.tpl @@ -5,6 +5,24 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} + + +{{/* +a function to generate or get the jwt keys +*/}} + +{{- define "getOrCreatePrivateKey" -}} +{{- $secretName := "fence-jwt-keys" }} +{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{- if $existingSecret }} +{{- index $existingSecret.data "jwt_private_key.pem" }} +{{- else }} +{{- genPrivateKey "rsa" | b64enc }} +{{- end }} +{{- end -}} + + + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index f940689b..ebca5cbe 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -26,6 +26,7 @@ spec: {{- include "common.datadogLabels" . | nindent 8 }} {{- end }} spec: + enableServiceLinks: false serviceAccountName: {{ include "fence.serviceAccountName" . }} volumes: {{- toYaml .Values.volumes | nindent 8 }} diff --git a/helm/fence/templates/jwt-keys.yaml b/helm/fence/templates/jwt-keys.yaml index fca35e12..893a4488 100644 --- a/helm/fence/templates/jwt-keys.yaml +++ b/helm/fence/templates/jwt-keys.yaml @@ -4,4 +4,4 @@ metadata: name: fence-jwt-keys type: Opaque data: - jwt_private_key.pem: {{ genPrivateKey "rsa" | b64enc }} + jwt_private_key.pem: {{ include "getOrCreatePrivateKey" . }} diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 14affefc..e4bdf20c 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -42,6 +42,8 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -257,6 +259,11 @@ env: optional: false - name: DB value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) + - name: INDEXD_PASSWORD + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: fence # -- (list) Volumes to attach to the container. volumes: @@ -397,6 +404,8 @@ initEnv: optional: false - name: DB value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) + - name: FENCE_DB + value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: PYTHONPATH value: /var/www/fence - name: FENCE_PUBLIC_CONFIG @@ -1934,7 +1943,7 @@ FENCE_CONFIG: # url where indexd microservice is running (for signed urls primarily) # NOTE: Leaving as null will force fence to default to {{BASE_URL}}/index # example value: 'https://example.com/index' - INDEXD: null + INDEXD: http://indexd-service # this is the username which fence uses to make authenticated requests to indexd INDEXD_USERNAME: 'fence' @@ -1956,7 +1965,7 @@ FENCE_CONFIG: AZ_BLOB_CONTAINER_URL: 'https://myfakeblob.blob.core.windows.net/my-fake-container/' # url where authz microservice is running - ARBORIST: null + ARBORIST: http://arborist-service # url where the audit-service is running AUDIT_SERVICE: 'http://audit-service' @@ -2192,7 +2201,7 @@ FENCE_CONFIG: # None(Default): Allow per client i.e. a fence client can pick whether or not to sync their visas during login with parse_visas param in /authorization endpoint # True: Parse for all clients i.e. a fence client will always sync their visas during login # False: Parse for no clients i.e. a fence client will not be able to sync visas during login even with parse_visas param - GLOBAL_PARSE_VISAS_ON_LOGIN: + GLOBAL_PARSE_VISAS_ON_LOGIN: false # Settings for usersync with visas USERSYNC: sync_from_visas: false diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index b89cfabd..fbb579b3 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,7 +5,7 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.6" + version: "0.1.7" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist @@ -17,7 +17,7 @@ dependencies: repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.7" + version: "0.1.8" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy @@ -28,11 +28,11 @@ dependencies: version: "0.1.6" repository: file://../common - name: fence - version: "0.1.7" + version: "0.1.8" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.6" + version: "0.1.7" repository: "file://../guppy" condition: guppy.enabled - name: hatchery @@ -40,7 +40,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.8" + version: "0.1.9" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -60,7 +60,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.5" + version: "0.1.6" repository: "file://../portal" condition: portal.enabled - name: requestor @@ -68,11 +68,11 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.8" + version: "0.1.9" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.8" + version: "0.1.9" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher @@ -80,7 +80,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.1.8" + version: "0.1.9" repository: "file://../wts" condition: wts.enabled @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 53767823..9afd1c9d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,155 +18,177 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.6 | +| file://../ambassador | ambassador | 0.1.7 | | file://../arborist | arborist | 0.1.7 | | file://../argo-wrapper | argo-wrapper | 0.1.3 | -| file://../audit | audit | 0.1.7 | +| file://../audit | audit | 0.1.8 | | file://../aws-es-proxy | aws-es-proxy | 0.1.5 | | file://../common | common | 0.1.6 | | file://../elasticsearch | elasticsearch | 0.1.4 | -| file://../fence | fence | 0.1.7 | -| file://../guppy | guppy | 0.1.6 | +| file://../fence | fence | 0.1.8 | +| file://../guppy | guppy | 0.1.7 | | file://../hatchery | hatchery | 0.1.5 | -| file://../indexd | indexd | 0.1.8 | +| file://../indexd | indexd | 0.1.9 | | file://../manifestservice | manifestservice | 0.1.8 | | file://../metadata | metadata | 0.1.7 | | file://../peregrine | peregrine | 0.1.8 | | file://../pidgin | pidgin | 0.1.6 | -| file://../portal | portal | 0.1.5 | +| file://../portal | portal | 0.1.6 | | file://../requestor | requestor | 0.1.7 | -| file://../revproxy | revproxy | 0.1.8 | -| file://../sheepdog | sheepdog | 0.1.8 | +| file://../revproxy | revproxy | 0.1.9 | +| file://../sheepdog | sheepdog | 0.1.9 | | file://../ssjdispatcher | ssjdispatcher | 0.1.4 | -| file://../wts | wts | 0.1.8 | +| file://../wts | wts | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| ambassador | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for ambassador chart. | | ambassador.enabled | bool | `true` | Whether to deploy the ambassador subchart. | -| ambassador.image | map | `{"repository":null,"tag":null}` | Docker image information. | | ambassador.image.repository | string | `nil` | The Docker image repository for the ambassador service. | | ambassador.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| arborist | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for arborist chart. | | arborist.enabled | bool | `true` | Whether to deploy the arborist subchart. | | arborist.image | map | `{"repository":null,"tag":null}` | Docker image information. | | arborist.image.repository | string | `nil` | The Docker image repository for the arborist service. | | arborist.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| argo-wrapper | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for argo-wrapper chart. | | argo-wrapper.enabled | bool | `true` | Whether to deploy the argo-wrapper subchart. | | argo-wrapper.image | map | `{"repository":null,"tag":null}` | Docker image information. | | argo-wrapper.image.repository | string | `nil` | The Docker image repository for the argo-wrapper service. | | argo-wrapper.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| audit | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for audit chart. | | audit.enabled | bool | `true` | Whether to deploy the audit subchart. | | audit.image | map | `{"repository":null,"tag":null}` | Docker image information. | | audit.image.repository | string | `nil` | The Docker image repository for the audit service. | | audit.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| aws-es-proxy | map | `{"enabled":false}` | Configurations for aws-es-proxy chart. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | -| fence | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for fence chart. | +| aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | +| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | +| fence.FENCE_CONFIG | map | `nil` | Configuration settings for Fence app | +| fence.USER_YAML | string | `nil` | USER YAML. Passed in as a multiline string. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| global | map | `{"aws":{"account":{"aws_access_key_id":null,"aws_secret_access_key":null},"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","gcp":true,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | -| global.aws.account | map | `{"aws_access_key_id":null,"aws_secret_access_key":null}` | Credentials for AWS | -| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| gitops.createdby | string | `nil` | - createdby.png - base64 | +| gitops.css | string | `nil` | - multiline string - gitops.css | +| gitops.favicon | string | `nil` | - favicon in base64 | +| gitops.json | string | `nil` | multiline string - gitops.json | +| gitops.logo | string | `nil` | - logo in base64 | +| gitops.sponsors | string | `nil` | | +| global.aws | map | `{"enabled":false}` | AWS configuration | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | -| global.dev | bool | `true` | Whether the deployment is for development purposes. | +| global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | -| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.gcp | map | `true` | AWS configuration | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | -| global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | -| global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | -| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | -| global.postgres.dbCreate | bool | `true` | Whether the database should be created. | -| global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | -| global.postgres.master.host | string | `nil` | hostname of postgres server | -| global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | -| global.postgres.master.port | string | `"5432"` | Port for Postgres. | -| global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | +| global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | +| global.postgres.master.host | string | `nil` | global postgres master host | +| global.postgres.master.password | string | `nil` | global postgres master password | +| global.postgres.master.port | string | `"5432"` | global postgres master port | +| global.postgres.master.username | string | `"postgres"` | global postgres master username | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | -| guppy | map | `{"enabled":false,"image":{"repository":null,"tag":null}}` | Configurations for guppy chart. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | | guppy.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| hatchery | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for hatchery chart. | | hatchery.enabled | bool | `true` | Whether to deploy the hatchery subchart. | +| hatchery.hatchery.containers[0].args[0] | string | `"--NotebookApp.base_url=/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].args[1] | string | `"--NotebookApp.default_url=/lab"` | | +| hatchery.hatchery.containers[0].args[2] | string | `"--NotebookApp.password=''"` | | +| hatchery.hatchery.containers[0].args[3] | string | `"--NotebookApp.token=''"` | | +| hatchery.hatchery.containers[0].args[4] | string | `"--NotebookApp.shutdown_no_activity_timeout=5400"` | | +| hatchery.hatchery.containers[0].args[5] | string | `"--NotebookApp.quit_button=False"` | | +| hatchery.hatchery.containers[0].command[0] | string | `"start-notebook.sh"` | | +| hatchery.hatchery.containers[0].cpu-limit | string | `"1.0"` | cpu limit of workspace container | +| hatchery.hatchery.containers[0].env | object | `{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"}` | environment variables for workspace container | +| hatchery.hatchery.containers[0].fs-gid | int | `100` | | +| hatchery.hatchery.containers[0].gen3-volume-location | string | `"/home/jovyan/.gen3"` | | +| hatchery.hatchery.containers[0].image | string | `"quay.io/cdis/heal-notebooks:combined_tutorials__latest"` | docker image for workspace | +| hatchery.hatchery.containers[0].lifecycle-post-start[0] | string | `"/bin/sh"` | | +| hatchery.hatchery.containers[0].lifecycle-post-start[1] | string | `"-c"` | | +| hatchery.hatchery.containers[0].lifecycle-post-start[2] | string | `"export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"` | | +| hatchery.hatchery.containers[0].memory-limit | string | `"2Gi"` | memory limit of workspace container | +| hatchery.hatchery.containers[0].name | string | `"(Tutorials) Example Analysis Jupyter Lab Notebooks"` | name of workspace | +| hatchery.hatchery.containers[0].path-rewrite | string | `"/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].ready-probe | string | `"/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].target-port | int | `8888` | port to proxy traffic to in docker contaniner | +| hatchery.hatchery.containers[0].use-tls | string | `"false"` | | +| hatchery.hatchery.containers[0].user-uid | int | `1000` | | +| hatchery.hatchery.containers[0].user-volume-location | string | `"/home/jovyan/pd"` | | +| hatchery.hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | +| hatchery.hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | +| hatchery.hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | +| hatchery.hatchery.sidecarContainer.env | map | `{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"}` | Environment variables to pass to the sidecar container | +| hatchery.hatchery.sidecarContainer.image | string | `"quay.io/cdis/ecs-ws-sidecar:master"` | The sidecar image. | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[0] | string | `"su"` | | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[1] | string | `"-c"` | | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[2] | string | `"echo test"` | | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[3] | string | `"-s"` | | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[4] | string | `"/bin/sh"` | | +| hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[5] | string | `"root"` | | +| hatchery.hatchery.sidecarContainer.memory-limit | string | `"256Mi"` | The maximum amount of memory the sidecar container can use | | hatchery.image | map | `{"repository":null,"tag":null}` | Docker image information. | | hatchery.image.repository | string | `nil` | The Docker image repository for the hatchery service. | | hatchery.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| indexd | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for indexd chart. | +| indexd.defaultPrefix | string | `"PREFIX/"` | the default prefix for indexd records | | indexd.enabled | bool | `true` | Whether to deploy the indexd subchart. | | indexd.image | map | `{"repository":null,"tag":null}` | Docker image information. | | indexd.image.repository | string | `nil` | The Docker image repository for the indexd service. | | indexd.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| manifestservice | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for manifest service chart. | | manifestservice.enabled | bool | `true` | Whether to deploy the manifest service subchart. | | manifestservice.image | map | `{"repository":null,"tag":null}` | Docker image information. | | manifestservice.image.repository | string | `nil` | The Docker image repository for the manifest service service. | | manifestservice.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| metadata | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for metadata chart. | | metadata.enabled | bool | `true` | Whether to deploy the metadata subchart. | | metadata.image | map | `{"repository":null,"tag":null}` | Docker image information. | | metadata.image.repository | string | `nil` | The Docker image repository for the metadata service. | | metadata.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| peregrine | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for peregrine chart. | | peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | | peregrine.image | map | `{"repository":null,"tag":null}` | Docker image information. | | peregrine.image.repository | string | `nil` | The Docker image repository for the peregrine service. | | peregrine.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| pidgin | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for pidgin chart. | | pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | | pidgin.image | map | `{"repository":null,"tag":null}` | Docker image information. | | pidgin.image.repository | string | `nil` | The Docker image repository for the pidgin service. | | pidgin.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| portal | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for portal chart. | | portal.enabled | bool | `true` | Whether to deploy the portal subchart. | | portal.image | map | `{"repository":null,"tag":null}` | Docker image information. | | portal.image.repository | string | `nil` | The Docker image repository for the portal service. | | portal.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | To configure postgresql subchart Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | -| requestor | map | `{"enabled":false,"image":{"repository":null,"tag":null}}` | Configurations for requestor chart. | | requestor.enabled | bool | `false` | Whether to deploy the requestor subchart. | | requestor.image | map | `{"repository":null,"tag":null}` | Docker image information. | | requestor.image.repository | string | `nil` | The Docker image repository for the requestor service. | | requestor.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| revproxy | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for revproxy chart. | | revproxy.enabled | bool | `true` | Whether to deploy the revproxy subchart. | | revproxy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | revproxy.image.repository | string | `nil` | The Docker image repository for the revproxy service. | | revproxy.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| revproxy.ingress.annotations | map | `{}` | Annotations to add to the ingress. | +| revproxy.ingress.className | string | `""` | The ingress class name. | +| revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | +| revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | +| revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | | secrets | map | `{"awsAccessKeyId":"test","awsSecretAccessKey":"test"}` | AWS credentials to access the db restore job S3 bucket | | secrets.awsAccessKeyId | string | `"test"` | AWS access key. | | secrets.awsSecretAccessKey | string | `"test"` | AWS secret access key. | -| sheepdog | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for sheepdog chart. | | sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | | sheepdog.image | map | `{"repository":null,"tag":null}` | Docker image information. | | sheepdog.image.repository | string | `nil` | The Docker image repository for the sheepdog service. | | sheepdog.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| ssjdispatcher | map | `{"enabled":false,"image":{"repository":null,"tag":null}}` | Configurations for ssjdispatcher chart. | | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | ssjdispatcher.image | map | `{"repository":null,"tag":null}` | Docker image information. | | ssjdispatcher.image.repository | string | `nil` | The Docker image repository for the ssjdispatcher service. | | ssjdispatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| tags.dev | bool | `false` | | -| wts | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for wts chart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | | wts.image | map | `{"repository":null,"tag":null}` | Docker image information. | | wts.image.repository | string | `nil` | The Docker image repository for the wts service. | diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index bdc3950e..f033b81e 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -14,6 +14,7 @@ data: "useryaml_s3path": {{ .Values.global.userYamlS3Path | quote }} "public_datasets": {{ .Values.global.publicDataSets | quote }} "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} + "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} "netpolicy": {{ .Values.global.netPolicy | quote }} "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} "dd_enabled": {{ .Values.global.ddEnabled | quote }} diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 4be19977..a451aff5 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -2,38 +2,33 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. global: # -- (map) AWS configuration - gcp: true - tls: - cert: - key: aws: - # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. enabled: false - # -- (map) Credentials for AWS - account: - # Prep move of these keys here. - aws_access_key_id: - aws_secret_access_key: - # -- (bool) Whether the deployment is for development purposes. + # # -- (map) Credentials for AWS + # account: + # # Prep move of these keys here. + # aws_access_key_id: + # aws_secret_access_key: + + # -- (bool) Deploys postgres/elasticsearch for dev dev: true - # -- (map) Postgres database configuration. postgres: - # -- (bool) Whether the database should be created. + # -- (bool) Whether the database create job should run. dbCreate: true - # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: - # -- (string) hostname of postgres server - host: - # -- (string) username of superuser in postgres. This is used to create or restore databases + # -- global postgres master username username: postgres - # -- (string) password for superuser in postgres. This is used to create or restore databases + # -- global postgres master password password: - # -- (string) Port for Postgres. + # -- global postgres master host + host: + # -- global postgres master port port: "5432" - # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + # -- (string) Environment name. + # This should be the same as vpcname if you're doing an AWS deployment. + # Currently this is being used to share ALB's if you have multiple namespaces in same cluster. environment: default # -- (string) Hostname for the deployment. hostname: localhost @@ -43,10 +38,6 @@ global: dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json # -- (string) Portal application name. portalApp: gitops - # -- (string) S3 bucket name for Kubernetes manifest files. - kubeBucket: kube-gen3 - # -- (string) S3 bucket name for log files. - logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false # -- (string) Path to the user.yaml file in S3. @@ -55,36 +46,27 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false - # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. - pdb: false - # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. - minAvialable: 1 - -tags: - # controls whether or not to deploy postgres/ elasticsearch as local services. - dev: false # Dependancy Charts -# -- (map) Configurations for ambassador chart. ambassador: # -- (bool) Whether to deploy the ambassador subchart. enabled: true - # -- (map) Docker image information. image: # -- (string) The Docker image repository for the ambassador service. repository: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for arborist chart. arborist: # -- (bool) Whether to deploy the arborist subchart. enabled: true @@ -95,7 +77,6 @@ arborist: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for argo-wrapper chart. argo-wrapper: # -- (bool) Whether to deploy the argo-wrapper subchart. enabled: true @@ -106,7 +87,6 @@ argo-wrapper: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for audit chart. audit: # -- (bool) Whether to deploy the audit subchart. enabled: true @@ -117,12 +97,18 @@ audit: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for aws-es-proxy chart. + aws-es-proxy: # -- (bool) Whether to deploy the aws-es-proxy subchart. enabled: false + # -- (str) Elasticsearch endpoint in AWS + esEndpoint: test.us-east-1.es.amazonaws.com + secrets: + # -- (str) AWS access key ID for aws-es-proxy + awsAccessKeyId: "" + # -- (str) AWS secret access key for aws-es-proxy + awsSecretAccessKey: "" -# -- (map) Configurations for fence chart. fence: # -- (bool) Whether to deploy the fence subchart. enabled: true @@ -132,8 +118,11 @@ fence: repository: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: + # -- (map) Configuration settings for Fence app + FENCE_CONFIG: + # -- (string) USER YAML. Passed in as a multiline string. + USER_YAML: -# -- (map) Configurations for guppy chart. guppy: # -- (bool) Whether to deploy the guppy subchart. enabled: false @@ -144,7 +133,6 @@ guppy: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for hatchery chart. hatchery: # -- (bool) Whether to deploy the hatchery subchart. enabled: true @@ -155,7 +143,69 @@ hatchery: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for indexd chart. + hatchery: + sidecarContainer: + # -- (string) The maximum amount of CPU the sidecar container can use + cpu-limit: '0.1' + # -- (string) The maximum amount of memory the sidecar container can use + memory-limit: 256Mi + # -- (string) The sidecar image. + image: quay.io/cdis/ecs-ws-sidecar:master + # -- (map) Environment variables to pass to the sidecar container + env: + NAMESPACE: "{{ .Release.Namespace }}" + HOSTNAME: "{{ .Values.global.hostname }}" + # -- (list) Arguments to pass to the sidecare container. + args: [] + # -- (list) Commands to run for the sidecar container. + command: + - "/bin/bash" + - "./sidecar.sh" + lifecycle-pre-stop: + - su + - "-c" + - echo test + - "-s" + - "/bin/sh" + - root + containers: + - + # -- (int) port to proxy traffic to in docker contaniner + target-port: 8888 + # -- (string) cpu limit of workspace container + cpu-limit: '1.0' + # -- (string) memory limit of workspace container + memory-limit: 2Gi + # -- (string) name of workspace + name: "(Tutorials) Example Analysis Jupyter Lab Notebooks" + # -- (string) docker image for workspace + image: quay.io/cdis/heal-notebooks:combined_tutorials__latest + # -- environment variables for workspace container + env: + FRAME_ANCESTORS: https://{{ .Values.global.hostname }} + args: + - "--NotebookApp.base_url=/lw-workspace/proxy/" + - "--NotebookApp.default_url=/lab" + - "--NotebookApp.password=''" + - "--NotebookApp.token=''" + - "--NotebookApp.shutdown_no_activity_timeout=5400" + - "--NotebookApp.quit_button=False" + command: + - start-notebook.sh + path-rewrite: "/lw-workspace/proxy/" + use-tls: 'false' + ready-probe: "/lw-workspace/proxy/" + lifecycle-post-start: + - "/bin/sh" + - "-c" + - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; + ln -s /data /home/$IAM/pd/; true + user-uid: 1000 + fs-gid: 100 + user-volume-location: "/home/jovyan/pd" + gen3-volume-location: "/home/jovyan/.gen3" + + indexd: # -- (bool) Whether to deploy the indexd subchart. enabled: true @@ -165,8 +215,10 @@ indexd: repository: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: + # -- (string) the default prefix for indexd records + defaultPrefix: "PREFIX/" + -# -- (map) Configurations for manifest service chart. manifestservice: # -- (bool) Whether to deploy the manifest service subchart. enabled: true @@ -177,7 +229,6 @@ manifestservice: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for metadata chart. metadata: # -- (bool) Whether to deploy the metadata subchart. enabled: true @@ -188,7 +239,6 @@ metadata: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for peregrine chart. peregrine: # -- (bool) Whether to deploy the peregrine subchart. enabled: true @@ -199,7 +249,6 @@ peregrine: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for pidgin chart. pidgin: # -- (bool) Whether to deploy the pidgin subchart. enabled: true @@ -210,7 +259,6 @@ pidgin: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for portal chart. portal: # -- (bool) Whether to deploy the portal subchart. enabled: true @@ -220,8 +268,21 @@ portal: repository: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: + # -- (map) GitOps configuration for portal +gitops: + # -- (string) multiline string - gitops.json + json: + # -- (string) - favicon in base64 + favicon: + # -- (string) - multiline string - gitops.css + css: + # -- (string) - logo in base64 + logo: + # -- (string) - createdby.png - base64 + createdby: + sponsors: + -# -- (map) Configurations for requestor chart. requestor: # -- (bool) Whether to deploy the requestor subchart. enabled: false @@ -232,7 +293,6 @@ requestor: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for revproxy chart. revproxy: # -- (bool) Whether to deploy the revproxy subchart. enabled: true @@ -243,7 +303,21 @@ revproxy: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for sheepdog chart. + ingress: + # -- (bool) Whether to create the custom revproxy ingress + enabled: false + # -- (string) The ingress class name. + className: "" + # -- (map) Annotations to add to the ingress. + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # -- (list) Where to route the traffic. + hosts: + - host: chart-example.local + # -- (list) To secure an Ingress by specifying a secret that contains a TLS private key and certificate. + tls: [] + sheepdog: # -- (bool) Whether to deploy the sheepdog subchart. enabled: true @@ -254,7 +328,6 @@ sheepdog: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for ssjdispatcher chart. ssjdispatcher: # -- (bool) Whether to deploy the ssjdispatcher subchart. enabled: false @@ -265,7 +338,7 @@ ssjdispatcher: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) Configurations for wts chart. + wts: # -- (bool) Whether to deploy the wts subchart. enabled: true @@ -283,7 +356,6 @@ secrets: # -- (string) AWS secret access key. awsSecretAccessKey: test -# -- (map) To configure postgresql subchart # Disable persistence by default so we can spin up and down ephemeral environments postgresql: primary: diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index a2e4a2d4..9c6e2d3e 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 8967c662..efbf2bca 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -40,7 +40,7 @@ A Helm chart for gen3 Guppy Service | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -68,6 +68,7 @@ A Helm chart for gen3 Guppy Service | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | @@ -95,8 +96,6 @@ A Helm chart for gen3 Guppy Service | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | -| tierAccessLevel | string | `"regular"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | diff --git a/helm/guppy/templates/_helpers.tpl b/helm/guppy/templates/_helpers.tpl index 07a93c57..751dc6a7 100644 --- a/helm/guppy/templates/_helpers.tpl +++ b/helm/guppy/templates/_helpers.tpl @@ -66,14 +66,3 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} - -{{/* -Define tierAccessLevel -*/}} -{{- define "guppy.tierAccessLevel" -}} -{{- if .Values.global }} -{{- .Values.global.tierAccessLevel }} -{{- else}} -{{- .Values.tierAccessLevel }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index b811aad9..ebb8bcac 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -71,11 +71,9 @@ spec: value: {{ . }} {{- end }} - name: TIER_ACCESS_LEVEL - value: {{ include "guppy.tierAccessLevel" . }} - {{- with .Values.tierAccessLimit }} + value: {{ .Values.global.tierAccessLevel }} - name: TIER_ACCESS_LIMIT - value: {{ . | quote }} - {{- end }} + value: {{ .Values.global.tierAccessLimit }} {{- with .Values.volumeMounts }} diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index ba984f62..342d0467 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -50,6 +50,8 @@ global: publicDataSets: true # -- (string) Access level for tiers. tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -146,10 +148,6 @@ image: esEndpoint: "" # -- (string) Arborist service URL. arboristUrl: http://arborist-service -# -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` -tierAccessLevel: regular -# -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. -tierAccessLimit: 1000 # -- (list) Volumes to mount to the container. volumeMounts: diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 3e50dfe3..dd60065f 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 35ac634b..532a8b64 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -25,9 +25,10 @@ A Helm chart for gen3 indexd | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -55,6 +56,7 @@ A Helm chart for gen3 indexd | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | @@ -85,7 +87,7 @@ A Helm chart for gen3 indexd | resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | -| secrets | map | `{"userdb":{"fence":"test","gateway":null,"gdcapi":null}}` | Values for indexd secret. | +| secrets | map | `{"userdb":{"fence":null,"sheepdog":null}}` | Values for indexd secret. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | @@ -98,7 +100,7 @@ A Helm chart for gen3 indexd | tolerations | list | `[]` | Tolerations for the pods | | uwsgi | map | `{"listen":1024}` | Values for overriding uwsgi settings | | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | -| volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}},{"name":"creds-volume","secret":{"secretName":"indexd-creds"}}]` | Volumes to attach to the pod | +| volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/indexd-settings/local_settings.py b/helm/indexd/indexd-settings/local_settings.py index cc30e482..42d74247 100644 --- a/helm/indexd/indexd-settings/local_settings.py +++ b/helm/indexd/indexd-settings/local_settings.py @@ -17,7 +17,7 @@ # TODO: FIX THIS TO READ FROM ENV VARS index_config = { - "DEFAULT_PREFIX": environ.get("DEFAULT_PREFIX", "testprefix"), + "DEFAULT_PREFIX": environ.get("DEFAULT_PREFIX", "testprefix/"), "PREPEND_PREFIX": environ.get("PREPEND_PREFIX", True), } diff --git a/helm/indexd/templates/_helpers.tpl b/helm/indexd/templates/_helpers.tpl index 301661dc..0f83473c 100644 --- a/helm/indexd/templates/_helpers.tpl +++ b/helm/indexd/templates/_helpers.tpl @@ -81,9 +81,6 @@ Create the name of the service account to use {{- end }} -# fence: {{ default (randAlphaNum 32) .Values.secrets.userdb.fence | quote }}, -# gdcapi: {{ default (randAlphaNum 32) .Values.secrets.userdb.gdcapi | quote }}, -# gateway: {{ default (randAlphaNum 32) .Values.secrets.userdb.gateway | quote }} {{/* Indexd Fence Creds diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index 6189e84b..497d4f45 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -77,6 +77,8 @@ spec: name: indexd-dbcreds key: dbcreated optional: false + - name: DEFAULT_PREFIX + value: {{ .Values.defaultPrefix }} {{- toYaml .Values.env | nindent 12 }} volumeMounts: - name: "uwsgi-config" diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index 391e9383..7c7ca648 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -8,31 +8,9 @@ data: --- apiVersion: v1 kind: Secret -metadata: - name: indexd-creds -type: Opaque -stringData: - creds.json: |- - { - "db_host": "{{ include "gen3.service-postgres" (dict "key" "host" "service" $.Chart.Name "context" $) }}", - "db_username": "{{include "gen3.service-postgres" (dict "key" "username" "service" $.Chart.Name "context" $) }}", - "db_password": "{{include "gen3.service-postgres" (dict "key" "password" "service" $.Chart.Name "context" $) }}", - "db_database": "{{ include "gen3.service-postgres" (dict "key" "database" "service" $.Chart.Name "context" $)}}", - "user_db": { - "fence": {{ include "indexd-fence-creds" . | quote }}, - "gdcapi": {{ include "indexd-sheepdog-creds" . | quote }}, - "gateway": {{ include "indexd-gateway-creds" . | quote }} - } - } ---- -apiVersion: v1 -kind: Secret metadata: name: indexd-service-creds type: Opaque -stringData: +data: fence: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.fence "indexd-service-creds" "fence" 20 .Release.Namespace) }} - gdcapi: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.gdcapi "indexd-service-creds" "gdcapi" 20 .Release.Namespace) }} - gateway: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.gateway "indexd-service-creds" "gateway" 20 .Release.Namespace) }} - - + sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} diff --git a/helm/indexd/templates/pre-install.yaml b/helm/indexd/templates/pre-install.yaml index bd3b7b1e..a6f6cd9f 100644 --- a/helm/indexd/templates/pre-install.yaml +++ b/helm/indexd/templates/pre-install.yaml @@ -19,6 +19,11 @@ spec: volumes: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + - name: wait-for-indexd + image: curlimages/curl:latest + command: ["/bin/sh","-c"] + args: ["while [ $(curl -sw '%{http_code}' http://indexd-service/index -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for indexd...'; done"] containers: - name: indexd image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -68,7 +73,7 @@ spec: valueFrom: secretKeyRef: name: indexd-service-creds - key: fence + key: sheepdog optional: false imagePullPolicy: Always command: ["/bin/bash" ] diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 7ddeccfb..90bec19d 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -50,6 +50,8 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -185,9 +187,6 @@ volumes: - name: config-volume secret: secretName: "indexd-settings" -- name: creds-volume - secret: - secretName: "indexd-creds" # -- (list) Volumes to mount to the container. volumeMounts: @@ -206,14 +205,17 @@ env: # -- (map) Values for indexd secret. secrets: userdb: - fence: test - gdcapi: - gateway: + fence: + sheepdog: + # gateway: # -- (map) Values for overriding uwsgi settings uwsgi: listen: 1024 +# -- (string) default prefix for indexd +defaultPrefix: "PREFIX/" + # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 1bf879c0..2843e3c7 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 91a5cd5e..5a0f0455 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -39,7 +39,7 @@ A Helm chart for gen3 data-portal | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | | gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -67,6 +67,7 @@ A Helm chart for gen3 data-portal | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | @@ -78,7 +79,6 @@ A Helm chart for gen3 data-portal | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context to apply to the pod | -| portalApp | string | `"gitops"` | | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"memory":"4096Mi"},"requests":{"cpu":2,"memory":"4096Mi"}}` | Resource requests and limits for the containers in the pod | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 08bb11bc..395fbcf5 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -82,7 +82,7 @@ spec: - name: NODE_ENV value: "dev" - name: APP - value: {{ .Values.portalApp | quote }} + value: {{ .Values.global.portalApp | quote }} - name: GEN3_BUNDLE # optional: true value: "" @@ -102,12 +102,8 @@ spec: valueFrom: configMapKeyRef: name: manifest-global - # acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` key: tier_access_level - # for now making it optional so won't break anything optional: true -#needed to be adjusted to use the gen3 umbrella chart or local var ^ -#adding a var in helpers.tpl for later- Elise - name: TIER_ACCESS_LIMIT valueFrom: configMapKeyRef: diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 0abea50e..bec889a1 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -49,6 +49,8 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -200,8 +202,6 @@ datadogProfilingEnabled: true # -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. datadogTraceSampleRate: 1 -portalApp: "gitops" - # -- (map) GitOps configuration for portal gitops: # -- (string) multiline string - gitops.json diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 61f025e5..f9dcd9d0 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index c2a9c59c..972169ae 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -26,7 +26,7 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -54,17 +54,18 @@ A Helm chart for gen3 revproxy | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | | image.tag | string | `"stable-perl"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | -| ingress | map | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Configuration for revproxy ingress. | +| ingress | map | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}],"tls":[]}` | Configuration for revproxy ingress. | | ingress.annotations | map | `{}` | Annotations to add to the ingress. | | ingress.className | string | `""` | The ingress class name. | | ingress.enabled | bool | `false` | Whether to create the ingress | -| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]` | Where to route the traffic. | +| ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}]` | Where to route the traffic. | | ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | diff --git a/helm/revproxy/logrotate-nginx.conf b/helm/revproxy/logrotate-nginx.conf deleted file mode 100644 index fc6b7e3c..00000000 --- a/helm/revproxy/logrotate-nginx.conf +++ /dev/null @@ -1,9 +0,0 @@ -# nginx log rotation -/var/log/nginx { - weekly - size 10M - postrotate - [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` - endscript - rotate 5 -} diff --git a/helm/revproxy/templates/ingress.yaml b/helm/revproxy/templates/ingress_aws.yaml similarity index 79% rename from helm/revproxy/templates/ingress.yaml rename to helm/revproxy/templates/ingress_aws.yaml index d67032eb..7b0760c3 100644 --- a/helm/revproxy/templates/ingress.yaml +++ b/helm/revproxy/templates/ingress_aws.yaml @@ -1,24 +1,17 @@ +{{- if .Values.global.aws.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: revproxy + name: revproxy-alb annotations: - {{- if .Values.global.aws.enabled }} alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/tags: Environment={{ .Values.global.environment }} alb.ingress.kubernetes.io/certificate-arn: {{ .Values.global.revproxyArn }} alb.ingress.kubernetes.io/group.name: {{ .Values.global.environment }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - {{- end }} spec: - {{- if .Values.global.aws.enabled }} ingressClassName: alb - {{- end }} - {{- if .Values.global.dev }} - tls: - - secretName: gen3-certs - {{- end }} rules: - host: {{ default .Values.global.hostname .Values.hostname }} http: @@ -29,4 +22,5 @@ spec: service: name: revproxy-service port: - number: 80 \ No newline at end of file + number: 80 +{{- end }} \ No newline at end of file diff --git a/helm/revproxy/templates/ingress_default.yaml b/helm/revproxy/templates/ingress_default.yaml new file mode 100644 index 00000000..18efa92a --- /dev/null +++ b/helm/revproxy/templates/ingress_default.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "revproxy.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "revproxy.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: revproxy-service + port: + number: {{ $svcPort }} + {{- else }} + serviceName: revproxy-service + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/revproxy/templates/ingress_dev.yaml b/helm/revproxy/templates/ingress_dev.yaml new file mode 100644 index 00000000..df2ea60c --- /dev/null +++ b/helm/revproxy/templates/ingress_dev.yaml @@ -0,0 +1,22 @@ +{{- if and (eq .Values.global.dev true) (eq .Values.global.aws.enabled false) }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: revproxy-dev +spec: +{{- if .Values.global.dev }} + tls: + - secretName: gen3-certs + {{- end }} + rules: + - host: {{ default .Values.global.hostname .Values.hostname }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: revproxy-service + port: + number: 80 + {{- end }} diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index da86b622..b5ac00ee 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -53,6 +53,8 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: 1000 # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -150,7 +152,7 @@ ingress: - host: chart-example.local paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix # -- (list) To secure an Ingress by specifying a secret that contains a TLS private key and certificate. tls: [] # - secretName: chart-example-tls diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 33ba0a34..259ad8b7 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 22605c5f..2ece21ae 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sheepdog/sheepdog-secret/wsgi.py b/helm/sheepdog/sheepdog-secret/wsgi.py index 2d5b5637..2818d169 100644 --- a/helm/sheepdog/sheepdog-secret/wsgi.py +++ b/helm/sheepdog/sheepdog-secret/wsgi.py @@ -18,7 +18,7 @@ config['INDEX_CLIENT'] = { 'host': environ.get('INDEX_CLIENT_HOST') or 'http://indexd-service', 'version': 'v0', - 'auth': (environ.get( "INDEXD_USER", 'gdcapi'), environ.get( "INDEXD_PASS") ), + 'auth': (environ.get( "INDEXD_USER", 'sheepdog'), environ.get( "INDEXD_PASS") ), } config["PSQLGRAPH"] = { diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index 1ecf872e..d56beb93 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -200,7 +200,7 @@ spec: valueFrom: secretKeyRef: name: indexd-service-creds - key: gdcapi + key: sheepdog optional: false - name: GEN3_UWSGI_TIMEOUT value: "600" diff --git a/helm/sower/.helmignore b/helm/sower/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/sower/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml new file mode 100644 index 00000000..9344740d --- /dev/null +++ b/helm/sower/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: sower +description: A Helm chart for gen3 sower + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.3 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "master" + +dependencies: +- name: common + version: 0.1.6 + repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md new file mode 100644 index 00000000..9e768929 --- /dev/null +++ b/helm/sower/README.md @@ -0,0 +1,110 @@ +# sower + +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) + +A Helm chart for gen3 sower + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../common | common | 0.1.6 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["sower"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["sower"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0] | int | `{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["sower"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}` | Weight value for preferred scheduling. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0] | list | `{"key":"app","operator":"In","values":["sower"]}` | Label key for match expression. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator | string | `"In"` | Operation type for the match expression. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["sower"]` | Value for the match expression key. | +| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | +| automountServiceAccountToken | bool | `true` | Automount the default service account token | +| autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | +| autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | +| autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | +| autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | +| awsRegion | string | `"us-east-1"` | AWS region to be used. | +| awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. | +| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | +| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| fullnameOverride | string | `""` | Override the full name of the deployment. | +| gen3Namespace | string | `"default"` | Namespace to deploy the job. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.dev | bool | `true` | Whether the deployment is for development purposes. | +| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | +| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.hostname | string | `"localhost"` | Hostname for the deployment. | +| global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | +| global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | +| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.portalApp | string | `"gitops"` | Portal application name. | +| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | +| global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | +| global.postgres.master.host | string | `nil` | hostname of postgres server | +| global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | +| global.postgres.master.port | string | `"5432"` | Port for Postgres. | +| global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | +| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | +| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | +| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | +| image.pullPolicy | string | `"Always"` | Docker pull policy. | +| image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Docker image pull secrets. | +| nameOverride | string | `""` | Override the name of the chart. | +| nodeSelector | map | `{}` | Node Selector for the pods | +| partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | +| pelican.bucket | string | `""` | The bucket for pelican exports | +| pelican.image.pullPolicy | string | `"Always"` | Docker pull policy. | +| pelican.image.repository | string | `"quay.io/cdis/pelican-export"` | Docker repository. | +| pelican.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| pelican.resources | map | `{"limits":{"cpu":1,"memory":"12Gi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | Resource requests and limits for the containers in the pod | +| pelican.resources.limits | map | `{"cpu":1,"memory":"12Gi"}` | The maximum amount of resources that the container is allowed to use | +| pelican.resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | +| pelican.resources.limits.memory | string | `"12Gi"` | The maximum amount of memory the container can use | +| pelican.resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | +| pelican.resources.requests.cpu | string | `"100m"` | The amount of CPU requested | +| pelican.resources.requests.memory | string | `"20Mi"` | The amount of memory requested | +| podSecurityContext | map | `{"fsGroup":1000,"runAsUser":1000}` | Security context to apply to the pod | +| podSecurityContext.fsGroup | int | `1000` | Group that Kubernetes will change the permissions of all files in volumes to when volumes are mounted by a pod. | +| podSecurityContext.runAsUser | int | `1000` | User that all the processes will run under in the container. | +| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | +| replicaCount | int | `1` | Number of replicas for the deployment. | +| resources | map | `{"limits":{"memory":"400Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | Resource requests and limits for the containers in the pod | +| resources.limits | map | `{"memory":"400Mi"}` | The maximum amount of resources that the container is allowed to use | +| resources.limits.memory | string | `"400Mi"` | The maximum amount of memory the container can use | +| resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | +| resources.requests.cpu | string | `"100m"` | The amount of CPU requested | +| resources.requests.memory | string | `"20Mi"` | The amount of memory requested | +| securityContext | map | `{}` | Security context for the containers in the pod | +| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | +| service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | +| service.port | int | `80` | The port number that the service exposes. | +| service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | +| serviceAccount | map | `{"annotations":{},"create":true,"name":"sower-service-account"}` | Service account to use or create. | +| serviceAccount.annotations | map | `{}` | Annotations to add to the service account. | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | +| serviceAccount.name | string | `"sower-service-account"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | +| strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | +| strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | +| tolerations | list | `[]` | Tolerations for the pods | +| volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | +| volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/templates/NOTES.txt b/helm/sower/templates/NOTES.txt new file mode 100644 index 00000000..c1e7e1ae --- /dev/null +++ b/helm/sower/templates/NOTES.txt @@ -0,0 +1 @@ +{{ .Chart.Name }} has been deployed successfully. diff --git a/helm/sower/templates/_helpers.tpl b/helm/sower/templates/_helpers.tpl new file mode 100644 index 00000000..e9a7c298 --- /dev/null +++ b/helm/sower/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "sower.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sower.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sower.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "sower.labels" -}} +{{- if .Values.commonLabels }} + {{- with .Values.commonLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.commonLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sower.selectorLabels" -}} +{{- if .Values.selectorLabels }} + {{- with .Values.selectorLabels }} + {{- toYaml . }} + {{- end }} +{{- else }} + {{- (include "common.selectorLabels" .)}} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sower.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "sower.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml new file mode 100644 index 00000000..712a6885 --- /dev/null +++ b/helm/sower/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sower + annotations: + gen3.io/network-ingress: "pidgin" + labels: + {{- include "sower.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "sower.selectorLabels" . | nindent 8 }} + revisionHistoryLimit: 2 + strategy: + {{- toYaml .Values.strategy | nindent 8 }} + template: + metadata: + labels: + {{- include "sower.selectorLabels" . | nindent 8 }} + public: "yes" + netnolimit: "yes" + spec: + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "sower.serviceAccountName" . }} + volumes: + {{- toYaml .Values.volumes | nindent 8 }} + containers: + - name: sower + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + volumeMounts: + {{- toYaml .Values.volumeMounts | nindent 12 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + optional: true + - name: GEN3_HOSTNAME + value: {{ .Values.global.hostname }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + path: /_status + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 60 + timeoutSeconds: 30 + readinessProbe: + httpGet: + path: /_status + port: 8000 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sower/templates/hpa.yaml b/helm/sower/templates/hpa.yaml new file mode 100644 index 00000000..cf898b78 --- /dev/null +++ b/helm/sower/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "sower.fullname" . }} + labels: + {{- include "sower.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "sower.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sower/templates/manifest-sower.yaml b/helm/sower/templates/manifest-sower.yaml new file mode 100644 index 00000000..a9635260 --- /dev/null +++ b/helm/sower/templates/manifest-sower.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: manifest-sower +data: + json: |- + [ + { + "name": "pelican-export", + "action": "export", + "container": { + "name": "job-task", + "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", + "pull_policy": "Always", + "env": [ + { + "name": "DICTIONARY_URL", + "valueFrom": { + "configMapKeyRef": { + "name": "manifest-global", + "key": "dictionary_url" + } + } + }, + { + "name": "GEN3_HOSTNAME", + "valueFrom": { + "configMapKeyRef": { + "name": "manifest-global", + "key": "hostname" + } + } + }, + { + "name": "ROOT_NODE", + "value": "subject" + } + ], + "volumeMounts": [ + { + "name": "pelican-creds-volume", + "readOnly": true, + "mountPath": "/pelican-creds.json", + "subPath": "config.json" + }, + { + "name": "peregrine-creds-volume", + "readOnly": true, + "mountPath": "/peregrine-creds.json", + "subPath": "creds.json" + } + ], + "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", + "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" + }, + "volumes": [ + { + "name": "pelican-creds-volume", + "secret": { + "secretName": "pelicanservice-g3auto" + } + }, + { + "name": "peregrine-creds-volume", + "secret": { + "secretName": "peregrine-creds" + } + } + ], + "restart_policy": "Never" + }, + { + "name": "pelican-export-files", + "action": "export-files", + "container": { + "name": "job-task", + "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", + "pull_policy": "Always", + "env": [ + { + "name": "DICTIONARY_URL", + "valueFrom": { + "configMapKeyRef": { + "name": "manifest-global", + "key": "dictionary_url" + } + } + }, + { + "name": "GEN3_HOSTNAME", + "valueFrom": { + "configMapKeyRef": { + "name": "manifest-global", + "key": "hostname" + } + } + }, + { + "name": "ROOT_NODE", + "value": "file" + }, + { + "name": "EXTRA_NODES", + "value": "" + } + ], + "volumeMounts": [ + { + "name": "pelican-creds-volume", + "readOnly": true, + "mountPath": "/pelican-creds.json", + "subPath": "config.json" + }, + { + "name": "peregrine-creds-volume", + "readOnly": true, + "mountPath": "/peregrine-creds.json", + "subPath": "creds.json" + } + ], + "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", + "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" + }, + "volumes": [ + { + "name": "pelican-creds-volume", + "secret": { + "secretName": "pelicanservice-g3auto" + } + }, + { + "name": "peregrine-creds-volume", + "secret": { + "secretName": "peregrine-creds" + } + } + ], + "restart_policy": "Never" + } + ] diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml new file mode 100644 index 00000000..cc6f526c --- /dev/null +++ b/helm/sower/templates/pelican-creds.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pelicanservice-g3auto +type: Opaque +{{- if .Values.global.aws.enabled }} +stringData: + config.json: |- +{ + "manifest_bucket_name": "{{ .Values.pelican.bucket }}", + "hostname": "{{ .Values.global.hostname }}", + "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", + "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" +} +{{- end }} diff --git a/helm/sower/templates/service.yaml b/helm/sower/templates/service.yaml new file mode 100644 index 00000000..eb027642 --- /dev/null +++ b/helm/sower/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: sower-service + labels: + {{- include "sower.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "sower.selectorLabels" . | nindent 4 }} + \ No newline at end of file diff --git a/helm/sower/templates/serviceaccount.yaml b/helm/sower/templates/serviceaccount.yaml new file mode 100644 index 00000000..a3bedfee --- /dev/null +++ b/helm/sower/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sower.serviceAccountName" . }} + labels: + {{- include "sower.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + {{- if .Values.global.aws.enabled }} + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.global.aws.account }}:role/{{ .Values.global.aws.sower_role }} + {{- end }} +{{- end }} diff --git a/helm/sower/templates/tests/test-connection.yaml b/helm/sower/templates/tests/test-connection.yaml new file mode 100644 index 00000000..d817824a --- /dev/null +++ b/helm/sower/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "sower.fullname" . }}-test-connection" + labels: + {{- include "sower.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "sower.fullname" . }}-service:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml new file mode 100644 index 00000000..5ea089ef --- /dev/null +++ b/helm/sower/values.yaml @@ -0,0 +1,234 @@ +# Default values for sower. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- (map) Global configuration options. +global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: + # -- (bool) Whether the deployment is for development purposes. + dev: true + # -- (map) Postgres database configuration. + postgres: + # -- (bool) Whether the database should be created. + dbCreate: true + # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres + master: + # -- (string) hostname of postgres server + host: + # -- (string) username of superuser in postgres. This is used to create or restore databases + username: postgres + # -- (string) password for superuser in postgres. This is used to create or restore databases + password: + # -- (string) Port for Postgres. + port: "5432" + # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. + environment: default + # -- (string) Hostname for the deployment. + hostname: localhost + # -- (string) ARN of the reverse proxy certificate. + revproxyArn: arn:aws:acm:us-east-1:123456:certificate + # -- (string) URL of the data dictionary. + dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json + # -- (string) Portal application name. + portalApp: gitops + # -- (string) S3 bucket name for Kubernetes manifest files. + kubeBucket: kube-gen3 + # -- (string) S3 bucket name for log files. + logsBucket: logs-gen3 + # -- (bool) Whether to sync data from dbGaP. + syncFromDbgap: false + # -- (string) Path to the user.yaml file in S3. + userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + # -- (bool) Whether public datasets are enabled. + publicDataSets: true + # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` + tierAccessLevel: libre + # -- (bool) Whether network policies are enabled. + netPolicy: true + # -- (int) Number of dispatcher jobs. + dispatcherJobNum: 10 + # -- (bool) Whether Datadog is enabled. + ddEnabled: false + +# -- (int) Number of replicas for the deployment. +replicaCount: 1 + +# -- (map) Docker image information. +image: + # -- (string) Docker repository. + repository: quay.io/cdis/sower + # -- (string) Docker pull policy. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "" + +# -- (list) Docker image pull secrets. +imagePullSecrets: [] + +# -- (string) Override the name of the chart. +nameOverride: "" + +# -- (string) Override the full name of the deployment. +fullnameOverride: "" + +# -- (map) Security context for the containers in the pod +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# -- (map) Kubernetes service information. +service: + # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". + type: ClusterIP + # -- (int) The port number that the service exposes. + port: 80 + +# -- (map) Configuration for autoscaling the number of replicas +autoscaling: + # -- (bool) Whether autoscaling is enabled + enabled: false + # -- (int) The minimum number of replicas to scale down to + minReplicas: 1 + # -- (int) The maximum number of replicas to scale up to + maxReplicas: 100 + # -- (int) Target CPU utilization percentage + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# -- (map) Node Selector for the pods +nodeSelector: {} + +# -- (list) Tolerations for the pods +tolerations: [] + +# -- (map) Security context to apply to the pod +podSecurityContext: + # -- (int) User that all the processes will run under in the container. + runAsUser: 1000 + # -- (int) Group that Kubernetes will change the permissions of all files in volumes to when volumes are mounted by a pod. + fsGroup: 1000 + +# -- (map) Affinity to use for the deployment. +affinity: + podAntiAffinity: + # -- (map) Option for scheduling to be required or preferred. + preferredDuringSchedulingIgnoredDuringExecution: + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - sower + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" + +# -- (list) Volumes to attach to the container. +volumes: + - name: sower-config + configMap: + name: manifest-sower + items: + - key: json + path: sower_config.json +# -- (list) Volumes to mount to the container. +volumeMounts: + - name: sower-config + readOnly: true + mountPath: /sower_config.json + subPath: sower_config.json + +# -- (string) AWS region to be used. +awsRegion: us-east-1 +# -- (string) AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. +awsStsRegionalEndpoints: regional +# -- (string) Namespace to deploy the job. +gen3Namespace: default + +# -- (map) Resource requests and limits for the containers in the pod +resources: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 100m + # -- (string) The amount of memory requested + memory: 20Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of memory the container can use + memory: 400Mi + +# -- (map) Rolling update deployment strategy +strategy: + type: RollingUpdate + rollingUpdate: + # -- (int) Number of additional replicas to add during rollout. + maxSurge: 1 + # -- (int) Maximum amount of pods that can be unavailable during the update. + maxUnavailable: 0 + +# -- (bool) Automount the default service account token +automountServiceAccountToken: true + +pelican: + image: + # -- (string) Docker repository. + repository: quay.io/cdis/pelican-export + # -- (string) Docker pull policy. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "" + # -- (string) The bucket for pelican exports + bucket: "" + # -- (map) Resource requests and limits for the containers in the pod + resources: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 100m + # -- (string) The amount of memory requested + memory: 20Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of CPU the container can use + cpu: 1 + # -- (string) The maximum amount of memory the container can use + memory: 12Gi + +# -- (map) Service account to use or create. +serviceAccount: + # -- (bool) Specifies whether a service account should be created. + create: true + # -- (map) Annotations to add to the service account. + annotations: {} + # -- (string) The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "sower-service-account" + +# Values to determine the labels that are used for the deployment, pod, etc. +# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". +release: "production" +# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". +criticalService: "false" +# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. +partOf: "Core-Service" +# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl +selectorLabels: +# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl +commonLabels: diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index dcc7827f..bb9ec694 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index e163b435..d0776480 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -80,13 +80,13 @@ A Helm chart for gen3 workspace token service | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | -| resources | map | `{"limits":{"cpu":0.5,"memory":"512Mi"},"requests":{"cpu":0.1,"memory":"12Mi"}}` | Resource requests and limits for the containers in the pod | +| resources | map | `{"limits":{"cpu":0.5,"memory":"512Mi"},"requests":{"cpu":0.2,"memory":"120Mi"}}` | Resource requests and limits for the containers in the pod | | resources.limits | map | `{"cpu":0.5,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | resources.limits.cpu | string | `0.5` | The maximum amount of CPU the container can use | | resources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | -| resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | -| resources.requests.cpu | string | `0.1` | The amount of CPU requested | -| resources.requests.memory | string | `"12Mi"` | The amount of memory requested | +| resources.requests | map | `{"cpu":0.2,"memory":"120Mi"}` | The amount of resources that the container requests | +| resources.requests.cpu | string | `0.2` | The amount of CPU requested | +| resources.requests.memory | string | `"120Mi"` | The amount of memory requested | | roleName | string | `"workspace-token-service"` | Name of the role to be used for the role binding. | | secrets | map | `{"external_oidc":null}` | Values for wts secret. | | securityContext | map | `{}` | Security context for the containers in the pod | diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index db04380a..e3f20dec 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -182,9 +182,7 @@ spec: - name: SECRET_CONFIG value: "/var/www/wts/appcreds.json" resources: - limits: - cpu: 0.8 - memory: 512Mi + {{- toYaml .Values.resources | nindent 12 }} command: ["/bin/sh"] args: - "-c" diff --git a/helm/wts/templates/wts-oidc.yaml b/helm/wts/templates/wts-oidc.yaml index 082bd7bf..d14c6e79 100644 --- a/helm/wts/templates/wts-oidc.yaml +++ b/helm/wts/templates/wts-oidc.yaml @@ -24,7 +24,7 @@ spec: containers: - name: fence-client # TODO: Make this configurable - image: "quay.io/cdis/fence:feat_dbenvvar" + image: "quay.io/cdis/fence:master" imagePullPolicy: {{ .Values.image.pullPolicy }} # TODO: ADD RESOURCES # resources: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 8ed969bc..32f3db80 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -155,9 +155,9 @@ resources: # -- (map) The amount of resources that the container requests requests: # -- (string) The amount of CPU requested - cpu: 0.1 + cpu: 0.2 # -- (string) The amount of memory requested - memory: 12Mi + memory: 120Mi # -- (map) The maximum amount of resources that the container is allowed to use limits: # -- (string) The maximum amount of CPU the container can use diff --git a/sample-values/fence-config.yaml b/sample-values/fence-config.yaml deleted file mode 100644 index 11873115..00000000 --- a/sample-values/fence-config.yaml +++ /dev/null @@ -1,885 +0,0 @@ -#### FENCE CONFIG #### -fence: - FENCE_CONFIG: - APP_NAME: 'Gen3 Data Commons' - - # A URL-safe base64-encoded 32-byte key for encrypting keys in db - # in python you can use the following script to generate one: - # import base64 - # import os - # key = base64.urlsafe_b64encode(os.urandom(32)) - # print(key) - ENCRYPTION_KEY: REPLACEME - - # ////////////////////////////////////////////////////////////////////////////////////// - # DEBUG & SECURITY SETTINGS - # - Modify based on whether you're in a dev environment or in production - # ////////////////////////////////////////////////////////////////////////////////////// - # flask's debug setting - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - DEBUG: false - # if true, will automatically login a user with username "test" - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - MOCK_AUTH: false - # if true, will fake a successful login response from Google in /login/google - # NOTE: this will also modify the behavior of /link/google endpoints - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - # will login as the username set in cookie DEV_LOGIN_COOKIE_NAME - MOCK_GOOGLE_AUTH: false - DEV_LOGIN_COOKIE_NAME: "dev_login" - # if true, will ignore anything configured in STORAGE_CREDENTIALS - MOCK_STORAGE: false - # allow OIDC traffic on http for development. By default it requires https. - # - # WARNING: ONLY set to true when fence will be deployed in such a way that it will - # ONLY receive traffic from internal clients and can safely use HTTP. - AUTHLIB_INSECURE_TRANSPORT: true - # enable Prometheus Metrics for observability purposes - # - # WARNING: Any counters, gauges, histograms, etc. should be carefully - # reviewed to make sure its labels do not contain any PII / PHI - ENABLE_PROMETHEUS_METRICS: false - - # set if you want browsers to only send cookies with requests over HTTPS - SESSION_COOKIE_SECURE: true - - ENABLE_CSRF_PROTECTION: true - - # Signing key for WTForms to sign CSRF tokens with - WTF_CSRF_SECRET_KEY: '{{ENCRYPTION_KEY}}' - - # fence (at the moment) attempts a migration on startup. setting this to false will disable that - # WARNING: ONLY set to false if you do NOT want to automatically migrate your database. - # You should be careful about incompatible versions of your db schema with what - # fence expects. In other words, things could be broken if you update to a later - # fence that expects a schema your database isn't migrated to. - # NOTE: We are working to improve the migration process in the near future - ENABLE_DB_MIGRATION: true - - # ////////////////////////////////////////////////////////////////////////////////////// - # OPEN ID CONNECT (OIDC) - # - Fully configure at least one client so login works - # - WARNING: Be careful changing the *_ALLOWED_SCOPES as you can break basic - # and optional functionality - # ////////////////////////////////////////////////////////////////////////////////////// - OPENID_CONNECT: - # any OIDC IDP that does not differ from the generic implementation can be - # configured without code changes - generic_oidc_idp: # choose a unique ID and replace this key - name: 'some_idp' # optional; display name for this IDP - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/some_idp/login' # replace IDP name - # use `discovery` to configure IDPs that do not expose a discovery - # endpoint. One of `discovery_url` or `discovery` should be configured - discovery_url: 'https://server.com/.well-known/openid-configuration' - discovery: - authorization_endpoint: '' - token_endpoint: '' - jwks_uri: '' - user_id_field: '' # optional (default "sub"); claims field to get the user_id from - email_field: '' # optional (default "email"); claims field to get the user email from - scope: '' # optional (default "openid") - # These Google values must be obtained from Google's Cloud Console - # Follow: https://developers.google.com/identity/protocols/OpenIDConnect - # - # You'll need to obtain a Client ID and Client Secret. Set the redirect URIs - # in Google to be '{{BASE_URL}}/login/google/login', but expand BASE_URL to - # whatever you set it to above. - google: - discovery_url: 'https://accounts.google.com/.well-known/openid-configuration' - client_id: '' - client_secret: '' - # this is be the allowed redirect back to fence, should not need to change - redirect_url: '{{BASE_URL}}/login/google/login/' - scope: 'openid email' - # if mock is true, will fake a successful login response from Google in /login/google - # NOTE: this will also modify the behavior of /link/google endpoints - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - # will login as the username set in cookie DEV_LOGIN_COOKIE_NAME or default provided - # here - mock: '{{MOCK_GOOGLE_AUTH}}' # for backwards compatibility with older cfg files - mock_default_user: 'test@example.com' - # Support for multi-tenant fence (another fence is this fence's IDP) - # If this fence instance is a client of another fence, fill this cfg out. - # REMOVE if not needed - fence: - # this api_base_url should be the root url for the OTHER fence - # something like: https://example.com - api_base_url: '' - # this client_id and client_secret should be obtained by registering THIS fence as - # a new client of the OTHER fence - client_id: '' - client_secret: '' - client_kwargs: - # openid is required to use OIDC flow - scope: 'openid' - # callback after logging in through the other fence - redirect_uri: '{{BASE_URL}}/login/fence/login' - # The next 3 should not need to be changed if the provider is following - # Oauth2 endpoint naming conventions - authorize_url: '{{api_base_url}}/oauth2/authorize' - access_token_url: '{{api_base_url}}/oauth2/token' - refresh_token_url: '{{api_base_url}}/oauth2/token' - # Custom name to display for consent screens. If not provided, will use `fence`. - # If the other fence is using NIH Login, you should make name: `NIH Login` - name: '' - # if mock is true, will fake a successful login response for login - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - mock: false - mock_default_user: 'test@example.com' - # this is needed to enable InCommon login, if some LOGIN_OPTIONS are configured with idp=fence and a list of shib_idps: - shibboleth_discovery_url: 'https://login.bionimbus.org/Shibboleth.sso/DiscoFeed' - # you can setup up an orcid client here: https://orcid.org/developer-tools - orcid: - discovery_url: 'https://orcid.org/.well-known/openid-configuration' - client_id: '' - client_secret: '' - # make sure you put the FULL url for this deployment in the allowed redirects in - # ORCID.org. DO NOT include {{BASE_URL}} at ORCID.org, you need to actually put the - # full url - redirect_url: '{{BASE_URL}}/login/orcid/login/' - scope: 'openid' - # if mock is true, will fake a successful login response for login - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - mock: false - mock_default_user: '0000-0002-2601-8132' - ras: - discovery_url: 'https://sts.nih.gov/.well-known/openid-configuration' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/ras/callback' - scope: 'openid email profile ga4gh_passport_v1' - # if mock is true, will fake a successful login response for login - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - mock: false - mock_default_user: 'test@example.com' - # Create a client in Azure here: - # https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview - # Currently supports organizational account only, so when registering a new App in - # Azure, make sure to select the `Accounts in any organizational directory` for - # supported account types. - microsoft: - discovery_url: 'https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration' - # after registering a new appl, client_id can be found as - # "APPLICATION (CLIENT) ID" in Microsoft Azure - client_id: '' - # You have a generate a secret in Azure for this app, there should be a - # "Certificates & secrets" section where you can create a "New client secret" - client_secret: '' - # make sure you put the FULL url for this deployment in the allowed redirects in - # your app in Azure. DO NOT include {{BASE_URL}} in Azure, you need to actually put the - # full url - redirect_url: '{{BASE_URL}}/login/microsoft/login/' - scope: 'openid email' - # if mock is true, will fake a successful login response for login - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - mock: false - mock_default_user: 'test@example.com' - # For information on configuring an Okta tenant as an OIDC IdP refer to Okta documentation at: - # https://developer.okta.com/docs/reference/api/oidc/#2-okta-as-the-identity-platform-for-your-app-or-api - okta: - discovery_url: '' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/okta/login/' - scope: 'openid email' - cognito: - # You must create a user pool in order to have a discovery url - discovery_url: 'https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/cognito/login/' - scope: 'openid email' - # In the case where Cognito is being used solely as an intermediary to a single IdP, - # and that IdP is a SAML IdP with no 'email_verified' outgoing claim, but it is safe - # to assume all emails from this SAML IdP are in fact verified, we may set this to True - # assume_emails_verified: False - # CILogon subscribers can create and manage OIDC clients using COmanage Registry. - # Free tier users may request OIDC clients at https://cilogon.org/oauth2/register - cilogon: - discovery_url: 'https://cilogon.org/.well-known/openid-configuration' - client_id: '' - client_secret: '' - # When registering the Callback URLs for your CILogon OIDC client be - # sure to include the FULL url for this deployment, including the https:// scheme - # and server FQDN. - redirect_url: '{{BASE_URL}}/login/cilogon/login/' - scope: 'openid email profile' - # if mock is true, will fake a successful login response for login - # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) - mock: false - mock_default_user: 'http://cilogon.org/serverT/users/64703' - synapse: - discovery_url: '' - client_id: '' - client_secret: '' - redirect_url: '' - scope: 'openid' - shibboleth: - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/shib/login' - - # these are the *possible* scopes a client can be given, NOT scopes that are - # given to all clients. You can be more restrictive during client creation - CLIENT_ALLOWED_SCOPES: - - "openid" - - "user" - - "data" - - "google_credentials" - - "google_service_account" - - "google_link" - - "ga4gh_passport_v1" - - # these are the scopes that CAN be included in a user's own access_token - USER_ALLOWED_SCOPES: - - "fence" - - "openid" - - "user" - - "data" - - "admin" - - "google_credentials" - - "google_service_account" - - "google_link" - - "ga4gh_passport_v1" - - # these are the scopes that a browser session can create for a user (very - # similar to USER_ALLOWED_SCOPES, as the session will actually create access_tokens - # for an actively logged in user) - SESSION_ALLOWED_SCOPES: - - "openid" - - "user" - - "credentials" - - "data" - - "admin" - - "google_credentials" - - "google_service_account" - - "google_link" - - "ga4gh_passport_v1" - - # ////////////////////////////////////////////////////////////////////////////////////// - # LOGIN - # - Modify based on which OIDC provider(s) you configured above - # - NOTE: You can have multiple IDPs for users to login with, but one has to be set - # as the default - # ////////////////////////////////////////////////////////////////////////////////////// - - # List of enabled login options (used by data-portal to display login buttons). - # Each option must be configured with a "name" and an "idp". - # - "idp" must be a configured provider in OPENID_CONNECT section. - # Multiple options can be configured with the same idp. - # - if provider_id is "fence", "fence_idp" can be any of the providers - # supported by the other Fence. If not specified, will default to NIH login. - # - if provider_id is "fence" and fence_idp is "shibboleth", a list of - # "shib_idps" can be configured for InCommon login. If not specified, will - # default to NIH login. - # - Optional parameters: "desc" (description) and "secondary" (boolean - can - # be used by the frontend to display secondary buttons differently). - LOGIN_OPTIONS: - - name: 'Login from Google' - desc: 'description' - idp: google - # secondary: True - # - name: 'ORCID Login' - # idp: orcid - # - name: 'Microsoft Login' - # idp: microsoft - # - name: 'Okta Login'/sqz-krfi-ynw - # idp: okta - # # Cognito login: You may want to edit the name to reflect Cognito's IdP, - # # especially if Cognito is only using one IdP - # - name: 'Login from Cognito' - # desc: 'Amazon Cognito login' - # idp: cognito - # - name: 'Login from RAS' - # idp: ras - # - name: 'NIH Login' - # idp: fence - # fence_idp: shibboleth - # - name: 'ORCID Login through other Fence' - # idp: fence - # fence_idp: orcid - # - name: 'CILogon Login' - # idp: cilogon - # - name: 'InCommon Login' - # idp: fence - # fence_idp: shibboleth - # # "shib_idps" can be '*' or a list of one or more entity IDs - # shib_idps: - # - urn:mace:incommon:nih.gov - # - urn:mace:incommon:uchicago.edu - # The following can be used for shibboleth login, simply uncomment. - # NOTE: Don't enable shibboleth if the deployment is not protected by - # shibboleth module, the shib module takes care of preventing header - # spoofing. - # - name: 'Shibboleth Login' - # idp: shibboleth - - # Default login provider: - # - must be configured in LOGIN_OPTIONS and OPENID_CONNECT - # - if several options in LOGIN_OPTIONS are defined for this IDP, will default - # to the first one. - DEFAULT_LOGIN_IDP: google - - # Default login URL: DEPRECATED and replaced by LOGIN_OPTIONS + DEFAULT_LOGIN_IDP configs - # - Google? Use: '{{BASE_URL}}/login/google' - # - Multi-tenant fence (e.g. another fence instance)? Use: '{{BASE_URL}}/login/fence' - # - Sibboleth? Use: '{{BASE_URL}}/login/shib' - DEFAULT_LOGIN_URL: '{{BASE_URL}}/login/google' - - # `LOGIN_REDIRECT_WHITELIST` is a list of extra whitelisted URLs which can be redirected - # to by the `/login/*` endpoints. Fence automatically populates this with the redirect - # URLs for any registered OAuth clients, and its own URL. When validating the redirects, - # fence chesk whether the domain for the redirect matches a domain in the whitelist (so - # only the domains for the additional desired redirects are necessary here). - LOGIN_REDIRECT_WHITELIST: [] - - ### DEPRECATED and replaced by OPENID_CONNECT + LOGIN_OPTIONS configs - ENABLED_IDENTITY_PROVIDERS: {} - - - # ////////////////////////////////////////////////////////////////////////////////////// - # LIBRARY CONFIGURATION (authlib & flask) - # - Already contains reasonable defaults - # ////////////////////////////////////////////////////////////////////////////////////// - # authlib-specific configs for OIDC flow and JWTs - # NOTE: the OAUTH2_JWT_KEY cfg gets set automatically by fence if keys are setup - # correctly - OAUTH2_JWT_ALG: 'RS256' - OAUTH2_JWT_ENABLED: true - OAUTH2_JWT_ISS: '{{BASE_URL}}' - OAUTH2_PROVIDER_ERROR_URI: '/api/oauth2/errors' - - # used for flask, "path mounted under by the application / web server" - # since we deploy as microservices, fence is typically under {{base}}/user - # this is also why our BASE_URL default ends in /user - APPLICATION_ROOT: '/user' - - - # ////////////////////////////////////////////////////////////////////////////////////// - # Tokens, Lifetimes, & Expirations - # - Already contains reasonable defaults - # ////////////////////////////////////////////////////////////////////////////////////// - # The name of the browser cookie in which the access token will be stored. - ACCESS_TOKEN_COOKIE_NAME: "access_token" - - # The name of the browser cookie in which the session token will be stored. - # Note that the session token also stores information for the - # ``flask.session`` in the ``context`` field of the token. - SESSION_COOKIE_NAME: "fence" - - # The domain of the browser cookie in which the session token will be stored. - # Leave unset (not empty string!) for normal single-site deployment. - SESSION_COOKIE_DOMAIN: - - OAUTH2_TOKEN_EXPIRES_IN: - "authorization_code": 1200 - "implicit": 1200 - - # The number of seconds after an access token is issued until it expires. - ACCESS_TOKEN_EXPIRES_IN: 1200 - - # The number of seconds after a refresh token is issued until it expires. - REFRESH_TOKEN_EXPIRES_IN: 2592000 - - # The number of seconds after which a browser session is considered stale. - SESSION_TIMEOUT: 1800 - - # The maximum session lifetime in seconds. - SESSION_LIFETIME: 28800 - - # The number of seconds the user's Google service account key used for - # url signing will last before being expired/rotated - # 30 days: 2592000 seconds - GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN: 2592000 - - # The number of seconds after a User's Google Service account is added to bucket - # access until it expires. - # 7 days: 604800 seconds - GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN: 604800 - - # The number of seconds after a User's Google account is added to bucket - # access until it expires. - GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN: 86400 - - # The number of seconds after a pre-signed url is issued until it expires. - MAX_PRESIGNED_URL_TTL: 3600 - - # The number of seconds after an API KEY is issued until it expires. - MAX_API_KEY_TTL: 2592000 - - # The number of seconds after an access token is issued until it expires. - MAX_ACCESS_TOKEN_TTL: 3600 - - # TEMPORARY: The maximum number of projects allowed in token claims. - # This config var should be removed after sheepdog and peregrine support - # auth checks against Arborist, and no longer check the token. - TOKEN_PROJECTS_CUTOFF: 10 - - # If set to true, will generate an new access token each time when a browser session update happens - RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION: false - - # The maximum lifetime of a Gen3 passport in seconds - GEN3_PASSPORT_EXPIRES_IN: 43200 - - ######################################################################################## - # OPTIONAL CONFIGURATIONS # - ######################################################################################## - - # For displaying a privacy policy to users, we can either link to the URL specified by - # PRIVACY_POLICY_URL, or default to the `static/privacy_policy.md` file in fence. - PRIVACY_POLICY_URL: null - - # ////////////////////////////////////////////////////////////////////////////////////// - # RELIABILITY OPTS - # ////////////////////////////////////////////////////////////////////////////////////// - # Configurations related to resiliency, fault-tolerance and availability - # This is the number of requests per second that the Nginx proxy will accept before reaching fence - # The value defined in fence-config-public.yaml takes precedence over this one - # In the absence of this OVERRIDE prefixed config, the legacy NGINX_RATE_LIMIT from the k8s deployment yaml is applied - OVERRIDE_NGINX_RATE_LIMIT: 18 - - # ////////////////////////////////////////////////////////////////////////////////////// - # SUPPORT INFO - # ////////////////////////////////////////////////////////////////////////////////////// - # If you want an email address to show up when an unhandled error occurs, provide one - # here. Something like: support@example.com - SUPPORT_EMAIL_FOR_ERRORS: null - - # ////////////////////////////////////////////////////////////////////////////////////// - # SHIBBOLETH - # - Support using `shibboleth` in LOGIN_OPTIONS - # - Contains defaults for using NIH's Login. - # ////////////////////////////////////////////////////////////////////////////////////// - # assumes shibboleth is deployed under {{BASE_URL}}/shibboleth - SHIBBOLETH_HEADER: 'persistent_id' - SSO_URL: 'https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=' - ITRUST_GLOBAL_LOGOUT: 'https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=' - - # ////////////////////////////////////////////////////////////////////////////////////// - # dbGaP USER SYNCING SUPPORT - # - Support syncing authorization information from dbGaP - # ////////////////////////////////////////////////////////////////////////////////////// - # "dbGaP project serves as an access gateway for researchers seeking to gain - # access to genotype and phenotype data" - # - # User syncing and access can also be done throught a User Access file. See - # fence's README for more information - dbGaP: - - info: - host: '' - username: '' - password: '' - port: 22 - proxy: '' - proxy_user: '' - protocol: 'sftp' - decrypt_key: '' - # parse out the consent from the dbgap accession number such that something - # like "phs000123.v1.p1.c2" becomes "phs000123.c2". - # - # NOTE: when this is "false" the above would become "phs000123" - parse_consent_code: true - # A consent of "c999" can indicate access to that study's "exchange area data" - # and when a user has access to one study's exchange area data, they - # have access to the parent study's "common exchange area data" that is not study - # specific. The following config is whether or not to parse/handle "c999" codes - # for access to the common exchange area data - # - # NOTE: When enabled you MUST also provide a mapping to the - # `study_common_exchange_areas` from study -> parent common exchange area resource - enable_common_exchange_area_access: false - # The below configuration is a mapping from studies to their "common exchange area data" - # Fence project name a user gets access to when parsing c999 exchange area codes (and - # subsequently gives access to an Arborist resource representing this common area - # as well) - study_common_exchange_areas: - 'example': 'test_common_exchange_area' - # 'studyX': 'test_common_exchange_area' - # 'studyY': 'test_common_exchange_area' - # 'studyZ': 'test_common_exchange_area' - # A mapping from the dbgap study / Fence project to which authorization namespaces the - # actual data lives in. For example, `studyX` data may exist in multiple organizations, so - # we need to know how to map authorization to all orgs resources - study_to_resource_namespaces: - '_default': ['/'] - 'test_common_exchange_area': ['/dbgap/'] - # above are for default support and exchange area support - # below are further examples - # - # 'studyX': ['/orgA/', '/orgB/'] - # 'studyX.c2': ['/orgB/', '/orgC/'] - # 'studyZ': ['/orgD/'] - # Regex to match an assession number that has consent information in forms like: - # phs00301123.c999 - # phs000123.v3.p1.c3 - # phs000123.c3 - # phs00301123.v3.p4.c999 - # Will NOT MATCH forms like: phs000123 - # - # WARNING: Do not change this without consulting the code that uses it - DBGAP_ACCESSION_WITH_CONSENT_REGEX: '(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)' - - # ////////////////////////////////////////////////////////////////////////////////////// - # STORAGE BACKENDS AND CREDENTIALS - # - Optional: Used for `/admin` & `/credentials` endpoints for user management. - # Also used during User Syncing process to automate managing Storage - # access for users. - # ////////////////////////////////////////////////////////////////////////////////////// - # When true, this modifies usersync (not fence service itself) such that when syncing user - # access to a Google storage backend happens in "bulk" by doing a diff *per google group* - # between what's in Google and what's expected. Then it adds, removes only as necessary. - # This is in contrast to the default logic which does blind updates per user and ignores - # 409s from Google. - # NOTE: This reduces the number of API calls to Google in the general case, but increases - # memory usages by usersync (as it has to track all the Google groups and user access) - GOOGLE_BULK_UPDATES: false - - # Configuration for various storage systems for the backend - # NOTE: Remove the {} and supply backends if needed. Example in comments below - STORAGE_CREDENTIALS: {} - # Google Cloud Storage backend - # - # 'google': - # backend: 'google' - # # this should be the project id where the Google Groups for data access are managed - # google_project_id: 'some-project-id-12378923' - - # Cleversafe data storage backend - # - # 'cleversafe-server-a': - # backend: 'cleversafe' - # aws_access_key_id: '' - # aws_secret_access_key: '' - # host: 'somemanager.osdc.io' - # public_host: 'someobjstore.example.com' - # port: 443 - # is_secure: true - # username: 'someone' - # password: 'somepass' - # is_mocked: true - - # ////////////////////////////////////////////////////////////////////////////////////// - # AWS BUCKETS AND CREDENTIALS - # - Support `/data` endpoints - # ////////////////////////////////////////////////////////////////////////////////////// - AWS_CREDENTIALS: {} - # NOTE: Remove the {} and supply creds if needed. Example in comments below - # 'CRED1': - # aws_access_key_id: '' - # aws_secret_access_key: '' - # 'CRED2': - # aws_access_key_id: '' - # aws_secret_access_key: '' - - # NOTE: the region is optonal for s3_buckets, however it should be specified to avoid a - # call to GetBucketLocation which you make lack the AWS ACLs for. - # public buckets do not need the region field. - # the cred values should be keys in section `AWS_CREDENTIALS`. - S3_BUCKETS: {} - # NOTE: Remove the {} and supply buckets if needed. Example in comments below - # bucket1: - # cred: 'CRED1' - # region: 'us-east-1' - # # optionally you can manually specify an s3-compliant endpoint for this bucket - # endpoint_url: 'https://cleversafe.example.com/' - # bucket2: - # cred: 'CRED2' - # region: 'us-east-1' - # bucket3: - # cred: '*' # public bucket - # bucket4: - # cred: 'CRED1' - # region: 'us-east-1' - # role-arn: 'arn:aws:iam::role1' - - # `DATA_UPLOAD_BUCKET` specifies an S3 bucket to which data files are uploaded, - # using the `/data/upload` endpoint. This must be one of the first keys under - # `S3_BUCKETS` (since these are the buckets fence has credentials for). - DATA_UPLOAD_BUCKET: 'bucket1' - - # ////////////////////////////////////////////////////////////////////////////////////// - # PROXY - # - Optional: If the api is behind firewall that needs to set http proxy - # ////////////////////////////////////////////////////////////////////////////////////// - # NOTE: leave as-is to not use proxy - # this is only used by the Google Oauth2Client at the moment if provided - HTTP_PROXY: - host: null - port: 3128 - - # ////////////////////////////////////////////////////////////////////////////////////// - # MICROSERVICE PATHS - # - Support `/data` endpoints & authz functionality - # ////////////////////////////////////////////////////////////////////////////////////// - # url where indexd microservice is running (for signed urls primarily) - # NOTE: Leaving as null will force fence to default to {{BASE_URL}}/index - # example value: 'https://example.com/index' - INDEXD: null - - # this is the username which fence uses to make authenticated requests to indexd - INDEXD_USERNAME: 'fence' - # this is the password which fence uses to make authenticated requests to indexd - INDEXD_PASSWORD: '' - - # ////////////////////////////////////////////////////////////////////////////////////// - # AZURE STORAGE BLOB CONFIGURATION - # - Support Azure Blob Data Access Methods - # ////////////////////////////////////////////////////////////////////////////////////// - - # https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal#view-account-access-keys - # AZ_BLOB_CREDENTIALS: 'fake connection string' - AZ_BLOB_CREDENTIALS: - - # AZ_BLOB_CONTAINER_URL: 'https://storageaccount.blob.core.windows.net/container/' - # this is the container used for uploading, and should match the storage account - # used in the connection string for AZ_BLOB_CREDENTIALS - AZ_BLOB_CONTAINER_URL: 'https://myfakeblob.blob.core.windows.net/my-fake-container/' - - # url where authz microservice is running - ARBORIST: null - - # url where the audit-service is running - AUDIT_SERVICE: 'http://audit-service' - ENABLE_AUDIT_LOGS: - presigned_url: false - login: false - # `PUSH_AUDIT_LOGS_CONFIG.type` is one of: [api, aws_sqs]. - # - if type == api: logs are created by hitting the log creation endpoint. - # - if type == aws_sqs: logs are pushed to an SQS and `aws_sqs_config` fields - # `sqs_url` and `region` are required. Field `aws_cred` is optional and it - # should be a key in section `AWS_CREDENTIALS`. - PUSH_AUDIT_LOGS_CONFIG: - type: aws_sqs - aws_sqs_config: - sqs_url: - region: - aws_cred: - - # ////////////////////////////////////////////////////////////////////////////////////// - # CLOUD API LIBRARY (CIRRUS) AND GOOGLE CONFIGURATION - # - Support Google Data Access Methods - # ////////////////////////////////////////////////////////////////////////////////////// - # Setting this up allows fence to create buckets, manage Google groups, etc. - # See directions here for setting up cirrus: https://github.com/uc-cdis/cirrus - CIRRUS_CFG: - GOOGLE_API_KEY: '' - GOOGLE_PROJECT_ID: '' - GOOGLE_APPLICATION_CREDENTIALS: '' - GOOGLE_STORAGE_CREDS: '' - GOOGLE_ADMIN_EMAIL: '' - GOOGLE_IDENTITY_DOMAIN: '' - GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL: '' - - # Prefix to namespace Google Groups on a single Cloud Identity (see cirrus - # setup for more info on Cloud Identity) - # - # NOTE: Make this short! Less than 8 characters if possible. Google has - # length restrictions on group names. - GOOGLE_GROUP_PREFIX: '' - - # Prefix to namespace Google Service Accounts in a single Google Cloud Platform Project. - # This is primarily to support multiple instances of fence references the same Google - # project. If that is not something you need to support, then you can leave this blank. - # - # NOTE: Make this short! Less than 8 characters if possible. Google has - # length restrictions on service account names. - GOOGLE_SERVICE_ACCOUNT_PREFIX: '' - - # A Google Project identitifier representing the default project to bill to for - # accessing Google Requester Pays buckets (for signed urls and/or temporary service account - # credentials). If this is provided and the API call for - # Google access does not include a `userProject`, this will be used instead. - # - # WARNING: Setting this WITHOUT setting "ENABLE_AUTOMATIC_BILLING_*" to `true` below, - # means that clients and end-users will be responsible for making sure that - # the service account used in either of these methods actually has billing - # permission in the specified project. - BILLING_PROJECT_FOR_SIGNED_URLS: - BILLING_PROJECT_FOR_SA_CREDS: - - # Setting this to `true` will make Fence automatically attempt to create a Custom Role - # in the billing project and give the necessary Google Service Account that role - # (which will allow it to bill to the project). - # - # NOTE: The Fence SA will need the necessary permissions in the specified project to - # both create a custom role and update the Project's IAM Policy to include the - # necessary SA. At the time of writing, there are pre-defined roles in Google's - # IAM that provide the necessary permissions. Those are "Project IAM Admin" and - # "Role Administrator" - # - # NOTE2: It may be possible to further restrict the permissions in the future to - # be more fine-grained. - # - ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS: false - ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS: false - - # ////////////////////////////////////////////////////////////////////////////////////// - # EMAIL - # - Support for sending emails from fence. Used for user certificates - # and `/google/service_accounts` endpoints - # ////////////////////////////////////////////////////////////////////////////////////// - # Gun Mail Service (for sending emails from fence) - # - # NOTE: Example in comments below - GUN_MAIL: - 'datacommons.io': - smtp_hostname: 'smtp.mailgun.org' - api_key: '' - default_login: 'postmaster@mailgun.example.com' - api_url: 'https://api.mailgun.net/v3/mailgun.example.com' - smtp_password: '' - - # For emails regarding users certificates - EMAIL_SERVER: 'localhost' - SEND_FROM: 'example@gmail.com' - SEND_TO: 'example@gmail.com' - - # ////////////////////////////////////////////////////////////////////////////////////// - # DATA ACCESS: GOOGLE LINKING & SERVICE ACCOUNT REGISTRATION - # - Support `/google/service_accounts` endpoints - # ////////////////////////////////////////////////////////////////////////////////////// - # whether or not to allow access to the /link/google endpoints - ALLOW_GOOGLE_LINKING: true - - # A Google Project with controlled data access will be determined INVALID if - # if it has a parent organization UNLESS that parent organization's ID is in this - # whitelist. - # - # NOTE: Remove the [] and Google Organization IDs if needed. Example in comments below - WHITE_LISTED_GOOGLE_PARENT_ORGS: [] - # - '12345678910' - - # A Google Project with Google Service Accounts determined INVALID will result in the - # the entire project being invalid UNLESS that service accounts's email is in this - # whitelist. - # - # NOTE: Remove the [] and service account emails if needed. Example in comments below - WHITE_LISTED_SERVICE_ACCOUNT_EMAILS: [] - # - 'example@developer.gserviceaccount.com' - # - 'example@test.iam.gserviceaccount.com' - - # when service accounts or google projects are determined invalid, an email is sent - # to the project owners. These settings are for that email - REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION: - enable: false - # this domain MUST exist in GUN_MAIL config - domain: 'example.com' - from: 'do-not-reply@example.com' - subject: 'User service account removal notification' - # the {} gets replaced dynamically in the Python code to be the Project ID - content: > - Service accounts were removed from access control data because some users or - service accounts of GCP Project {} are not authorized to access the data sets - associated to the service accounts, or do not adhere to the security policies. - # this admin email will be included as a recipient to *any* email to anyone about - # service account removal. - # - # WARNING: This is NOT a bcc so the email is visible to the end-user - admin: - - 'admin@example.edu' - - PROBLEM_USER_EMAIL_NOTIFICATION: - # this domain MUST exist in GUN_MAIL config - domain: 'example.com' - from: 'do-not-reply@example.com' - subject: 'Account access error notification' - # the {} gets replaced dynamically in the Python code to be the Project ID - content: > - The Data Commons Framework utilizes dbGaP for data access authorization. - Another member of a Google project you belong to ({}) is attempting to - register a service account to the following additional datasets ({}). - Please contact dbGaP to request access. - # this admin email will be included as a recipient to *any* email to anyone about - # service account removal. - # - # WARNING: This is NOT a bcc so the email is visible to the end-user - admin: - - 'admin@example.edu' - - # Service account email domains that represent a service account that Google owns. - # These are usually created when a sepcific GCP service is enabled. - # This is used for Service Account Validation for Data Access. - GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS: - - 'dataflow-service-producer-prod.iam.gserviceaccount.com' - - 'cloudbuild.gserviceaccount.com' - - 'cloud-ml.google.com.iam.gserviceaccount.com' - - 'container-engine-robot.iam.gserviceaccount.com' - - 'dataflow-service-producer-prod.iam.gserviceaccount.com' - - 'sourcerepo-service-accounts.iam.gserviceaccount.com' - - 'dataproc-accounts.iam.gserviceaccount.com' - - 'gae-api-prod.google.com.iam.gserviceaccount.com' - - 'genomics-api.google.com.iam.gserviceaccount.com' - - 'containerregistry.iam.gserviceaccount.com' - - 'container-analysis.iam.gserviceaccount.com' - - 'cloudservices.gserviceaccount.com' - - 'stackdriver-service.iam.gserviceaccount.com' - - 'appspot.gserviceaccount.com' - - 'partnercontent.gserviceaccount.com' - - 'trifacta-gcloud-prod.iam.gserviceaccount.com' - - 'gcf-admin-robot.iam.gserviceaccount.com' - - 'compute-system.iam.gserviceaccount.com' - - 'gcp-sa-websecurityscanner.iam.gserviceaccount.com' - - 'storage-transfer-service.iam.gserviceaccount.com' - - 'firebase-sa-management.iam.gserviceaccount.com' - - 'firebase-rules.iam.gserviceaccount.com' - - 'gcp-sa-cloudbuild.iam.gserviceaccount.com' - - 'gcp-sa-automl.iam.gserviceaccount.com' - - 'gcp-sa-datalabeling.iam.gserviceaccount.com' - - 'gcp-sa-cloudscheduler.iam.gserviceaccount.com' - - # The types of service accounts that are allowed to be registered at - # /google/service_accounts endpoints - ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS: - # compute engine default service account - - 'developer.gserviceaccount.com' - # app engine default service account - - 'appspot.gserviceaccount.com' - # user-managed service account - - 'iam.gserviceaccount.com' - - # Synapse integration and DREAM challenge mapping. Team is from Synapse, and group is - # providing the actual permission in Arborist. User will be added to the group for TTL - # seconds if the team matches. - DREAM_CHALLENGE_TEAM: 'DREAM' - DREAM_CHALLENGE_GROUP: 'DREAM' - SYNAPSE_URI: 'https://repo-prod.prod.sagebase.org/auth/v1' - SYNAPSE_JWKS_URI: - # deprecated, use the discovery_url in the OPENID_CONNECT block for the synapse client - SYNAPSE_DISCOVERY_URL: - SYNAPSE_AUTHZ_TTL: 86400 - - # Role caching for generating presigned urls if max role session increase is true - # then we can increase the amount of time that a session is valid for - MAX_ROLE_SESSION_INCREASE: false - ASSUME_ROLE_CACHE_SECONDS: 1800 - - # Optional user registration feature: Ask users to register (provide firstname/lastname/org/email) on login. - # If user registers, add them to configured Arborist group; idea is that the Arborist group - # will have access to download data. - REGISTER_USERS_ON: false - REGISTERED_USERS_GROUP: '' - # RAS refresh_tokens expire in 15 days - RAS_REFRESH_EXPIRATION: 1296000 - # List of JWT issuers from which Fence will accept GA4GH visas - GA4GH_VISA_ISSUER_ALLOWLIST: - - '{{BASE_URL}}' - - 'https://sts.nih.gov' - - 'https://stsstg.nih.gov' - # Number of projects that can be registered to a Google Service Accont - SERVICE_ACCOUNT_LIMIT: 6 - - # Global sync visas during login - # None(Default): Allow per client i.e. a fence client can pick whether or not to sync their visas during login with parse_visas param in /authorization endpoint - # True: Parse for all clients i.e. a fence client will always sync their visas during login - # False: Parse for no clients i.e. a fence client will not be able to sync visas during login even with parse_visas param - GLOBAL_PARSE_VISAS_ON_LOGIN: - # Settings for usersync with visas - USERSYNC: - sync_from_visas: false - # fallback to dbgap sftp when there are no valid visas for a user i.e. if they're expired or if they're malformed - fallback_to_dbgap_sftp: false - visa_types: - ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] - RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' diff --git a/sample-values/user.yaml b/sample-values/user.yaml deleted file mode 100644 index 42a25552..00000000 --- a/sample-values/user.yaml +++ /dev/null @@ -1,92 +0,0 @@ -fence: - USER_YAML: | - authz: - # policies automatically given to anyone, even if they are not authenticated - anonymous_policies: - - open_data_reader - - # policies automatically given to authenticated users (in addition to their other policies) - all_users_policies: [] - - # each group can contain multiple policies and multiple users - groups: - - name: program1_readers - policies: - - program1_reader - users: - - username1@domain.com - - # resource tree - resources: - - name: open - - name: programs - subresources: - - name: program1 - - # each policy can contain multiple roles and multiple resources - policies: - - id: open_data_reader - role_ids: - - reader - - storage_reader - resource_paths: - - /open - - id: program1_reader - description: Read access to program1 - role_ids: - - reader - - storage_reader - resource_paths: - - /programs/program1 - - id: program1_indexd_admin - description: Admin access to program1 - role_ids: - - indexd_admin - resource_paths: - - /programs/program1 - - # currently existing methods are `read`, `create`, `update`, - # `delete`, `read-storage` and `write-storage` - roles: - - id: reader - permissions: - - id: reader - action: - method: read - service: '*' - - id: storage_reader - permissions: - - id: storage_reader - action: - method: read-storage - service: '*' - - id: creator - permissions: - - id: creator - action: - method: create - service: '*' - - id: indexd_admin - permissions: - - id: indexd_admin - action: - method: '*' - service: indexd - - # OIDC clients - clients: - client1: - policies: - - open_data_reader - - # all users must be defined here, even if they are not granted - # any individual permissions outside of the groups they are in. - # additional arbitrary information can be added in `tags`. - users: - username1@domain.com: {} - username2: - tags: - name: John Doe - email: johndoe@domain.com - policies: - - program1_reader diff --git a/sample-values/values_aws_dev.yaml b/sample-values/values_aws_dev.yaml deleted file mode 100644 index 9907dd06..00000000 --- a/sample-values/values_aws_dev.yaml +++ /dev/null @@ -1,69 +0,0 @@ -global: - environment: devplanetv1 - aws: - enabled: true - hostname: qureshi.planx-pla.net - revproxyArn: arn:aws:acm:us-east-1:707767160287:certificate/520ede2f-fc82-4bb9-af96-4b4af7deabbd -fence: - FENCE_CONFIG: - OPENID_CONNECT: - google: - client_id: "" - client_secret: "" - - -secrets: - awsAccessKeyId: - awsSecretAccessKey: - -hatchery: - image: - tag: feat_localdev - hatchery: - containers: - - target-port: 8888 - cpu-limit: '0.5' - memory-limit: 1Gi - name: "(Tutorials) Example Analysis Jupyter Lab Notebooks" - image: quay.io/cdis/heal-notebooks:combined_tutorials__latest - env: - FRAME_ANCESTORS: https://{{ .Values.global.hostname }} - args: - - "--NotebookApp.base_url=/lw-workspace/proxy/" - - "--NotebookApp.default_url=/lab" - - "--NotebookApp.password=''" - - "--NotebookApp.token=''" - - "--NotebookApp.shutdown_no_activity_timeout=5400" - - "--NotebookApp.quit_button=False" - command: - - start-notebook.sh - path-rewrite: "/lw-workspace/proxy/" - use-tls: 'false' - ready-probe: "/lw-workspace/proxy/" - lifecycle-post-start: - - "/bin/sh" - - "-c" - - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; - ln -s /data /home/$IAM/pd/; true - user-uid: 1000 - fs-gid: 100 - user-volume-location: "/home/jovyan/pd" - gen3-volume-location: "/home/jovyan/.gen3" - - -portal: - image: - tag: dev - -guppy: - enabled: true - dbRestore: true - -indexd: - dbRestore: true - -metadata: - dbRestore: true - -sheepdog: - dbRestore: true \ No newline at end of file diff --git a/sample-values/values_google_cloud_dev.yaml b/sample-values/values_google_cloud_dev.yaml deleted file mode 100644 index 4bb66aec..00000000 --- a/sample-values/values_google_cloud_dev.yaml +++ /dev/null @@ -1,9 +0,0 @@ -global: - dev: true - hostname: qureshi.planx-pla.net -fence: - FENCE_CONFIG: - OPENID_CONNECT: - google: - client_id: "" - client_secret: "" diff --git a/sample-values/values_local_dev.yaml b/sample-values/values_local_dev.yaml deleted file mode 100644 index d2c905d8..00000000 --- a/sample-values/values_local_dev.yaml +++ /dev/null @@ -1,10 +0,0 @@ -global: - dev: true - hostname: localhost -fence: - FENCE_CONFIG: - OPENID_CONNECT: - google: - client_id: "" - client_secret: "" - From c7b8959cdf5f7756b29c33ff330923e95981827c Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Mon, 8 May 2023 13:16:19 -0500 Subject: [PATCH 017/279] Remove unused global bucket configuration (#127) --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/gen3/templates/global-manifest.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index fbb579b3..416fcfec 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 9afd1c9d..88d79962 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index f033b81e..5952e0d8 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -8,8 +8,8 @@ data: "revproxy_arn": {{ .Values.global.revproxyArn | quote }} "dictionary_url": {{ .Values.global.dictionaryUrl | quote }} "portal_app": {{ .Values.global.portalApp | quote }} - "kube_bucket": {{ .Values.global.kubeBucket | quote }} - "logs_bucket": {{ .Values.global.logsBucket | quote }} + # "kube_bucket": {{ .Values.global.kubeBucket | quote }} + # "logs_bucket": {{ .Values.global.logsBucket | quote }} "sync_from_dbgap": {{ .Values.global.syncFromDbgap | quote }} "useryaml_s3path": {{ .Values.global.userYamlS3Path | quote }} "public_datasets": {{ .Values.global.publicDataSets | quote }} From ac235dcc76b1b8b1ea473f14651b3c6681a651da Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 12 May 2023 15:39:43 -0700 Subject: [PATCH 018/279] Setting up usersync job for helm. Adding documentation on how to setup the job. Updating all relevant charts global config options. --- .secrets.baseline | 74 +++--- docs/fence_usersync_job.md | 69 ++++++ helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 11 +- helm/arborist/values.yaml | 12 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 11 +- helm/audit/values.yaml | 12 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 11 +- helm/common/values.yaml | 12 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 23 +- .../fence_google_app_creds_secret.json | 0 .../fence_google_storage_creds_secret.json | 0 helm/fence/fence-ssh/config | 25 ++ helm/fence/projects/projects.yaml | 0 helm/fence/templates/aws-userysnc-creds.yaml | 10 + helm/fence/templates/fence-config.yaml | 8 +- helm/fence/templates/fence-ssh.yaml | 8 + helm/fence/templates/projects-config.yaml | 6 + helm/fence/templates/serviceaccount.yaml | 29 +++ helm/fence/templates/usersync-cron.yaml | 220 ++++++++++++++++++ helm/fence/templates/useryaml-job.yaml | 2 + helm/fence/values.yaml | 70 +++++- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 16 +- helm/gen3/templates/global-manifest.yaml | 8 +- helm/gen3/values.yaml | 25 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 11 +- helm/guppy/values.yaml | 12 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 11 +- helm/hatchery/values.yaml | 12 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 11 +- helm/indexd/values.yaml | 12 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 11 +- helm/metadata/values.yaml | 12 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 11 +- helm/peregrine/values.yaml | 12 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 11 +- helm/pidgin/values.yaml | 12 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 11 +- helm/portal/values.yaml | 12 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 11 +- helm/requestor/values.yaml | 12 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 11 +- helm/revproxy/values.yaml | 12 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 11 +- helm/sheepdog/values.yaml | 12 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 11 +- helm/sower/values.yaml | 12 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 11 +- helm/ssjdispatcher/values.yaml | 12 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 11 +- helm/wts/values.yaml | 12 +- 68 files changed, 866 insertions(+), 131 deletions(-) create mode 100644 docs/fence_usersync_job.md create mode 100644 helm/fence/fence-google-creds/fence_google_app_creds_secret.json create mode 100644 helm/fence/fence-google-creds/fence_google_storage_creds_secret.json create mode 100644 helm/fence/fence-ssh/config create mode 100644 helm/fence/projects/projects.yaml create mode 100644 helm/fence/templates/aws-userysnc-creds.yaml create mode 100644 helm/fence/templates/fence-ssh.yaml create mode 100644 helm/fence/templates/projects-config.yaml diff --git a/.secrets.baseline b/.secrets.baseline index ad391fd4..4f6161f8 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-08T17:09:14Z", + "generated_at": "2023-05-12T22:37:39Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -131,21 +131,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 67, + "line_number": 72, "type": "Secret Keyword" } ], @@ -154,21 +154,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 57, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 82, "type": "Secret Keyword" } ], @@ -243,28 +243,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 106, + "line_number": 108, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 108, + "line_number": 110, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 136, + "line_number": 141, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 168, + "line_number": 183, "type": "Secret Keyword" } ], @@ -328,7 +328,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1887, + "line_number": 1953, "type": "Secret Keyword" } ], @@ -346,7 +346,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 189, + "line_number": 212, "type": "Secret Keyword" } ], @@ -403,28 +403,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 50, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 71, + "line_number": 76, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 103, + "line_number": 108, "type": "Secret Keyword" } ], @@ -460,21 +460,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 62, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 81, + "line_number": 86, "type": "Secret Keyword" } ], @@ -568,14 +568,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 61, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 63, "type": "Secret Keyword" } ], @@ -583,13 +583,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 473, + "line_number": 483, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 476, + "line_number": 486, "type": "Base64 High Entropy String" } ], @@ -653,42 +653,42 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 62, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 82, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 98, + "line_number": 103, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 105, + "line_number": 110, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 107, + "line_number": 112, "type": "Secret Keyword" } ], @@ -715,7 +715,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 233, + "line_number": 243, "type": "Secret Keyword" } ], @@ -724,14 +724,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 55, "type": "Secret Keyword" } ], @@ -749,21 +749,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 57, + "line_number": 59, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 61, "type": "Secret Keyword" }, { "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", "is_secret": false, "is_verified": false, - "line_number": 116, + "line_number": 121, "type": "Secret Keyword" } ], @@ -781,7 +781,7 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 219, + "line_number": 229, "type": "Secret Keyword" } ], diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md new file mode 100644 index 00000000..27eef3ee --- /dev/null +++ b/docs/fence_usersync_job.md @@ -0,0 +1,69 @@ +# Fence Usersync CronJob + +If `global.usersync` is set to true, the Fence usersync-cron.yaml will be deployed to the cluster. + +User lists can be synced from three sources: + +1. A ftp/sftp server that hosts user csv files that follows the format provided by dbgap, enabled if `global.syncFromDbgap` is set to "true". Please follow the [Sftp Setup](#sftp-setup) guide before enabling this option. + +2. A user.yaml file that is pulled from the S3 bucket specified in the `global.usersync` field is used to update fence's user-access database. Please note an IAM policy with S3 read is required for this option. Please follow [S3 user.yaml Setup](#s3-setup) guide below. + +3. If the `global.userYamlS3Path` string is set to "none", the user.yaml file specified in the fence values.yaml [HERE](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L449-L1319) will be used. + + + +# S3 user.yaml Setup {#s3-setup} +Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. + +You can pull this file from an S3 bucket that is set in the `global.usersync` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.usersync.secrets.awsAccessKeyId` and `.Values.usersync.secrets.awsSecretAccessKey` fields. + +As previously mentioned, if the `global.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. + + + +# Dbgap +## Sftp Setup {#sftp-setup} +You can configure one or more dbGaP SFTP servers to sync telemetry files from. To configure one single dbGaP server, add credentials and information to the fence-config.yaml under dbGaP, this is outlined [here](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L1796). + +To configure additional dbGaP servers, include in the config.yaml a list of dbGaP servers under dbGaP, like so: + +``` +dbGaP: +- info: + host: + username: + password: + ... + protocol: 'sftp' + ... + ... +- info: + host: + username: + ... +```` + +You can find more detailed information on the setup with examples [here](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md). + +Create a proxy user specifically for the purpose of acting as a proxy between Gen3 Fence and the DBGaP server. This user account will be used to authenticate and authorize access to DBGaP resources on behalf of authenticated Gen3 user. Update the "proxy_user" field [here](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#LL1803C10-L1803C19). + +Generate an ssh key pair for the proxy user (ssh-keygen -t rsa -b 4096) and insert the values into the Fence `.Values.ssh_private_key` and `.Values.ssh_public_key` fields. Add the public key to the SFTP server for authentication if it is not already present. + +For an example of a dbGap auth file (csv), please see [this](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md#example-of-dbgap-authorization-file-csv-format) example for formatting. + +## Dbgap Options + Set `global.addDbgap` to "true" to attempt a dbgap sync and fall back on user.yaml. + + Set `global.onlyDbgap` to "true" to run only a dbgap sync and ignore the user.yaml. + +## Slack Options + Set `global.slack_webhook` to configure a webhook endpoint to be used for regular usersync updates to Slack. + + Set `slack_send_dbgap` to "true" to echo the files that are being seen on dbgap ftp to Slack. + + + +# Other Customizations + The `.Values.usersync.schedule` option can be set to customize the cron schedule expression. The default setting is to have the job run once every 30 minutes. + + The `.Values.usersync.custom_image` can be set to override the default "awshelper" image for the init container of the userync cronjob. \ No newline at end of file diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index a2ee04ce..dac195f3 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index bb3e98ad..f3ff444c 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -29,7 +29,8 @@ A Helm chart for gen3 arborist | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -40,6 +41,7 @@ A Helm chart for gen3 arborist | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -51,9 +53,12 @@ A Helm chart for gen3 arborist | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/arborist","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/arborist"` | Docker repository. | diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index ba09a43f..74e1980e 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -36,8 +36,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index f4508e02..10425dab 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index a8c03f3d..f02d7a21 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -37,7 +37,8 @@ A Helm chart for Kubernetes | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -48,6 +49,7 @@ A Helm chart for Kubernetes | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -59,9 +61,12 @@ A Helm chart for Kubernetes | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/audit-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/audit-service"` | The Docker image repository for the audit service | diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index c2cef92c..a552bffd 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -35,8 +35,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 73b4812a..d55fd9fd 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 03781358..52625fb0 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 @@ -8,7 +8,8 @@ A Helm chart for provisioning databases in gen3 | Key | Type | Default | Description | |-----|------|---------|-------------| -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -18,6 +19,7 @@ A Helm chart for provisioning databases in gen3 | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -28,9 +30,12 @@ A Helm chart for provisioning databases in gen3 | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/values.yaml b/helm/common/values.yaml index 5524892c..b4abcaa4 100644 --- a/helm/common/values.yaml +++ b/helm/common/values.yaml @@ -36,8 +36,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index b26e34ce..6b31434f 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index cf587e7a..c34bd6cf 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -88,9 +88,10 @@ A Helm chart for gen3 Fence | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}}]` | Environment variables to pass to the container | +| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"SYNC_FROM_DBGAP","valueFrom":{"configMapKeyRef":{"key":"sync_from_dbgap","name":"manifest-global","optional":true}}},{"name":"ADD_DBGAP","valueFrom":{"configMapKeyRef":{"key":"add_dbgap","name":"manifest-global","optional":true}}},{"name":"ONLY_DBGAP","valueFrom":{"configMapKeyRef":{"key":"only_dbgap","name":"manifest-global","optional":true}}},{"name":"SLACK_SEND_DBGAP","valueFrom":{"configMapKeyRef":{"key":"slack_send_dbgap","name":"manifest-global","optional":true}}},{"name":"slackWebHook","valueFrom":{"configMapKeyRef":{"key":"slack_webhook","name":"manifest-global","optional":true}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -101,6 +102,7 @@ A Helm chart for gen3 Fence | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -112,10 +114,13 @@ A Helm chart for gen3 Fence | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `true` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | @@ -144,6 +149,7 @@ A Helm chart for gen3 Fence | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | Postgresql subchart settings if deployed separately option is set to "true". Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | | privacy_policy | string | `nil` | | +| projects | string | `nil` | | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of desired replicas | | resources | map | `{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}}` | Resource requests and limits for the containers in the pod | @@ -163,7 +169,16 @@ A Helm chart for gen3 Fence | serviceAccount.annotations."eks.amazonaws.com/role-arn" | string | `nil` | The Amazon Resource Name (ARN) of the role to associate with the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"fence-sa"` | The name of the service account | +| ssh_private_key | string | `nil` | The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | +| ssh_public_key | string | `nil` | The ssh Public Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | +| sshconfig | string | `nil` | The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. | | tolerations | list | `[]` | Tolerations for the pods | +| usersync | map | `{"custom_image":null,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""}}` | Configuration options for usersync cronjob. | +| usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | +| usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | +| usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | +| usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | +| usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | diff --git a/helm/fence/fence-google-creds/fence_google_app_creds_secret.json b/helm/fence/fence-google-creds/fence_google_app_creds_secret.json new file mode 100644 index 00000000..e69de29b diff --git a/helm/fence/fence-google-creds/fence_google_storage_creds_secret.json b/helm/fence/fence-google-creds/fence_google_storage_creds_secret.json new file mode 100644 index 00000000..e69de29b diff --git a/helm/fence/fence-ssh/config b/helm/fence/fence-ssh/config new file mode 100644 index 00000000..5d56e6fa --- /dev/null +++ b/helm/fence/fence-ssh/config @@ -0,0 +1,25 @@ + Host squid.internal + ServerAliveInterval 120 + HostName cloud-proxy.internal.io + User ubuntu + ForwardAgent yes + + Host sftp.planx + ServerAliveInterval 120 + HostName sftp.planx-pla.net + User foo + ForwardAgent yes + IdentityFile ~/.ssh/id_rsa + ProxyCommand ssh ubuntu@squid.internal nc %h %p 2> /dev/null + + Host sftp.dbgap + ServerAliveInterval 120 + HostName ftp-private.ncbi.nlm.nih.gov + User BDC-TP + ForwardAgent yes + IdentityFile ~/.ssh/id_rsa + ProxyCommand ssh ubuntu@squid.internal nc %h %p 2> /dev/null + + Host cloud-proxy.internal.io + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null \ No newline at end of file diff --git a/helm/fence/projects/projects.yaml b/helm/fence/projects/projects.yaml new file mode 100644 index 00000000..e69de29b diff --git a/helm/fence/templates/aws-userysnc-creds.yaml b/helm/fence/templates/aws-userysnc-creds.yaml new file mode 100644 index 00000000..c6baff53 --- /dev/null +++ b/helm/fence/templates/aws-userysnc-creds.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-config-fence +type: Opaque +stringData: + credentials: | + [default] + aws_access_key_id={{.Values.usersync.secrets.awsAccessKeyId}} + aws_secret_access_key={{.Values.usersync.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 2ff0eadc..8432c028 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -8,4 +8,10 @@ stringData: {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} - \ No newline at end of file +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fence-sshconfig +data: + projects.yaml: {{ .Values.sshconfig | default ((.Files.Get "fence-ssh/config")) }} \ No newline at end of file diff --git a/helm/fence/templates/fence-ssh.yaml b/helm/fence/templates/fence-ssh.yaml new file mode 100644 index 00000000..8bf9c494 --- /dev/null +++ b/helm/fence/templates/fence-ssh.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: fence-ssh-keys +type: Opaque +data: + id_rsa: {{ .Values.ssh_private_key }} + id_rsa.pub: {{ .Values.ssh_public_key }} \ No newline at end of file diff --git a/helm/fence/templates/projects-config.yaml b/helm/fence/templates/projects-config.yaml new file mode 100644 index 00000000..75bc9230 --- /dev/null +++ b/helm/fence/templates/projects-config.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: projects +data: + projects.yaml: {{ .Values.projects | default ((.Files.Get "projects/projects.yaml")) }} \ No newline at end of file diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 8193f704..823e6801 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -9,4 +9,33 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +--- {{- end }} +{{- if .Values.global.usersync -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: usersync-job +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: usersync-job-role +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: usersync-job-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: usersync-job-role +subjects: + - kind: ServiceAccount + name: usersync-job + namespace: default +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index e69de29b..6e77c942 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -0,0 +1,220 @@ +{{- if .Values.global.usersync -}} +# +# run with: +# gen3 job run usersync +# +# Optional Arguments: +# ADD_DBGAP Force attempting a dbgap sync if "true", falls back on user.yaml +# by defualt. i.e. this isn't required for a dbGaP sync to happen +# default: "false" - fall back on user.yaml +# +# ONLY_DBGAP Forces ONLY a dbgap sync if "true", IGNORING user.yaml +# default: "false" +# +apiVersion: batch/v1 +kind: CronJob +metadata: + name: usersync +spec: + schedule: {{ .Values.usersync.schedule | quote }} + # Kill the job if it has not finished within 4 hours + activeDeadlineSeconds: 14400 + backoffLimit: 0 + jobTemplate: + spec: + template: + metadata: + labels: + app: gen3job + spec: + serviceAccountName: usersync-job + volumes: + - name: user-yaml + configMap: + name: useryaml + items: + - key: useryaml + path: user.yaml + - name: config-volume + secret: + secretName: "fence-config" + - name: creds-volume + secret: + secretName: "fence-creds" + - name: projects + configMap: + name: "projects" + - name: fence-google-app-creds-secret-volume + secret: + secretName: "fence-google-app-creds-secret" + - name: fence-google-storage-creds-secret-volume + secret: + secretName: "fence-google-storage-creds-secret" + - name: shared-data + emptyDir: {} + - name: fence-sshconfig + configMap: + name: "fence-sshconfig" + - name: fence-ssh-keys + secret: + secretName: "fence-ssh-keys" + defaultMode: 0400 + - name: cred-volume + secret: + secretName: aws-config-fence + initContainers: + - name: wait-for-fence + image: curlimages/curl:latest + command: ["/bin/sh","-c"] + args: ["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done"] + containers: + - name: usersync + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: Always + env: + {{- toYaml .Values.env | nindent 12 }} + volumeMounts: + - name: shared-data + mountPath: /mnt/shared + - name: "config-volume" + readOnly: true + mountPath: "/var/www/fence/fence-config.yaml" + subPath: fence-config.yaml + - name: "creds-volume" + readOnly: true + mountPath: "/var/www/fence/creds.json" + subPath: creds.json + - name: "projects" + mountPath: "/var/www/fence/projects.yaml" + subPath: "projects.yaml" + - name: "fence-google-app-creds-secret-volume" + readOnly: true + mountPath: "/var/www/fence/fence_google_app_creds_secret.json" + subPath: fence_google_app_creds_secret.json + - name: "fence-google-storage-creds-secret-volume" + readOnly: true + mountPath: "/var/www/fence/fence_google_storage_creds_secret.json" + subPath: fence_google_storage_creds_secret.json + - name: "fence-sshconfig" + mountPath: "/root/.ssh/config" + subPath: "config" + - name: "fence-ssh-keys" + mountPath: "/root/.ssh/id_rsa" + subPath: "id_rsa" + - name: "fence-ssh-keys" + mountPath: "/root/.ssh/id_rsa.pub" + subPath: "id_rsa.pub" + command: ["/bin/bash" ] + args: + - "-c" + # Script always succeeds if it runs (echo exits with 0) + - | + echo 'options use-vc' >> /etc/resolv.conf + pip3 install SQLAlchemy==1.3.6 + # can be removed once this is merged: https://github.com/uc-cdis/fence/pull/1096 + if [[ "$SYNC_FROM_DBGAP" != "true" && "$ADD_DBGAP" != "true" ]]; then + if [[ -f /mnt/shared/user.yaml ]]; then + echo "running fence-create" + time fence-create sync --arborist http://arborist-service --yaml /mnt/shared/user.yaml + else + echo "/mnt/shared/user.yaml did not appear within timeout :-(" + false # non-zero exit code + fi + exitcode=$? + else + output=$(mktemp "/tmp/fence-create-output_XXXXXX") + if [[ -f /mnt/shared/user.yaml && "$ONLY_DBGAP" != "true" ]]; then + echo "Running fence-create dbgap-sync with user.yaml - see $output" + time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml --yaml /mnt/shared/user.yaml 2>&1 | tee "$output" + else + echo "Running fence-create dbgap-sync without user.yaml - see $output" + time fence-create sync --arborist http://arborist-service --sync_from_dbgap "True" --projects /var/www/fence/projects.yaml 2>&1 | tee "$output" + fi + exitcode="${PIPESTATUS[0]}" + echo "$output" + # Echo what files we are seeing on dbgap ftp to Slack + # We only do this step every 12 hours and not on weekends to reduce noise + if [[ -n "$SLACK_SEND_DBGAP" && "$SLACK_SEND_DBGAP" = "true" ]]; then + files=$(grep "Reading file" "$output") + let hour=$(date -u +10#%H) + let dow=$(date -u +10#%u) + if ! (( hour % 12 )) && (( dow < 6 )); then + if [ "${slackWebHook}" != 'None' ]; then + curl -X POST --data-urlencode "payload={\"text\": \"FenceHelper: \n\`\`\`\n${files}\n\`\`\`\"}" "${slackWebHook}" + fi + fi + fi + fi + if [[ $exitcode -ne 0 && "${slackWebHook}" != 'None' ]]; then + emptyfile=$(grep "EnvironmentError:" "$output") + if [ ! -z "$emptyfile" ]; then + curl -X POST --data-urlencode "payload={\"text\": \"JOBSKIPPED: User sync skipped on ${gen3Env} ${emptyfile}\"}" "${slackWebHook}"; + else + curl -X POST --data-urlencode "payload={\"text\": \"JOBFAIL: User sync failed on ${gen3Env}\"}" "${slackWebHook}" + fi + fi + echo "Exit code: $exitcode" + exit "$exitcode" + - name: awshelper + image: {{ .Values.usersync.custom_image | default "quay.io/cdis/awshelper:master" }} + imagePullPolicy: Always + env: + - name: gen3Env + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: userYamlS3Path + valueFrom: + configMapKeyRef: + name: manifest-global + key: useryaml_s3path + volumeMounts: + - name: user-yaml + mountPath: /var/www/fence + - name: shared-data + mountPath: /mnt/shared + - name: cred-volume + mountPath: "/home/ubuntu/.aws/credentials" + subPath: credentials + command: ["/bin/bash" ] + args: + - "-c" + - | + GEN3_HOME=/home/ubuntu/cloud-automation + source "${GEN3_HOME}/gen3/lib/utils.sh" + gen3_load "gen3/gen3setup" + + if [ "${userYamlS3Path}" = 'none' ]; then + echo "using local user.yaml" + cp /var/www/fence/user.yaml /mnt/shared/user.yaml + else + # ----------------- + echo "awshelper downloading ${userYamlS3Path} to /mnt/shared/user.yaml" + n=0 + until [ $n -ge 5 ]; do + echo "Download attempt $n" + aws s3 cp "${userYamlS3Path}" /mnt/shared/user.yaml && break + n=$[$n+1] + sleep 2 + echo "test 1" + done + fi + if [[ ! -f /mnt/shared/user.yaml ]]; then + echo "awshelper failed to retrieve /mnt/shared/user.yaml" + exit 1 + fi + #----------- + echo "awshelper updating etl configmap" + if ! gen3 gitops etl-convert < /mnt/shared/user.yaml > /tmp/user.yaml; then + echo "ERROR: failed to generate ETL config" + exit 1 + fi + kubectl delete configmap fence > /dev/null 2>&1 + kubectl create configmap fence --from-file=/tmp/user.yaml + if [ "${slackWebHook}" != 'None' ]; then + curl -X POST --data-urlencode "payload={\"text\": \"AWSHelper: Syncing users on ${gen3Env}\"}" "${slackWebHook}" + fi + echo "Helper exit ok" + restartPolicy: "Never" +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/useryaml-job.yaml b/helm/fence/templates/useryaml-job.yaml index d7ec25f1..6adb96c4 100644 --- a/helm/fence/templates/useryaml-job.yaml +++ b/helm/fence/templates/useryaml-job.yaml @@ -43,5 +43,7 @@ spec: - "-c" # Script always succeeds if it runs (echo exits with 0) - | + pip3 install SQLAlchemy==1.3.6 + # can be removed once this is merged: https://github.com/uc-cdis/fence/pull/1096 fence-create sync --arborist http://arborist-service --yaml /var/www/fence/user.yaml restartPolicy: OnFailure diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index e4bdf20c..c8e3f56d 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -36,8 +36,20 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false + # # -- (bool) Option to generate ssh keys to be used in dbgap sync. + # generate_dbgap_sshkeys: true # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` @@ -82,6 +94,19 @@ postgresql: # -- (bool) Option to persist the dbs data. enabled: false +# -- (map) Configuration options for usersync cronjob. +usersync: + # -- (map) Secret information + secrets: + # -- (str) AWS access key ID for usersync S3 bucket + awsAccessKeyId: "" + # -- (str) AWS secret access key for usersync S3 bucket + awsSecretAccessKey: "" + # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. + schedule: "*/30 * * * *" + # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. + custom_image: + # -- (int) Number of desired replicas replicaCount: 1 @@ -264,6 +289,41 @@ env: secretKeyRef: name: indexd-service-creds key: fence + - name: SYNC_FROM_DBGAP + valueFrom: + configMapKeyRef: + name: manifest-global + key: sync_from_dbgap + optional: true + - name: ADD_DBGAP + valueFrom: + configMapKeyRef: + name: manifest-global + key: add_dbgap + optional: true + - name: ONLY_DBGAP + valueFrom: + configMapKeyRef: + name: manifest-global + key: only_dbgap + optional: true + - name: SLACK_SEND_DBGAP + valueFrom: + configMapKeyRef: + name: manifest-global + key: slack_send_dbgap + optional: true + - name: slackWebHook + valueFrom: + configMapKeyRef: + name: manifest-global + key: slack_webhook + optional: true + - name: gen3Env + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname # -- (list) Volumes to attach to the container. volumes: @@ -437,7 +497,13 @@ datadogTraceSampleRate: 1 logo: privacy_policy: - +projects: +# -- (string) The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. +sshconfig: +# -- (string) The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. +ssh_private_key: +# -- (string) The ssh Public Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. +ssh_public_key: # USER_SYNC_CRON: # LOCATION: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 416fcfec..be75b657 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 88d79962..899d41e0 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -62,6 +62,7 @@ Helm chart to deploy Gen3 Data Commons | audit.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | | aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | | aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | | aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | | fence.FENCE_CONFIG | map | `nil` | Configuration settings for Fence app | @@ -70,12 +71,19 @@ Helm chart to deploy Gen3 Data Commons | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| fence.usersync | map | `{"custom_image":null,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""}}` | Configuration options for usersync cronjob. | +| fence.usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | +| fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | +| fence.usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | +| fence.usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | +| fence.usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | | gitops.createdby | string | `nil` | - createdby.png - base64 | | gitops.css | string | `nil` | - multiline string - gitops.css | | gitops.favicon | string | `nil` | - favicon in base64 | | gitops.json | string | `nil` | multiline string - gitops.json | | gitops.logo | string | `nil` | - logo in base64 | | gitops.sponsors | string | `nil` | | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"enabled":false}` | AWS configuration | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | @@ -84,6 +92,7 @@ Helm chart to deploy Gen3 Data Commons | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | | global.postgres.master.host | string | `nil` | global postgres master host | @@ -92,10 +101,13 @@ Helm chart to deploy Gen3 Data Commons | global.postgres.master.username | string | `"postgres"` | global postgres master username | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `true` | Whether to run Fence usersync or not. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index 5952e0d8..829b2c44 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -8,9 +8,11 @@ data: "revproxy_arn": {{ .Values.global.revproxyArn | quote }} "dictionary_url": {{ .Values.global.dictionaryUrl | quote }} "portal_app": {{ .Values.global.portalApp | quote }} - # "kube_bucket": {{ .Values.global.kubeBucket | quote }} - # "logs_bucket": {{ .Values.global.logsBucket | quote }} + "kube_bucket": {{ .Values.global.kubeBucket | quote }} + "logs_bucket": {{ .Values.global.logsBucket | quote }} "sync_from_dbgap": {{ .Values.global.syncFromDbgap | quote }} + "add_dbgap": {{ .Values.global.addDbgap | quote }} + "only_dbgap": {{ .Values.global.onlyDbgap | quote }} "useryaml_s3path": {{ .Values.global.userYamlS3Path | quote }} "public_datasets": {{ .Values.global.publicDataSets | quote }} "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} @@ -18,6 +20,8 @@ data: "netpolicy": {{ .Values.global.netPolicy | quote }} "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} "dd_enabled": {{ .Values.global.ddEnabled | quote }} + "slack_webhook": {{ .Values.global.slack_webhook | quote }} + "slack_send_dbgap": {{ .Values.global.slack_send_dbgap | quote }} {{- with .Values.global.origins_allow_credentials }} "origins_allow_credentials": {{ . | toJson | quote }} {{- end -}} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index a451aff5..76b25d7e 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -40,8 +40,18 @@ global: portalApp: gitops # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: "None" + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` @@ -103,6 +113,7 @@ aws-es-proxy: enabled: false # -- (str) Elasticsearch endpoint in AWS esEndpoint: test.us-east-1.es.amazonaws.com + # -- (map) Secret information secrets: # -- (str) AWS access key ID for aws-es-proxy awsAccessKeyId: "" @@ -122,6 +133,18 @@ fence: FENCE_CONFIG: # -- (string) USER YAML. Passed in as a multiline string. USER_YAML: + # -- (map) Configuration options for usersync cronjob. + usersync: + # -- (map) Secret information + secrets: + # -- (str) AWS access key ID for usersync S3 bucket + awsAccessKeyId: "" + # -- (str) AWS secret access key for usersync S3 bucket + awsSecretAccessKey: "" + # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. + schedule: "*/30 * * * *" + # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. + custom_image: guppy: # -- (bool) Whether to deploy the guppy subchart. diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 9c6e2d3e..f2fe353f 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index efbf2bca..d73ab631 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -40,7 +40,8 @@ A Helm chart for gen3 Guppy Service | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -55,6 +56,7 @@ A Helm chart for gen3 Guppy Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -66,10 +68,13 @@ A Helm chart for gen3 Guppy Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 342d0467..71ecb3ef 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 8acfcd66..e64b2504 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 3151d032..87c1e709 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -27,7 +27,8 @@ A Helm chart for gen3 Hatchery | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -42,6 +43,7 @@ A Helm chart for gen3 Hatchery | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -53,9 +55,12 @@ A Helm chart for gen3 Hatchery | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 200385bd..37cd2a50 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index dd60065f..79b50c2b 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 532a8b64..9ba7cefb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -28,7 +28,8 @@ A Helm chart for gen3 indexd | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -43,6 +44,7 @@ A Helm chart for gen3 indexd | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -54,10 +56,13 @@ A Helm chart for gen3 indexd | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/indexd"` | The Docker image repository for the indexd service | diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 90bec19d..ba48bc84 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 5784ee70..8d8e1241 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 40b3043c..5996afd5 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -38,7 +38,8 @@ A Helm chart for gen3 Metadata Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -53,6 +54,7 @@ A Helm chart for gen3 Metadata Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -64,9 +66,12 @@ A Helm chart for gen3 Metadata Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/metadata-service"` | Docker repository. | diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 0cd45435..cef92cc9 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index a9ee0522..f0906e77 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 9a4d1310..8e4c79a8 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -29,7 +29,8 @@ A Helm chart for gen3 Peregrine service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -44,6 +45,7 @@ A Helm chart for gen3 Peregrine service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -55,9 +57,12 @@ A Helm chart for gen3 Peregrine service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/peregrine"` | The Docker image repository for the fence service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index b18e788b..dbd46006 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -43,8 +43,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 51d95965..d70ca3ff 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index df496235..ee9ad47b 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -33,7 +33,8 @@ A Helm chart for gen3 Pidgin Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,6 +49,7 @@ A Helm chart for gen3 Pidgin Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -59,9 +61,12 @@ A Helm chart for gen3 Pidgin Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"Always"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/pidgin"` | The Docker image repository for the fence service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index 230d59ca..18239781 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 2843e3c7..67e90cd2 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 5a0f0455..06cde26c 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -39,7 +39,8 @@ A Helm chart for gen3 data-portal | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | | gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -54,6 +55,7 @@ A Helm chart for gen3 data-portal | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -65,10 +67,13 @@ A Helm chart for gen3 data-portal | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index bec889a1..1f95cadb 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -43,8 +43,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index e16dde3f..ad6b4b23 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index a8a6ada5..34b07d9e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -36,7 +36,8 @@ A Helm chart for gen3 Requestor Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -51,6 +52,7 @@ A Helm chart for gen3 Requestor Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -62,9 +64,12 @@ A Helm chart for gen3 Requestor Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/requestor","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/requestor"` | Docker repository. | diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 9dcdb2c7..437ffac6 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index f9dcd9d0..e21c55db 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 972169ae..1f4f4816 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -26,7 +26,8 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -41,6 +42,7 @@ A Helm chart for gen3 revproxy | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -52,10 +54,13 @@ A Helm chart for gen3 revproxy | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index b5ac00ee..d97ff46e 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -47,8 +47,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 259ad8b7..1e8bc35f 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 2ece21ae..4d073d0f 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -38,7 +38,8 @@ A Helm chart for gen3 Sheepdog Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -53,6 +54,7 @@ A Helm chart for gen3 Sheepdog Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -64,9 +66,12 @@ A Helm chart for gen3 Sheepdog Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"helm-test"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 8e76a2b7..aaa46d83 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: false + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 9344740d..ed1c1253 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 9e768929..fb5b02c2 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -33,7 +33,8 @@ A Helm chart for gen3 sower | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -47,6 +48,7 @@ A Helm chart for gen3 sower | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -57,9 +59,12 @@ A Helm chart for gen3 sower | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `true` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 5ea089ef..0cc2fb4d 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index cdbe45c8..13075860 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index de0fb75b..bcac12d7 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -37,7 +37,8 @@ A Helm chart for gen3 ssjdispatcher | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -52,6 +53,7 @@ A Helm chart for gen3 ssjdispatcher | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -63,9 +65,12 @@ A Helm chart for gen3 ssjdispatcher | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `true` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"nginx","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index a24f7f6b..8c097bb1 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index bb9ec694..073b7a6d 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index d0776480..37e688e8 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -27,7 +27,8 @@ A Helm chart for gen3 workspace token service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -42,6 +43,7 @@ A Helm chart for gen3 workspace token service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -53,9 +55,12 @@ A Helm chart for gen3 workspace token service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| global.usersync | bool | `true` | Whether to run Fence usersync or not. | | hostname | string | `nil` | Hostname for the deployment. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/workspace-token-service","tag":"feat_wts_internalfence"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 32f3db80..e61f15d5 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -44,8 +44,18 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/test/user.yaml + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` From 2a56f002488a917da2225d90ec49d09aeec7c304 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 12 May 2023 15:51:24 -0700 Subject: [PATCH 019/279] testing a fix for linting error. --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 32 ++++++++++++++++---------------- helm/gen3/README.md | 32 ++++++++++++++++---------------- 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4f6161f8..3d8f3f6b 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-12T22:37:39Z", + "generated_at": "2023-05-12T22:51:18Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -337,7 +337,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 106, + "line_number": 118, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index be75b657..ec4a32c2 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -9,7 +9,7 @@ dependencies: repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.7" + version: "0.1.8" repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper @@ -17,7 +17,7 @@ dependencies: repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.8" + version: "0.1.9" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy @@ -25,22 +25,22 @@ dependencies: repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: "0.1.6" + version: "0.1.7" repository: file://../common - name: fence - version: "0.1.8" + version: "0.1.9" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.7" + version: "0.1.8" repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: "0.1.5" + version: "0.1.6" repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.9" + version: "0.2.0" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -48,39 +48,39 @@ dependencies: repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.7" + version: "0.1.8" repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.8" + version: "0.1.9" repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.6" + version: "0.1.7" repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.6" + version: "0.1.7" repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.7" + version: "0.1.8" repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.9" + version: "0.2.0" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.9" + version: "0.2.0" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.4" + version: "0.1.5" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.1.9" + version: "0.2.0" repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 899d41e0..070e9404 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -19,26 +19,26 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| | file://../ambassador | ambassador | 0.1.7 | -| file://../arborist | arborist | 0.1.7 | +| file://../arborist | arborist | 0.1.8 | | file://../argo-wrapper | argo-wrapper | 0.1.3 | -| file://../audit | audit | 0.1.8 | +| file://../audit | audit | 0.1.9 | | file://../aws-es-proxy | aws-es-proxy | 0.1.5 | -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.4 | -| file://../fence | fence | 0.1.8 | -| file://../guppy | guppy | 0.1.7 | -| file://../hatchery | hatchery | 0.1.5 | -| file://../indexd | indexd | 0.1.9 | +| file://../fence | fence | 0.1.9 | +| file://../guppy | guppy | 0.1.8 | +| file://../hatchery | hatchery | 0.1.6 | +| file://../indexd | indexd | 0.2.0 | | file://../manifestservice | manifestservice | 0.1.8 | -| file://../metadata | metadata | 0.1.7 | -| file://../peregrine | peregrine | 0.1.8 | -| file://../pidgin | pidgin | 0.1.6 | -| file://../portal | portal | 0.1.6 | -| file://../requestor | requestor | 0.1.7 | -| file://../revproxy | revproxy | 0.1.9 | -| file://../sheepdog | sheepdog | 0.1.9 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.4 | -| file://../wts | wts | 0.1.9 | +| file://../metadata | metadata | 0.1.8 | +| file://../peregrine | peregrine | 0.1.9 | +| file://../pidgin | pidgin | 0.1.7 | +| file://../portal | portal | 0.1.7 | +| file://../requestor | requestor | 0.1.8 | +| file://../revproxy | revproxy | 0.2.0 | +| file://../sheepdog | sheepdog | 0.2.0 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.5 | +| file://../wts | wts | 0.2.0 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From 40d070671da393fbf6cb1d246cf5a471a2314f3b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 12 May 2023 15:55:33 -0700 Subject: [PATCH 020/279] fixing chart.yaml for gen3 umbrella chart --- helm/gen3/Chart.yaml | 8 ++++---- helm/gen3/README.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index ec4a32c2..d31ce10b 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -40,7 +40,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.2.0" + version: "0.1.10" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -68,11 +68,11 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.2.0" + version: "0.1.10" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.2.0" + version: "0.1.10" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher @@ -80,7 +80,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts - version: "0.2.0" + version: "0.1.10" repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 070e9404..77394544 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -28,17 +28,17 @@ Helm chart to deploy Gen3 Data Commons | file://../fence | fence | 0.1.9 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | -| file://../indexd | indexd | 0.2.0 | +| file://../indexd | indexd | 0.1.10 | | file://../manifestservice | manifestservice | 0.1.8 | | file://../metadata | metadata | 0.1.8 | | file://../peregrine | peregrine | 0.1.9 | | file://../pidgin | pidgin | 0.1.7 | | file://../portal | portal | 0.1.7 | | file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.2.0 | -| file://../sheepdog | sheepdog | 0.2.0 | +| file://../revproxy | revproxy | 0.1.10 | +| file://../sheepdog | sheepdog | 0.1.10 | | file://../ssjdispatcher | ssjdispatcher | 0.1.5 | -| file://../wts | wts | 0.2.0 | +| file://../wts | wts | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From 5adfc0b21c53bf7f84b93e6ffa311063a67173c7 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:19:35 -0600 Subject: [PATCH 021/279] forgot to bump up the common chart version. --- .secrets.baseline | 20 ++++++++++---------- helm/ambassador/Chart.yaml | 4 ++-- helm/ambassador/README.md | 4 ++-- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 4 ++-- helm/argo-wrapper/README.md | 4 ++-- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 4 ++-- helm/aws-es-proxy/README.md | 4 ++-- helm/dicom-server/Chart.yaml | 4 ++-- helm/dicom-server/README.md | 4 ++-- helm/dicom-viewer/Chart.yaml | 4 ++-- helm/dicom-viewer/README.md | 4 ++-- helm/elasticsearch/Chart.yaml | 4 ++-- helm/elasticsearch/README.md | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 4 ++-- helm/manifestservice/README.md | 4 ++-- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 47 files changed, 70 insertions(+), 70 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 3d8f3f6b..3a1d54dc 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-12T22:51:18Z", + "generated_at": "2023-05-15T16:18:54Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -355,14 +355,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 62, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 64, "type": "Secret Keyword" } ], @@ -483,28 +483,28 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 70, + "line_number": 75, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 104, "type": "Secret Keyword" } ], @@ -598,21 +598,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 78, + "line_number": 83, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 40487016..5acd83d5 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index d5eae225..2a56dd52 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index dac195f3..08304731 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index f3ff444c..40abd671 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 7584c917..dbad7182 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 33e20cae..8ca7a922 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 10425dab..966a2573 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index f02d7a21..58bfbab3 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 934a077d..e8ac19ef 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 48bdac36..9cdb1805 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 380f19cd..f8777d39 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index b8d69c62..6d24ac03 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 7ab4bdea..bdff7a6a 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 8c98e773..3ea1757e 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/elasticsearch/Chart.yaml b/helm/elasticsearch/Chart.yaml index 6b59b465..1720df09 100644 --- a/helm/elasticsearch/Chart.yaml +++ b/helm/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.16.0" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md index 2eac645e..c9852ebc 100644 --- a/helm/elasticsearch/README.md +++ b/helm/elasticsearch/README.md @@ -1,6 +1,6 @@ # elasticsearch -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 6b31434f..e4052d49 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index c34bd6cf..1de8b825 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index f2fe353f..ea90bf38 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index d73ab631..a9690182 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index e64b2504..94913173 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 87c1e709..b53a4150 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 79b50c2b..54634c9d 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 9ba7cefb..653aea71 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 2131625f..2577affe 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index b04efdd3..47c8fd8e 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 8d8e1241..718ca364 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 5996afd5..72c40485 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index f0906e77..cfdfe6e3 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8e4c79a8..22f8ab76 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index d70ca3ff..831c01ac 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index ee9ad47b..3a5b6c16 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 67e90cd2..61f4b9ca 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index 06cde26c..22726982 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index ad6b4b23..4e59fb2a 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 34b07d9e..5e7666f8 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index e21c55db..ed6a92ba 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 1f4f4816..c5d5880e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 1e8bc35f..cb5745a2 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 4d073d0f..5b949910 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index ed1c1253..8bd18212 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index fb5b02c2..fe821df9 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 13075860..b0826398 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index bcac12d7..5669823f 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 073b7a6d..a1c29c60 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.6 + version: 0.1.7 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index 37e688e8..208a6d81 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.6 | +| file://../common | common | 0.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From b6ced2dfda5926e43e3f90ddced2d3e6fa3050eb Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:24:41 -0600 Subject: [PATCH 022/279] updating the gen3 umbrella chart --- helm/gen3/Chart.yaml | 10 +++++----- helm/gen3/README.md | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d31ce10b..2fe73961 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,7 +5,7 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.7" + version: "0.1.8" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist @@ -13,7 +13,7 @@ dependencies: repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: "0.1.3" + version: "0.1.4" repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit @@ -21,7 +21,7 @@ dependencies: repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: "0.1.5" + version: "0.1.6" repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common @@ -44,7 +44,7 @@ dependencies: repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.8" + version: "0.1.9" repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata @@ -86,7 +86,7 @@ dependencies: - name: elasticsearch - version: "0.1.4" + version: "0.1.5" repository: "file://../elasticsearch" condition: global.dev - name: postgresql diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 77394544..fa8c7e99 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,18 +18,18 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.7 | +| file://../ambassador | ambassador | 0.1.8 | | file://../arborist | arborist | 0.1.8 | -| file://../argo-wrapper | argo-wrapper | 0.1.3 | +| file://../argo-wrapper | argo-wrapper | 0.1.4 | | file://../audit | audit | 0.1.9 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.5 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.6 | | file://../common | common | 0.1.7 | -| file://../elasticsearch | elasticsearch | 0.1.4 | +| file://../elasticsearch | elasticsearch | 0.1.5 | | file://../fence | fence | 0.1.9 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | -| file://../manifestservice | manifestservice | 0.1.8 | +| file://../manifestservice | manifestservice | 0.1.9 | | file://../metadata | metadata | 0.1.8 | | file://../peregrine | peregrine | 0.1.9 | | file://../pidgin | pidgin | 0.1.7 | From 8651f33741b119dcbc6ea7ede6c6443f86aae4f3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:30:43 -0600 Subject: [PATCH 023/279] fixing indentation and trailing spaces in fence values.yaml file --- helm/fence/README.md | 2 +- helm/fence/values.yaml | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/helm/fence/README.md b/helm/fence/README.md index 1de8b825..caee078b 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -171,7 +171,7 @@ A Helm chart for gen3 Fence | serviceAccount.name | string | `"fence-sa"` | The name of the service account | | ssh_private_key | string | `nil` | The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | | ssh_public_key | string | `nil` | The ssh Public Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | -| sshconfig | string | `nil` | The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. | +| sshconfig | string | `nil` | The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. | | tolerations | list | `[]` | Tolerations for the pods | | usersync | map | `{"custom_image":null,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""}}` | Configuration options for usersync cronjob. | | usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index c8e3f56d..ecb312d5 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -315,15 +315,15 @@ env: optional: true - name: slackWebHook valueFrom: - configMapKeyRef: - name: manifest-global - key: slack_webhook - optional: true + configMapKeyRef: + name: manifest-global + key: slack_webhook + optional: true - name: gen3Env valueFrom: - configMapKeyRef: - name: manifest-global - key: hostname + configMapKeyRef: + name: manifest-global + key: hostname # -- (list) Volumes to attach to the container. volumes: @@ -497,8 +497,8 @@ datadogTraceSampleRate: 1 logo: privacy_policy: -projects: -# -- (string) The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. +projects: +# -- (string) The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. sshconfig: # -- (string) The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. ssh_private_key: From b96089cca9e05ff1ba519ef1d45ec59252949000 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:36:09 -0600 Subject: [PATCH 024/279] moving the seperator in the serviceaccount.yaml file --- helm/fence/templates/serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 823e6801..1fde7e69 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -9,8 +9,8 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} ---- {{- end }} +--- {{- if .Values.global.usersync -}} apiVersion: v1 kind: ServiceAccount From 81bc0726f4b11d59926b8f033b69f2e1e76bb283 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:38:57 -0600 Subject: [PATCH 025/279] changing separator location --- helm/fence/templates/serviceaccount.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 1fde7e69..51150b4c 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -10,8 +10,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} ---- {{- if .Values.global.usersync -}} +--- apiVersion: v1 kind: ServiceAccount metadata: From ba8598f610c8378a389bf7ccbd8a6f588a06eca9 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:48:25 -0600 Subject: [PATCH 026/279] adding an extra space --- helm/fence/templates/serviceaccount.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 51150b4c..414e0477 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -10,6 +10,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + {{- if .Values.global.usersync -}} --- apiVersion: v1 From a3f217ddd33db582fdd2e16e77082f2907254c07 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:51:13 -0600 Subject: [PATCH 027/279] changin seperator again --- helm/fence/templates/serviceaccount.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 414e0477..1fde7e69 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -10,9 +10,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} - -{{- if .Values.global.usersync -}} --- +{{- if .Values.global.usersync -}} apiVersion: v1 kind: ServiceAccount metadata: From 1e55194952d8319066b45326d7164b4349feebe1 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 10:54:07 -0600 Subject: [PATCH 028/279] adding two seperators for linting --- helm/fence/templates/serviceaccount.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 1fde7e69..9d47e0d1 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -12,6 +12,7 @@ metadata: {{- end }} --- {{- if .Values.global.usersync -}} +--- apiVersion: v1 kind: ServiceAccount metadata: From 6529b3da79b6d953b70cd6d7baea9abe330b729e Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 15 May 2023 11:02:15 -0600 Subject: [PATCH 029/279] moving the userync sa and cluster role to a separate sheet due to linter failure. Also, setting the default for the usersync job to "false" --- .secrets.baseline | 8 +++---- helm/fence/README.md | 4 ++-- helm/fence/templates/serviceaccount.yaml | 30 ------------------------ helm/fence/templates/usersync-sa.yaml | 28 ++++++++++++++++++++++ helm/fence/values.yaml | 2 +- helm/gen3/README.md | 2 +- helm/gen3/values.yaml | 2 +- helm/sower/README.md | 4 ++-- helm/sower/values.yaml | 2 +- helm/ssjdispatcher/README.md | 4 ++-- helm/ssjdispatcher/values.yaml | 2 +- helm/wts/README.md | 4 ++-- helm/wts/values.yaml | 2 +- 13 files changed, 46 insertions(+), 48 deletions(-) create mode 100644 helm/fence/templates/usersync-sa.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 3a1d54dc..d1a1ce59 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-15T16:18:54Z", + "generated_at": "2023-05-15T17:02:11Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -790,21 +790,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 72, + "line_number": 77, "type": "Secret Keyword" } ], diff --git a/helm/fence/README.md b/helm/fence/README.md index caee078b..75e701b6 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -90,7 +90,7 @@ A Helm chart for gen3 Fence | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"SYNC_FROM_DBGAP","valueFrom":{"configMapKeyRef":{"key":"sync_from_dbgap","name":"manifest-global","optional":true}}},{"name":"ADD_DBGAP","valueFrom":{"configMapKeyRef":{"key":"add_dbgap","name":"manifest-global","optional":true}}},{"name":"ONLY_DBGAP","valueFrom":{"configMapKeyRef":{"key":"only_dbgap","name":"manifest-global","optional":true}}},{"name":"SLACK_SEND_DBGAP","valueFrom":{"configMapKeyRef":{"key":"slack_send_dbgap","name":"manifest-global","optional":true}}},{"name":"slackWebHook","valueFrom":{"configMapKeyRef":{"key":"slack_webhook","name":"manifest-global","optional":true}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | @@ -120,7 +120,7 @@ A Helm chart for gen3 Fence | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `true` | Whether to run Fence usersync or not. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/fence/templates/serviceaccount.yaml b/helm/fence/templates/serviceaccount.yaml index 9d47e0d1..48c24f36 100644 --- a/helm/fence/templates/serviceaccount.yaml +++ b/helm/fence/templates/serviceaccount.yaml @@ -9,34 +9,4 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} ---- -{{- if .Values.global.usersync -}} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: usersync-job ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: usersync-job-role -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch", "create", "update", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: usersync-job-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: usersync-job-role -subjects: - - kind: ServiceAccount - name: usersync-job - namespace: default {{- end }} \ No newline at end of file diff --git a/helm/fence/templates/usersync-sa.yaml b/helm/fence/templates/usersync-sa.yaml new file mode 100644 index 00000000..64eca226 --- /dev/null +++ b/helm/fence/templates/usersync-sa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.global.usersync -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: usersync-job +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: usersync-job-role +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: usersync-job-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: usersync-job-role +subjects: + - kind: ServiceAccount + name: usersync-job + namespace: default +{{- end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index ecb312d5..bf2c5e0f 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -43,7 +43,7 @@ global: # -- (string) Path to the user.yaml file in S3. userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) Slack webhook endpoint used with certain jobs. slack_webhook: None # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. diff --git a/helm/gen3/README.md b/helm/gen3/README.md index fa8c7e99..5a31a69f 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -107,7 +107,7 @@ Helm chart to deploy Gen3 Data Commons | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `true` | Whether to run Fence usersync or not. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 76b25d7e..d9f23ed2 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -47,7 +47,7 @@ global: # -- (string) Path to the user.yaml file in S3. userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) Slack webhook endpoint used with certain jobs. slack_webhook: "None" # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. diff --git a/helm/sower/README.md b/helm/sower/README.md index fe821df9..a3bc7d8e 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -33,7 +33,7 @@ A Helm chart for gen3 sower | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -64,7 +64,7 @@ A Helm chart for gen3 sower | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `true` | Whether to run Fence usersync or not. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 0cc2fb4d..5262a4e5 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -51,7 +51,7 @@ global: # -- (string) Path to the user.yaml file in S3. userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) Slack webhook endpoint used with certain jobs. slack_webhook: None # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 5669823f..249110c3 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -37,7 +37,7 @@ A Helm chart for gen3 ssjdispatcher | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -70,7 +70,7 @@ A Helm chart for gen3 ssjdispatcher | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `true` | Whether to run Fence usersync or not. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"nginx","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index 8c097bb1..f661d5e1 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -51,7 +51,7 @@ global: # -- (string) Path to the user.yaml file in S3. userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) Slack webhook endpoint used with certain jobs. slack_webhook: None # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. diff --git a/helm/wts/README.md b/helm/wts/README.md index 208a6d81..acaf0ff6 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -27,7 +27,7 @@ A Helm chart for gen3 workspace token service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Global configuration options. | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -60,7 +60,7 @@ A Helm chart for gen3 workspace token service | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `true` | Whether to run Fence usersync or not. | +| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | hostname | string | `nil` | Hostname for the deployment. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/workspace-token-service","tag":"feat_wts_internalfence"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index e61f15d5..518bba26 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -51,7 +51,7 @@ global: # -- (string) Path to the user.yaml file in S3. userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) Slack webhook endpoint used with certain jobs. slack_webhook: None # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. From 24f99f87b86d60fe3a76096c8530bf8d71c0d5ba Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 16 May 2023 09:50:18 -0600 Subject: [PATCH 030/279] - removing userysnc values from the global manifest and putting them in a separate section for Fence only. - removing configuration and references to the Fence ssh keys, config, and proxy_user as we are moving away from using squid. --- .secrets.baseline | 10 ++-- docs/fence_usersync_job.md | 24 ++++----- helm/arborist/README.md | 9 +--- helm/arborist/values.yaml | 14 ----- helm/audit/README.md | 9 +--- helm/audit/values.yaml | 14 ----- helm/common/README.md | 9 +--- helm/common/values.yaml | 14 ----- helm/fence/README.md | 24 ++++----- helm/fence/fence-ssh/config | 25 --------- helm/fence/templates/fence-config.yaml | 2 +- helm/fence/templates/fence-ssh.yaml | 4 +- helm/fence/templates/projects-config.yaml | 2 +- helm/fence/templates/usersync-cron.yaml | 38 +++++-------- helm/fence/templates/usersync-sa.yaml | 2 +- helm/fence/values.yaml | 65 +++++------------------ helm/gen3/README.md | 16 +++--- helm/gen3/templates/global-manifest.yaml | 6 --- helm/gen3/values.yaml | 28 +++++----- helm/guppy/README.md | 9 +--- helm/guppy/values.yaml | 14 ----- helm/hatchery/README.md | 9 +--- helm/hatchery/values.yaml | 14 ----- helm/indexd/README.md | 9 +--- helm/indexd/values.yaml | 14 ----- helm/metadata/README.md | 9 +--- helm/metadata/values.yaml | 14 ----- helm/peregrine/README.md | 10 +--- helm/peregrine/values.yaml | 16 ------ helm/pidgin/README.md | 9 +--- helm/pidgin/values.yaml | 14 ----- helm/portal/README.md | 9 +--- helm/portal/values.yaml | 14 ----- helm/revproxy/README.md | 9 +--- helm/revproxy/values.yaml | 14 ----- helm/sheepdog/README.md | 9 +--- helm/sheepdog/values.yaml | 14 ----- helm/sower/README.md | 9 +--- helm/sower/values.yaml | 14 ----- helm/ssjdispatcher/README.md | 9 +--- helm/ssjdispatcher/values.yaml | 14 ----- helm/wts/README.md | 9 +--- helm/wts/values.yaml | 14 ----- 43 files changed, 95 insertions(+), 499 deletions(-) delete mode 100644 helm/fence/fence-ssh/config diff --git a/.secrets.baseline b/.secrets.baseline index d1a1ce59..1189a76d 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-15T17:02:11Z", + "generated_at": "2023-05-16T15:48:33Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -328,7 +328,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1953, + "line_number": 1916, "type": "Secret Keyword" } ], @@ -583,13 +583,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 483, + "line_number": 469, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 486, + "line_number": 472, "type": "Base64 High Entropy String" } ], @@ -715,7 +715,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 243, + "line_number": 229, "type": "Secret Keyword" } ], diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index 27eef3ee..a05ed7d6 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -1,23 +1,23 @@ # Fence Usersync CronJob -If `global.usersync` is set to true, the Fence usersync-cron.yaml will be deployed to the cluster. +If `.Values.usersync.usersync` is set to true, the Fence usersync-cron.yaml will be deployed to the cluster. User lists can be synced from three sources: -1. A ftp/sftp server that hosts user csv files that follows the format provided by dbgap, enabled if `global.syncFromDbgap` is set to "true". Please follow the [Sftp Setup](#sftp-setup) guide before enabling this option. +1. A ftp/sftp server that hosts user csv files that follows the format provided by dbgap, enabled if `.Values.usersync.syncFromDbgap` is set to "true". Please follow the [Sftp Setup](#sftp-setup) guide before enabling this option. -2. A user.yaml file that is pulled from the S3 bucket specified in the `global.usersync` field is used to update fence's user-access database. Please note an IAM policy with S3 read is required for this option. Please follow [S3 user.yaml Setup](#s3-setup) guide below. +2. A user.yaml file that is pulled from the S3 bucket specified in the `.Values.usersync.userYamlS3Path` field is used to update fence's user-access database. Please note an IAM policy with S3 read is required for this option. Please follow [S3 user.yaml Setup](#s3-setup) guide below. -3. If the `global.userYamlS3Path` string is set to "none", the user.yaml file specified in the fence values.yaml [HERE](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L449-L1319) will be used. +3. If the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file specified in the fence values.yaml [HERE](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L449-L1319) will be used. # S3 user.yaml Setup {#s3-setup} Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. -You can pull this file from an S3 bucket that is set in the `global.usersync` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.usersync.secrets.awsAccessKeyId` and `.Values.usersync.secrets.awsSecretAccessKey` fields. +You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.usersync.secrets.awsAccessKeyId` and `.Values.usersync.secrets.awsSecretAccessKey` fields. -As previously mentioned, if the `global.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. +As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. @@ -45,21 +45,17 @@ dbGaP: You can find more detailed information on the setup with examples [here](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md). -Create a proxy user specifically for the purpose of acting as a proxy between Gen3 Fence and the DBGaP server. This user account will be used to authenticate and authorize access to DBGaP resources on behalf of authenticated Gen3 user. Update the "proxy_user" field [here](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#LL1803C10-L1803C19). - -Generate an ssh key pair for the proxy user (ssh-keygen -t rsa -b 4096) and insert the values into the Fence `.Values.ssh_private_key` and `.Values.ssh_public_key` fields. Add the public key to the SFTP server for authentication if it is not already present. - For an example of a dbGap auth file (csv), please see [this](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md#example-of-dbgap-authorization-file-csv-format) example for formatting. ## Dbgap Options - Set `global.addDbgap` to "true" to attempt a dbgap sync and fall back on user.yaml. + Set `.Values.usersync.addDbgap` to "true" to attempt a dbgap sync and fall back on user.yaml. - Set `global.onlyDbgap` to "true" to run only a dbgap sync and ignore the user.yaml. + Set `.Values.usersync.onlyDbgap` to "true" to run only a dbgap sync and ignore the user.yaml. ## Slack Options - Set `global.slack_webhook` to configure a webhook endpoint to be used for regular usersync updates to Slack. + Set `.Values.usersync.slack_webhook` to configure a webhook endpoint to be used for regular usersync updates to Slack. - Set `slack_send_dbgap` to "true" to echo the files that are being seen on dbgap ftp to Slack. + Set `.Values.usersync.slack_send_dbgap` to "true" to echo the files that are being seen on dbgap ftp to Slack. diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 40abd671..df556040 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -29,8 +29,7 @@ A Helm chart for gen3 arborist | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -41,7 +40,6 @@ A Helm chart for gen3 arborist | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -53,12 +51,7 @@ A Helm chart for gen3 arborist | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/arborist","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/arborist"` | Docker repository. | diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index 74e1980e..a2cbfcbf 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -34,20 +34,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/audit/README.md b/helm/audit/README.md index 58bfbab3..e7d15409 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -37,8 +37,7 @@ A Helm chart for Kubernetes | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -49,7 +48,6 @@ A Helm chart for Kubernetes | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -61,12 +59,7 @@ A Helm chart for Kubernetes | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/audit-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/audit-service"` | The Docker image repository for the audit service | diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index a552bffd..97e70118 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -33,20 +33,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/common/README.md b/helm/common/README.md index 52625fb0..e83608b2 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -8,8 +8,7 @@ A Helm chart for provisioning databases in gen3 | Key | Type | Default | Description | |-----|------|---------|-------------| -| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -19,7 +18,6 @@ A Helm chart for provisioning databases in gen3 | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -30,12 +28,7 @@ A Helm chart for provisioning databases in gen3 | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/values.yaml b/helm/common/values.yaml index b4abcaa4..d61b0b39 100644 --- a/helm/common/values.yaml +++ b/helm/common/values.yaml @@ -34,20 +34,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/fence/README.md b/helm/fence/README.md index 75e701b6..10a1ca64 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -15,7 +15,7 @@ A Helm chart for gen3 Fence | Key | Type | Default | Description | |-----|------|---------|-------------| -| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":"http://arborist-service","ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":false,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":"http://indexd-service","INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","proxy_user":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Configuration settings for Fence app | +| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":"http://arborist-service","ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":false,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":"http://indexd-service","INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Configuration settings for Fence app | | FENCE_CONFIG.APP_NAME | string | `"Gen3 Data Commons"` | Name of the Fence app | | FENCE_CONFIG.AUTHLIB_INSECURE_TRANSPORT | bool | `true` | allow OIDC traffic on http for development. By default it requires https. WARNING: ONLY set to true when fence will be deployed in such a way that it will ONLY receive traffic from internal clients and can safely use HTTP. | | FENCE_CONFIG.CLIENT_ALLOWED_SCOPES | list | `["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | These are the *possible* scopes a client can be given, NOT scopes that are given to all clients. You can be more restrictive during client creation | @@ -88,10 +88,9 @@ A Helm chart for gen3 Fence | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"SYNC_FROM_DBGAP","valueFrom":{"configMapKeyRef":{"key":"sync_from_dbgap","name":"manifest-global","optional":true}}},{"name":"ADD_DBGAP","valueFrom":{"configMapKeyRef":{"key":"add_dbgap","name":"manifest-global","optional":true}}},{"name":"ONLY_DBGAP","valueFrom":{"configMapKeyRef":{"key":"only_dbgap","name":"manifest-global","optional":true}}},{"name":"SLACK_SEND_DBGAP","valueFrom":{"configMapKeyRef":{"key":"slack_send_dbgap","name":"manifest-global","optional":true}}},{"name":"slackWebHook","valueFrom":{"configMapKeyRef":{"key":"slack_webhook","name":"manifest-global","optional":true}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | +| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | @@ -102,7 +101,6 @@ A Helm chart for gen3 Fence | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -114,13 +112,9 @@ A Helm chart for gen3 Fence | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | @@ -169,16 +163,20 @@ A Helm chart for gen3 Fence | serviceAccount.annotations."eks.amazonaws.com/role-arn" | string | `nil` | The Amazon Resource Name (ARN) of the role to associate with the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"fence-sa"` | The name of the service account | -| ssh_private_key | string | `nil` | The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | -| ssh_public_key | string | `nil` | The ssh Public Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. | -| sshconfig | string | `nil` | The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. | | tolerations | list | `[]` | Tolerations for the pods | -| usersync | map | `{"custom_image":null,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""}}` | Configuration options for usersync cronjob. | +| usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""},"slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | +| usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | | usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | | usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | | usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | +| usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | +| usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | +| usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | diff --git a/helm/fence/fence-ssh/config b/helm/fence/fence-ssh/config deleted file mode 100644 index 5d56e6fa..00000000 --- a/helm/fence/fence-ssh/config +++ /dev/null @@ -1,25 +0,0 @@ - Host squid.internal - ServerAliveInterval 120 - HostName cloud-proxy.internal.io - User ubuntu - ForwardAgent yes - - Host sftp.planx - ServerAliveInterval 120 - HostName sftp.planx-pla.net - User foo - ForwardAgent yes - IdentityFile ~/.ssh/id_rsa - ProxyCommand ssh ubuntu@squid.internal nc %h %p 2> /dev/null - - Host sftp.dbgap - ServerAliveInterval 120 - HostName ftp-private.ncbi.nlm.nih.gov - User BDC-TP - ForwardAgent yes - IdentityFile ~/.ssh/id_rsa - ProxyCommand ssh ubuntu@squid.internal nc %h %p 2> /dev/null - - Host cloud-proxy.internal.io - StrictHostKeyChecking no - UserKnownHostsFile=/dev/null \ No newline at end of file diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 8432c028..d29e98ab 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -14,4 +14,4 @@ kind: ConfigMap metadata: name: fence-sshconfig data: - projects.yaml: {{ .Values.sshconfig | default ((.Files.Get "fence-ssh/config")) }} \ No newline at end of file + projects.yaml: {{ .Values.usersync.sshconfig | default ((.Files.Get "fence-ssh/config")) }} \ No newline at end of file diff --git a/helm/fence/templates/fence-ssh.yaml b/helm/fence/templates/fence-ssh.yaml index 8bf9c494..d0670c76 100644 --- a/helm/fence/templates/fence-ssh.yaml +++ b/helm/fence/templates/fence-ssh.yaml @@ -4,5 +4,5 @@ metadata: name: fence-ssh-keys type: Opaque data: - id_rsa: {{ .Values.ssh_private_key }} - id_rsa.pub: {{ .Values.ssh_public_key }} \ No newline at end of file + id_rsa: {{ .Values.usersync.ssh_private_key }} + id_rsa.pub: {{ .Values.usersync.ssh_public_key }} \ No newline at end of file diff --git a/helm/fence/templates/projects-config.yaml b/helm/fence/templates/projects-config.yaml index 75bc9230..f7801ada 100644 --- a/helm/fence/templates/projects-config.yaml +++ b/helm/fence/templates/projects-config.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: projects data: - projects.yaml: {{ .Values.projects | default ((.Files.Get "projects/projects.yaml")) }} \ No newline at end of file + projects.yaml: {{ .Values.usersync.projects | default ((.Files.Get "projects/projects.yaml")) }} \ No newline at end of file diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 6e77c942..ff8207d5 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.usersync -}} +{{- if .Values.usersync.usersync -}} # # run with: # gen3 job run usersync @@ -17,9 +17,6 @@ metadata: name: usersync spec: schedule: {{ .Values.usersync.schedule | quote }} - # Kill the job if it has not finished within 4 hours - activeDeadlineSeconds: 14400 - backoffLimit: 0 jobTemplate: spec: template: @@ -52,13 +49,6 @@ spec: secretName: "fence-google-storage-creds-secret" - name: shared-data emptyDir: {} - - name: fence-sshconfig - configMap: - name: "fence-sshconfig" - - name: fence-ssh-keys - secret: - secretName: "fence-ssh-keys" - defaultMode: 0400 - name: cred-volume secret: secretName: aws-config-fence @@ -72,7 +62,17 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: Always env: - {{- toYaml .Values.env | nindent 12 }} + - name: SYNC_FROM_DBGAP + value: {{ .Values.usersync.syncFromDbgap | quote }} + - name: ADD_DBGAP + value: {{ .Values.usersync.addDbgap | quote }} + - name: ONLY_DBGAP + value: {{ .Values.usersync.onlyDbgap | quote }} + - name: SLACK_SEND_DBGAP + value: {{ .Values.usersync.slack_send_dbgap | quote }} + - name: slackWebHook + value: {{ .Values.usersync.slack_webhook | quote }} + {{- toYaml .Values.env | nindent 12 }} volumeMounts: - name: shared-data mountPath: /mnt/shared @@ -95,15 +95,6 @@ spec: readOnly: true mountPath: "/var/www/fence/fence_google_storage_creds_secret.json" subPath: fence_google_storage_creds_secret.json - - name: "fence-sshconfig" - mountPath: "/root/.ssh/config" - subPath: "config" - - name: "fence-ssh-keys" - mountPath: "/root/.ssh/id_rsa" - subPath: "id_rsa" - - name: "fence-ssh-keys" - mountPath: "/root/.ssh/id_rsa.pub" - subPath: "id_rsa.pub" command: ["/bin/bash" ] args: - "-c" @@ -165,10 +156,7 @@ spec: name: manifest-global key: hostname - name: userYamlS3Path - valueFrom: - configMapKeyRef: - name: manifest-global - key: useryaml_s3path + value: {{ .Values.usersync.userYamlS3Path | quote }} volumeMounts: - name: user-yaml mountPath: /var/www/fence diff --git a/helm/fence/templates/usersync-sa.yaml b/helm/fence/templates/usersync-sa.yaml index 64eca226..379271ce 100644 --- a/helm/fence/templates/usersync-sa.yaml +++ b/helm/fence/templates/usersync-sa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.usersync -}} +{{- if .Values.usersync.usersync -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index bf2c5e0f..f0352346 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -36,20 +36,6 @@ global: logsBucket: logs-gen3 # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false - # # -- (bool) Option to generate ssh keys to be used in dbgap sync. - # generate_dbgap_sshkeys: true # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` @@ -96,6 +82,8 @@ postgresql: # -- (map) Configuration options for usersync cronjob. usersync: + # -- (bool) Whether to run Fence usersync or not. + usersync: false # -- (map) Secret information secrets: # -- (str) AWS access key ID for usersync S3 bucket @@ -106,6 +94,18 @@ usersync: schedule: "*/30 * * * *" # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. custom_image: + # -- (bool) Whether to sync data from dbGaP. + syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false + # -- (string) Path to the user.yaml file in S3. + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false # -- (int) Number of desired replicas replicaCount: 1 @@ -289,36 +289,6 @@ env: secretKeyRef: name: indexd-service-creds key: fence - - name: SYNC_FROM_DBGAP - valueFrom: - configMapKeyRef: - name: manifest-global - key: sync_from_dbgap - optional: true - - name: ADD_DBGAP - valueFrom: - configMapKeyRef: - name: manifest-global - key: add_dbgap - optional: true - - name: ONLY_DBGAP - valueFrom: - configMapKeyRef: - name: manifest-global - key: only_dbgap - optional: true - - name: SLACK_SEND_DBGAP - valueFrom: - configMapKeyRef: - name: manifest-global - key: slack_send_dbgap - optional: true - - name: slackWebHook - valueFrom: - configMapKeyRef: - name: manifest-global - key: slack_webhook - optional: true - name: gen3Env valueFrom: configMapKeyRef: @@ -498,12 +468,6 @@ datadogTraceSampleRate: 1 logo: privacy_policy: projects: -# -- (string) The ssh configuration for connecting to SFTP server if useing Fence dbgap sync. Will overwrite the default file provided in the fence-ssh directory. -sshconfig: -# -- (string) The ssh Private Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. -ssh_private_key: -# -- (string) The ssh Public Key for connecting to SFTP server if using Fence dbgap sync. Passed in as a multiline string. -ssh_public_key: # USER_SYNC_CRON: # LOCATION: @@ -1866,7 +1830,6 @@ FENCE_CONFIG: password: '' port: 22 proxy: '' - proxy_user: '' protocol: 'sftp' decrypt_key: '' # parse out the consent from the dbgap accession number such that something diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 5a31a69f..deed2713 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -71,19 +71,25 @@ Helm chart to deploy Gen3 Data Commons | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| fence.usersync | map | `{"custom_image":null,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""}}` | Configuration options for usersync cronjob. | +| fence.usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""},"slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | fence.usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | +| fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | | fence.usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | | fence.usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | | fence.usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | +| fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | +| fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | +| fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | | gitops.createdby | string | `nil` | - createdby.png - base64 | | gitops.css | string | `nil` | - multiline string - gitops.css | | gitops.favicon | string | `nil` | - favicon in base64 | | gitops.json | string | `nil` | multiline string - gitops.json | | gitops.logo | string | `nil` | - logo in base64 | | gitops.sponsors | string | `nil` | | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"enabled":false}` | AWS configuration | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | @@ -92,7 +98,6 @@ Helm chart to deploy Gen3 Data Commons | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | | global.postgres.master.host | string | `nil` | global postgres master host | @@ -101,13 +106,8 @@ Helm chart to deploy Gen3 Data Commons | global.postgres.master.username | string | `"postgres"` | global postgres master username | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index 829b2c44..2eb461de 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -10,18 +10,12 @@ data: "portal_app": {{ .Values.global.portalApp | quote }} "kube_bucket": {{ .Values.global.kubeBucket | quote }} "logs_bucket": {{ .Values.global.logsBucket | quote }} - "sync_from_dbgap": {{ .Values.global.syncFromDbgap | quote }} - "add_dbgap": {{ .Values.global.addDbgap | quote }} - "only_dbgap": {{ .Values.global.onlyDbgap | quote }} - "useryaml_s3path": {{ .Values.global.userYamlS3Path | quote }} "public_datasets": {{ .Values.global.publicDataSets | quote }} "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} "netpolicy": {{ .Values.global.netPolicy | quote }} "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} "dd_enabled": {{ .Values.global.ddEnabled | quote }} - "slack_webhook": {{ .Values.global.slack_webhook | quote }} - "slack_send_dbgap": {{ .Values.global.slack_send_dbgap | quote }} {{- with .Values.global.origins_allow_credentials }} "origins_allow_credentials": {{ . | toJson | quote }} {{- end -}} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index d9f23ed2..00469112 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -38,20 +38,6 @@ global: dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json # -- (string) Portal application name. portalApp: gitops - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: "None" - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` @@ -135,6 +121,8 @@ fence: USER_YAML: # -- (map) Configuration options for usersync cronjob. usersync: + # -- (bool) Whether to run Fence usersync or not. + usersync: false # -- (map) Secret information secrets: # -- (str) AWS access key ID for usersync S3 bucket @@ -145,6 +133,18 @@ fence: schedule: "*/30 * * * *" # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. custom_image: + # -- (bool) Whether to sync data from dbGaP. + syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false + # -- (string) Path to the user.yaml file in S3. + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false guppy: # -- (bool) Whether to deploy the guppy subchart. diff --git a/helm/guppy/README.md b/helm/guppy/README.md index a9690182..25545b18 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -40,8 +40,7 @@ A Helm chart for gen3 Guppy Service | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -56,7 +55,6 @@ A Helm chart for gen3 Guppy Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -68,13 +66,8 @@ A Helm chart for gen3 Guppy Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 71ecb3ef..9857944f 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index b53a4150..211e61f4 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -27,8 +27,7 @@ A Helm chart for gen3 Hatchery | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -43,7 +42,6 @@ A Helm chart for gen3 Hatchery | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -55,12 +53,7 @@ A Helm chart for gen3 Hatchery | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 37cd2a50..27127335 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 653aea71..ae4ea0bb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -28,8 +28,7 @@ A Helm chart for gen3 indexd | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -44,7 +43,6 @@ A Helm chart for gen3 indexd | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -56,13 +54,8 @@ A Helm chart for gen3 indexd | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/indexd"` | The Docker image repository for the indexd service | diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index ba48bc84..e9ee3d9c 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 72c40485..aa2422ea 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -38,8 +38,7 @@ A Helm chart for gen3 Metadata Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -54,7 +53,6 @@ A Helm chart for gen3 Metadata Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -66,12 +64,7 @@ A Helm chart for gen3 Metadata Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/metadata-service"` | Docker repository. | diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index cef92cc9..baaa5cb6 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 22f8ab76..838e811c 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -29,8 +29,7 @@ A Helm chart for gen3 Peregrine service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -45,7 +44,6 @@ A Helm chart for gen3 Peregrine service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -55,14 +53,8 @@ A Helm chart for gen3 Peregrine service | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | | global.postgres.master.port | string | `"5432"` | Port for Postgres. | | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | -| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/peregrine"` | The Docker image repository for the fence service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index dbd46006..3335f8e3 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -41,22 +41,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false - # -- (bool) Whether public datasets are enabled. - publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (bool) Whether network policies are enabled. diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 3a5b6c16..5c4bcdb9 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -33,8 +33,7 @@ A Helm chart for gen3 Pidgin Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -49,7 +48,6 @@ A Helm chart for gen3 Pidgin Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -61,12 +59,7 @@ A Helm chart for gen3 Pidgin Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image.pullPolicy | string | `"Always"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/pidgin"` | The Docker image repository for the fence service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index 18239781..fb683716 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/portal/README.md b/helm/portal/README.md index 22726982..dbc2e503 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -39,8 +39,7 @@ A Helm chart for gen3 data-portal | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | | gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -55,7 +54,6 @@ A Helm chart for gen3 data-portal | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -67,13 +65,8 @@ A Helm chart for gen3 data-portal | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 1f95cadb..fa1e8467 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -41,20 +41,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index c5d5880e..51ad7a6e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -26,8 +26,7 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null},"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null}}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -42,7 +41,6 @@ A Helm chart for gen3 revproxy | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -54,13 +52,8 @@ A Helm chart for gen3 revproxy | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index d97ff46e..9c1c9b02 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -45,20 +45,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 5b949910..e2a57245 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -38,8 +38,7 @@ A Helm chart for gen3 Sheepdog Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -54,7 +53,6 @@ A Helm chart for gen3 Sheepdog Service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -66,12 +64,7 @@ A Helm chart for gen3 Sheepdog Service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"helm-test"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index aaa46d83..941c33c6 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/sower/README.md b/helm/sower/README.md index a3bc7d8e..f2251aa0 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -33,8 +33,7 @@ A Helm chart for gen3 sower | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"onlyDbgap":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +47,6 @@ A Helm chart for gen3 sower | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -59,12 +57,7 @@ A Helm chart for gen3 sower | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 5262a4e5..cbde1275 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 249110c3..be12a7fa 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -37,8 +37,7 @@ A Helm chart for gen3 ssjdispatcher | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -53,7 +52,6 @@ A Helm chart for gen3 ssjdispatcher | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -65,12 +63,7 @@ A Helm chart for gen3 ssjdispatcher | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"nginx","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index f661d5e1..dbaa75e5 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` diff --git a/helm/wts/README.md b/helm/wts/README.md index acaf0ff6..7644f5fc 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -27,8 +27,7 @@ A Helm chart for gen3 workspace token service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | -| global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -43,7 +42,6 @@ A Helm chart for gen3 workspace token service | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | @@ -55,12 +53,7 @@ A Helm chart for gen3 workspace token service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| global.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| global.usersync | bool | `false` | Whether to run Fence usersync or not. | | hostname | string | `nil` | Hostname for the deployment. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/workspace-token-service","tag":"feat_wts_internalfence"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 518bba26..2eb8c2d1 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -42,20 +42,6 @@ global: kubeBucket: kube-gen3 # -- (string) S3 bucket name for log files. logsBucket: logs-gen3 - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false # -- (bool) Whether public datasets are enabled. publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` From 23483061f5b805f7b1cf355b86979c4bc69eb185 Mon Sep 17 00:00:00 2001 From: Spencer Myles Axelrod Date: Wed, 17 May 2023 11:38:08 -0700 Subject: [PATCH 031/279] Update workflow to use GITHUB_OUTPUT (#130) --- .github/workflows/lint_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint_test.yaml b/.github/workflows/lint_test.yaml index 1ca99744..60f85dca 100644 --- a/.github/workflows/lint_test.yaml +++ b/.github/workflows/lint_test.yaml @@ -29,7 +29,7 @@ jobs: run: | changed=$(ct list-changed --config .github/ct.yaml) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true >> $GITHUB_OUTPUT" fi - name: Run chart-testing (lint) From 0d7c118d5939627694cccc4044375f86b52cd75e Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 18 May 2023 09:27:59 -0600 Subject: [PATCH 032/279] commenting out the creation of the fence configmap in the usersync cronjob for now. --- helm/fence/templates/usersync-cron.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index ff8207d5..3cf93eba 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -198,8 +198,8 @@ spec: echo "ERROR: failed to generate ETL config" exit 1 fi - kubectl delete configmap fence > /dev/null 2>&1 - kubectl create configmap fence --from-file=/tmp/user.yaml + # kubectl delete configmap fence > /dev/null 2>&1 + # kubectl create configmap fence --from-file=/tmp/user.yaml if [ "${slackWebHook}" != 'None' ]; then curl -X POST --data-urlencode "payload={\"text\": \"AWSHelper: Syncing users on ${gen3Env}\"}" "${slackWebHook}" fi From 8597e5b66b7264eeabe81825ce2bc9247c590d5b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 18 May 2023 09:36:26 -0600 Subject: [PATCH 033/279] adding "slackWebHook" environment var to init container. --- helm/fence/templates/usersync-cron.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 3cf93eba..ff9e58f0 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -157,6 +157,8 @@ spec: key: hostname - name: userYamlS3Path value: {{ .Values.usersync.userYamlS3Path | quote }} + - name: slackWebHook + value: {{ .Values.usersync.slack_webhook | quote }} volumeMounts: - name: user-yaml mountPath: /var/www/fence From e97c88a990bb18fe67e80c7333d646218d5ea726 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 5 Jun 2023 12:19:06 -0600 Subject: [PATCH 034/279] removing fence-ssh.yaml as it is not needed. (#131) * removing fence-ssh.yaml as it is not needed. * bumping up versions --- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/fence-ssh.yaml | 8 -------- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 5 files changed, 6 insertions(+), 14 deletions(-) delete mode 100644 helm/fence/templates/fence-ssh.yaml diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index e4052d49..f671cbeb 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 10a1ca64..8a5a2fdd 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/fence-ssh.yaml b/helm/fence/templates/fence-ssh.yaml deleted file mode 100644 index d0670c76..00000000 --- a/helm/fence/templates/fence-ssh.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: fence-ssh-keys -type: Opaque -data: - id_rsa: {{ .Values.usersync.ssh_private_key }} - id_rsa.pub: {{ .Values.usersync.ssh_public_key }} \ No newline at end of file diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2fe73961..b35bc54e 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.7" repository: file://../common - name: fence - version: "0.1.9" + version: "0.1.10" repository: "file://../fence" condition: fence.enabled - name: guppy @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index deed2713..4e92fa85 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.6 | | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.9 | +| file://../fence | fence | 0.1.10 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | From 6522799c605aef017768fea960767c9acf0cde15 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Mon, 5 Jun 2023 13:54:31 -0500 Subject: [PATCH 035/279] Remove erroneous fence config (#132) --- .secrets.baseline | 202 +++++++++++++++++++------ helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/fence-config.yaml | 8 +- 4 files changed, 160 insertions(+), 54 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 1189a76d..3a580a4f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-05-16T15:48:33Z", + "generated_at": "2023-06-05T18:40:35Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -127,48 +127,62 @@ } ], "helm/arborist/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 32, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 72, + "line_number": 65, "type": "Secret Keyword" } ], "helm/audit/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 40, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 57, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 82, + "line_number": 75, "type": "Secret Keyword" } ], @@ -182,6 +196,13 @@ } ], "helm/common/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 11, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, @@ -239,32 +260,39 @@ } ], "helm/fence/README.md": [ + { + "hashed_secret": "49bed5bac5cc06bafd528df89918bf34973861ec", + "is_secret": false, + "is_verified": false, + "line_number": 93, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 108, + "line_number": 106, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 110, + "line_number": 108, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 141, + "line_number": 135, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 183, + "line_number": 181, "type": "Secret Keyword" } ], @@ -351,22 +379,36 @@ } ], "helm/guppy/README.md": [ + { + "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", + "is_secret": false, + "is_verified": false, + "line_number": 43, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 64, + "line_number": 62, "type": "Secret Keyword" } ], "helm/hatchery/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 30, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, @@ -385,7 +427,7 @@ "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 57, "type": "Secret Keyword" } ], @@ -394,37 +436,44 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 190, + "line_number": 186, "type": "Secret Keyword" } ], "helm/indexd/README.md": [ + { + "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", + "is_secret": false, + "is_verified": false, + "line_number": 31, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 48, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 50, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 76, + "line_number": 69, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 108, + "line_number": 101, "type": "Secret Keyword" } ], @@ -456,55 +505,69 @@ } ], "helm/metadata/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 41, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 86, + "line_number": 79, "type": "Secret Keyword" } ], "helm/peregrine/README.md": [ + { + "hashed_secret": "4e7b6794afbe3027589b92744144f18a3920b115", + "is_secret": false, + "is_verified": false, + "line_number": 32, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 67, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 104, + "line_number": 96, "type": "Secret Keyword" } ], @@ -527,6 +590,13 @@ } ], "helm/pidgin/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 36, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, @@ -545,7 +615,7 @@ "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 69, + "line_number": 67, "type": "Secret Keyword" } ], @@ -564,18 +634,25 @@ "line_number": 41, "type": "Base64 High Entropy String" }, + { + "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", + "is_secret": false, + "is_verified": false, + "line_number": 42, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 59, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 63, + "line_number": 61, "type": "Secret Keyword" } ], @@ -617,6 +694,13 @@ } ], "helm/revproxy/README.md": [ + { + "hashed_secret": "5f0d5766b5954edbce68e73920428d26b9a293c8", + "is_secret": false, + "is_verified": false, + "line_number": 29, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, @@ -635,7 +719,7 @@ "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 73, "type": "Secret Keyword" } ], @@ -649,46 +733,53 @@ } ], "helm/sheepdog/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 41, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 60, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 82, + "line_number": 75, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 103, + "line_number": 96, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 110, + "line_number": 103, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 112, + "line_number": 105, "type": "Secret Keyword" } ], @@ -720,18 +811,25 @@ } ], "helm/sower/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 36, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 51, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 53, "type": "Secret Keyword" } ], @@ -745,25 +843,32 @@ } ], "helm/ssjdispatcher/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 40, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 57, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 59, "type": "Secret Keyword" }, { "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", "is_secret": false, "is_verified": false, - "line_number": 121, + "line_number": 114, "type": "Secret Keyword" } ], @@ -781,30 +886,37 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 229, + "line_number": 215, "type": "Secret Keyword" } ], "helm/wts/README.md": [ + { + "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", + "is_secret": false, + "is_verified": false, + "line_number": 30, + "type": "Secret Keyword" + }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 70, "type": "Secret Keyword" } ], diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index f671cbeb..0894c473 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 8a5a2fdd..e67dfc35 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index d29e98ab..29d0df2e 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -8,10 +8,4 @@ stringData: {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: fence-sshconfig -data: - projects.yaml: {{ .Values.usersync.sshconfig | default ((.Files.Get "fence-ssh/config")) }} \ No newline at end of file +--- \ No newline at end of file From 5951c4c15075b0b060d60bed9f00109cc766af7c Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 5 Jun 2023 23:54:29 +0300 Subject: [PATCH 036/279] Bump gen3 chart --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index b35bc54e..5fe72077 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.7" repository: file://../common - name: fence - version: "0.1.10" + version: "0.1.11" repository: "file://../fence" condition: fence.enabled - name: guppy @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 4e92fa85..8853037f 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.6 | | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.10 | +| file://../fence | fence | 0.1.11 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | From 1825f1f55bfec2ab0e60798ec7cc1e2bf0d53e91 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Tue, 13 Jun 2023 17:12:42 +0300 Subject: [PATCH 037/279] Remove erroneous usersync configmap --- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/projects-config.yaml | 4 +++- helm/fence/templates/usersync-cron.yaml | 1 + helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/gen3/templates/global-manifest.yaml | 2 -- 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 0894c473..4b897f2f 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index e67dfc35..56088014 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/projects-config.yaml b/helm/fence/templates/projects-config.yaml index f7801ada..f963fb6d 100644 --- a/helm/fence/templates/projects-config.yaml +++ b/helm/fence/templates/projects-config.yaml @@ -1,6 +1,8 @@ +{{- with .Values.usersync.projects }} apiVersion: v1 kind: ConfigMap metadata: name: projects data: - projects.yaml: {{ .Values.usersync.projects | default ((.Files.Get "projects/projects.yaml")) }} \ No newline at end of file + projects.yaml: {{ . }} +{{- end }} diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index ff9e58f0..ef683944 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -41,6 +41,7 @@ spec: - name: projects configMap: name: "projects" + optional: true - name: fence-google-app-creds-secret-volume secret: secretName: "fence-google-app-creds-secret" diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 5fe72077..9203123a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.7" repository: file://../common - name: fence - version: "0.1.11" + version: "0.1.12" repository: "file://../fence" condition: fence.enabled - name: guppy @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 8853037f..327fd6d9 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.6 | | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.11 | +| file://../fence | fence | 0.1.12 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index 2eb461de..945088d5 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -8,8 +8,6 @@ data: "revproxy_arn": {{ .Values.global.revproxyArn | quote }} "dictionary_url": {{ .Values.global.dictionaryUrl | quote }} "portal_app": {{ .Values.global.portalApp | quote }} - "kube_bucket": {{ .Values.global.kubeBucket | quote }} - "logs_bucket": {{ .Values.global.logsBucket | quote }} "public_datasets": {{ .Values.global.publicDataSets | quote }} "tier_access_level": {{ .Values.global.tierAccessLevel | quote }} "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} From 1696ac1f81d63345a235ea0b1cfdfbfb84982a1d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 3 Jul 2023 09:16:24 -0600 Subject: [PATCH 038/279] allowing the "imagePullPolicy" to be configurable for these charts. --- .secrets.baseline | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/fence-deployment.yaml | 2 +- helm/gen3/Chart.yaml | 10 +++++----- helm/gen3/README.md | 10 +++++----- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 6 +++++- helm/manifestservice/templates/deployment.yaml | 4 ++-- helm/manifestservice/values.yaml | 9 +++++++++ helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/sower/templates/deployment.yaml | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 10 +++++----- helm/ssjdispatcher/templates/deployment.yaml | 4 ++-- helm/ssjdispatcher/values.yaml | 6 +++--- 17 files changed, 46 insertions(+), 33 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 3a580a4f..35b38431 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-06-05T18:40:35Z", + "generated_at": "2023-07-03T15:16:07Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -491,7 +491,7 @@ "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 70, + "line_number": 74, "type": "Secret Keyword" } ], diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 4b897f2f..529a6d94 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 56088014..d75bdfa4 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index ebca5cbe..2fe2c6ec 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -33,7 +33,7 @@ spec: containers: - name: fence image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: 80 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9203123a..2d17e870 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.7" repository: file://../common - name: fence - version: "0.1.12" + version: "0.1.13" repository: "file://../fence" condition: fence.enabled - name: guppy @@ -44,7 +44,7 @@ dependencies: repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.9" + version: "0.1.10" repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata @@ -72,11 +72,11 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.10" + version: "0.1.11" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.5" + version: "0.1.6" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: wts @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 327fd6d9..d8ef4b0d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,19 +25,19 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.6 | | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.12 | +| file://../fence | fence | 0.1.13 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | -| file://../manifestservice | manifestservice | 0.1.9 | +| file://../manifestservice | manifestservice | 0.1.10 | | file://../metadata | metadata | 0.1.8 | | file://../peregrine | peregrine | 0.1.9 | | file://../pidgin | pidgin | 0.1.7 | | file://../portal | portal | 0.1.7 | | file://../requestor | requestor | 0.1.8 | | file://../revproxy | revproxy | 0.1.10 | -| file://../sheepdog | sheepdog | 0.1.10 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.5 | +| file://../sheepdog | sheepdog | 0.1.11 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.6 | | file://../wts | wts | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 2577affe..a8920546 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 47c8fd8e..4e74a196 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -38,6 +38,10 @@ A Helm chart for Kubernetes | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":"2022.09"}` | Docker image information. | +| image.pullPolicy | string | `"Always"` | Docker pull policy. | +| image.repository | string | `"quay.io/cdis/manifestservice"` | Docker repository. | +| image.tag | string | `"2022.09"` | Overrides the image tag whose default is the chart appVersion. | | manifestserviceG3auto | map | `{"awsaccesskey":"","awssecretkey":"","bucketName":"testbucket","hostname":"testinstall","prefix":"test"}` | Values for manifestservice secret. | | manifestserviceG3auto.awsaccesskey | string | `""` | AWS access key. | | manifestserviceG3auto.awssecretkey | string | `""` | AWS secret access key. | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 426774be..4dd08001 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -38,8 +38,8 @@ spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds}} containers: - name: manifestservice - image: "quay.io/cdis/manifestservice:2022.09" - imagePullPolicy: Always + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- if .Values.global.ddEnabled }} {{- include "common.datadogEnvVar" . | nindent 12 }} diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 3aa80925..2607c9a7 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -19,6 +19,15 @@ revisionHistoryLimit: 2 # -- (int) Number of replicas for the deployment. replicaCount: 1 +# -- (map) Docker image information. +image: + # -- (string) Docker repository. + repository: quay.io/cdis/manifestservice + # -- (string) Docker pull policy. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "2022.09" + # -- (map) Kubernetes service information. service: # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 8bd18212..b6bb0dc2 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index f2251aa0..1ca46dd6 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index 712a6885..879a74a0 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: containers: - name: sower image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: Always + imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} env: diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index b0826398..c5613110 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index be12a7fa..46e84cfb 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -64,10 +64,10 @@ A Helm chart for gen3 ssjdispatcher | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| image | map | `{"pullPolicy":"IfNotPresent","repository":"nginx","tag":""}` | Docker image information. | -| image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | -| image.repository | string | `"nginx"` | Docker repository. | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ssjdispatcher","tag":"2022.08"}` | Docker image information. | +| image.pullPolicy | string | `"Always"` | Docker pull policy. | +| image.repository | string | `"quay.io/cdis/ssjdispatcher"` | Docker repository. | +| image.tag | string | `"2022.08"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | indexing | string | `"707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/indexs3client:2022.08"` | Image to use for the "indexing" job. | | nameOverride | string | `""` | Override the name of the chart. | diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index 6d05a1ac..2f0f86b9 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -36,8 +36,8 @@ spec: {{- toYaml .Values.volumes | nindent 8 }} containers: - name: ssjdispatcher - image: "quay.io/cdis/ssjdispatcher:2022.08" - imagePullPolicy: Always + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} env: diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index dbaa75e5..d1b028d7 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -63,11 +63,11 @@ replicaCount: 1 # -- (map) Docker image information. image: # -- (string) Docker repository. - repository: nginx + repository: quay.io/cdis/ssjdispatcher # -- (string) Docker pull policy. - pullPolicy: IfNotPresent + pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: "2022.08" # -- (list) Docker image pull secrets. imagePullSecrets: [] From b2f442b3a0697ddc9a0bc3f9919b1aab778ff78c Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 3 Jul 2023 09:21:50 -0600 Subject: [PATCH 039/279] bumping up the gen3 helm chart version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2d17e870..613ff079 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d8ef4b0d..09ee8fd8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons From 39dc4408835d1f681b53fbb747ac346c52d7d2bb Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 3 Jul 2023 09:35:30 -0600 Subject: [PATCH 040/279] correcting chart version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 613ff079..2d17e870 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 09ee8fd8..d8ef4b0d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons From 0456a9b9728d47f0e762eb8df2ed1310f14edc0e Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 3 Jul 2023 09:39:05 -0600 Subject: [PATCH 041/279] fixing chart version for sheepdog --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2d17e870..5660c57c 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -72,7 +72,7 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.11" + version: "0.1.10" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d8ef4b0d..98e37d69 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -36,7 +36,7 @@ Helm chart to deploy Gen3 Data Commons | file://../portal | portal | 0.1.7 | | file://../requestor | requestor | 0.1.8 | | file://../revproxy | revproxy | 0.1.10 | -| file://../sheepdog | sheepdog | 0.1.11 | +| file://../sheepdog | sheepdog | 0.1.10 | | file://../ssjdispatcher | ssjdispatcher | 0.1.6 | | file://../wts | wts | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | From cfdd23654bca507b940e079dd1d4779635a79139 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 12 Jul 2023 09:56:18 -0500 Subject: [PATCH 042/279] clean and reformat code --- helm/frontend-framework/templates/deployment.yaml | 2 -- helm/frontend-framework/templates/service.yaml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index e42f6671..8124c43a 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -52,8 +52,6 @@ spec: {{- else }} path: / {{- end }} - # name: - # {{ .Values.global.frontendRoot }} port: 80 initialDelaySeconds: 30 periodSeconds: 60 diff --git a/helm/frontend-framework/templates/service.yaml b/helm/frontend-framework/templates/service.yaml index 01fa8dd9..772f352b 100644 --- a/helm/frontend-framework/templates/service.yaml +++ b/helm/frontend-framework/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: frontend-framework-service + name: "frontend-framework-service" labels: {{- include "frontend-framework.labels" . | nindent 4 }} spec: From d27b7e8d9c8c4a8f28518c5c5486eadc1eb90536 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 12 Jul 2023 10:42:48 -0500 Subject: [PATCH 043/279] update versions and frontend-framework chart --- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/values.yaml | 4 ++-- helm/gen3/Chart.yaml | 8 +++----- helm/gen3/README.md | 2 +- helm/portal/README.md | 2 +- helm/revproxy/README.md | 2 +- 6 files changed, 9 insertions(+), 11 deletions(-) diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 4b57cfd1..82d4ccd5 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 5f101687..9f132734 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -191,8 +191,8 @@ commonLabels: # Values to configure datadog if ddEnabled is set to "true". # -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true +datadogLogsInjection: false # -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true +datadogProfilingEnabled: false # -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. datadogTraceSampleRate: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 021120d3..00381172 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: "0.1.7" repository: file://../common - name: frontend-framework - version: "0.0.8" + version: "0.0.9" repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence @@ -64,7 +64,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.7" + version: "0.1.8" repository: "file://../portal" condition: portal.enabled - name: requestor @@ -72,7 +72,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.10" + version: "0.1.11" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -87,8 +87,6 @@ dependencies: version: "0.1.10" repository: "file://../wts" condition: wts.enabled - - - name: elasticsearch version: "0.1.5" repository: "file://../elasticsearch" diff --git a/helm/gen3/README.md b/helm/gen3/README.md index cfd7b5f4..1be4e31a 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/portal/README.md b/helm/portal/README.md index dbc2e503..ba9bebfd 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 51ad7a6e..07ff5d2d 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From 657fde53a5e11281e26d1108de834a4fd543a201 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 12 Jul 2023 10:43:51 -0500 Subject: [PATCH 044/279] add generated READMEs --- helm/gen3/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 1be4e31a..b601eaa9 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -26,7 +26,7 @@ Helm chart to deploy Gen3 Data Commons | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | | file://../fence | fence | 0.1.13 | -| file://../frontend-framework | frontend-framework | 0.0.8 | +| file://../frontend-framework | frontend-framework | 0.0.9 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | @@ -34,9 +34,9 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.8 | | file://../peregrine | peregrine | 0.1.9 | | file://../pidgin | pidgin | 0.1.7 | -| file://../portal | portal | 0.1.7 | +| file://../portal | portal | 0.1.8 | | file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.1.10 | +| file://../revproxy | revproxy | 0.1.11 | | file://../sheepdog | sheepdog | 0.1.10 | | file://../ssjdispatcher | ssjdispatcher | 0.1.6 | | file://../wts | wts | 0.1.10 | From 84e55e5ac3961f3afa7f47d52b8c37a152642054 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 27 Jul 2023 23:47:50 +0200 Subject: [PATCH 045/279] Add role binding for sower --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 6 +++++- helm/gen3/README.md | 3 ++- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/sower/templates/role-binding.yaml | 12 ++++++++++++ 6 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 helm/sower/templates/role-binding.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 35b38431..ea7061a4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-07-03T15:16:07Z", + "generated_at": "2023-07-27T21:47:16Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -365,7 +365,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 118, + "line_number": 119, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 5660c57c..1d602327 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -79,6 +79,10 @@ dependencies: version: "0.1.6" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled +- name: sower + version: "0.1.6" + condition: sower.enabled + repository: "file://../sower" - name: wts version: "0.1.10" repository: "file://../wts" @@ -107,7 +111,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 98e37d69..acf56f1c 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -37,6 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.8 | | file://../revproxy | revproxy | 0.1.10 | | file://../sheepdog | sheepdog | 0.1.10 | +| file://../sower | sower | 0.1.6 | | file://../ssjdispatcher | ssjdispatcher | 0.1.6 | | file://../wts | wts | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index b6bb0dc2..c98d3d17 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 1ca46dd6..45e8cdb7 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/sower/templates/role-binding.yaml b/helm/sower/templates/role-binding.yaml new file mode 100644 index 00000000..94d7e189 --- /dev/null +++ b/helm/sower/templates/role-binding.yaml @@ -0,0 +1,12 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sower-binding +subjects: +- kind: ServiceAccount + name: {{ include "sower.serviceAccountName" . }} + apiGroup: "" +roleRef: + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file From 65ada8db807557c1f768c68fcf6757a22920a4d0 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 31 Jul 2023 18:13:10 +0200 Subject: [PATCH 046/279] Move sower config to values --- helm/sower/README.md | 69 ++++++++++-- helm/sower/templates/manifest-sower.yaml | 135 +---------------------- helm/sower/values.yaml | 104 +++++++++++++---- 3 files changed, 139 insertions(+), 169 deletions(-) diff --git a/helm/sower/README.md b/helm/sower/README.md index 45e8cdb7..9daf13f3 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -66,17 +66,6 @@ A Helm chart for gen3 sower | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | -| pelican.bucket | string | `""` | The bucket for pelican exports | -| pelican.image.pullPolicy | string | `"Always"` | Docker pull policy. | -| pelican.image.repository | string | `"quay.io/cdis/pelican-export"` | Docker repository. | -| pelican.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| pelican.resources | map | `{"limits":{"cpu":1,"memory":"12Gi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | Resource requests and limits for the containers in the pod | -| pelican.resources.limits | map | `{"cpu":1,"memory":"12Gi"}` | The maximum amount of resources that the container is allowed to use | -| pelican.resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | -| pelican.resources.limits.memory | string | `"12Gi"` | The maximum amount of memory the container can use | -| pelican.resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | -| pelican.resources.requests.cpu | string | `"100m"` | The amount of CPU requested | -| pelican.resources.requests.memory | string | `"20Mi"` | The amount of memory requested | | podSecurityContext | map | `{"fsGroup":1000,"runAsUser":1000}` | Security context to apply to the pod | | podSecurityContext.fsGroup | int | `1000` | Group that Kubernetes will change the permissions of all files in volumes to when volumes are mounted by a pod. | | podSecurityContext.runAsUser | int | `1000` | User that all the processes will run under in the container. | @@ -97,6 +86,64 @@ A Helm chart for gen3 sower | serviceAccount.annotations | map | `{}` | Annotations to add to the service account. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"sower-service-account"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| sowerConfig[0].action | string | `"export"` | | +| sowerConfig[0].container.cpu-limit | string | `"1"` | | +| sowerConfig[0].container.env[0].name | string | `"DICTIONARY_URL"` | | +| sowerConfig[0].container.env[0].valueFrom.configMapKeyRef.key | string | `"dictionary_url"` | | +| sowerConfig[0].container.env[0].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[0].container.env[1].name | string | `"GEN3_HOSTNAME"` | | +| sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.key | string | `"hostname"` | | +| sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[0].container.env[2].name | string | `"ROOT_NODE"` | | +| sowerConfig[0].container.env[2].value | string | `"subject"` | | +| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[0].container.memory-limit | string | `"12Gi"` | | +| sowerConfig[0].container.name | string | `"job-task"` | | +| sowerConfig[0].container.pull_policy | string | `"Always"` | | +| sowerConfig[0].container.volumeMounts[0].mountPath | string | `"/pelican-creds.json"` | | +| sowerConfig[0].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[0].container.volumeMounts[0].readOnly | bool | `true` | | +| sowerConfig[0].container.volumeMounts[0].subPath | string | `"config.json"` | | +| sowerConfig[0].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | | +| sowerConfig[0].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[0].container.volumeMounts[1].readOnly | bool | `true` | | +| sowerConfig[0].container.volumeMounts[1].subPath | string | `"creds.json"` | | +| sowerConfig[0].name | string | `"pelican-export"` | | +| sowerConfig[0].restart_policy | string | `"Never"` | | +| sowerConfig[0].volumes[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[0].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | +| sowerConfig[0].volumes[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[0].volumes[1].secret.secretName | string | `"peregrine-creds"` | | +| sowerConfig[1].action | string | `"export-files"` | | +| sowerConfig[1].container.cpu-limit | string | `"1"` | | +| sowerConfig[1].container.env[0].name | string | `"DICTIONARY_URL"` | | +| sowerConfig[1].container.env[0].valueFrom.configMapKeyRef.key | string | `"dictionary_url"` | | +| sowerConfig[1].container.env[0].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[1].container.env[1].name | string | `"GEN3_HOSTNAME"` | | +| sowerConfig[1].container.env[1].valueFrom.configMapKeyRef.key | string | `"hostname"` | | +| sowerConfig[1].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[1].container.env[2].name | string | `"ROOT_NODE"` | | +| sowerConfig[1].container.env[2].value | string | `"file"` | | +| sowerConfig[1].container.env[3].name | string | `"EXTRA_NODES"` | | +| sowerConfig[1].container.env[3].value | string | `""` | | +| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[1].container.memory-limit | string | `"12Gi"` | | +| sowerConfig[1].container.name | string | `"job-task"` | | +| sowerConfig[1].container.pull_policy | string | `"Always"` | | +| sowerConfig[1].container.volumeMounts[0].mountPath | string | `"/pelican-creds.json"` | | +| sowerConfig[1].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[1].container.volumeMounts[0].readOnly | bool | `true` | | +| sowerConfig[1].container.volumeMounts[0].subPath | string | `"config.json"` | | +| sowerConfig[1].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | | +| sowerConfig[1].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[1].container.volumeMounts[1].readOnly | bool | `true` | | +| sowerConfig[1].container.volumeMounts[1].subPath | string | `"creds.json"` | | +| sowerConfig[1].name | string | `"pelican-export-files"` | | +| sowerConfig[1].restart_policy | string | `"Never"` | | +| sowerConfig[1].volumes[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[1].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | +| sowerConfig[1].volumes[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[1].volumes[1].secret.secretName | string | `"peregrine-creds"` | | | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | diff --git a/helm/sower/templates/manifest-sower.yaml b/helm/sower/templates/manifest-sower.yaml index a9635260..8c70a330 100644 --- a/helm/sower/templates/manifest-sower.yaml +++ b/helm/sower/templates/manifest-sower.yaml @@ -4,137 +4,4 @@ metadata: name: manifest-sower data: json: |- - [ - { - "name": "pelican-export", - "action": "export", - "container": { - "name": "job-task", - "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", - "pull_policy": "Always", - "env": [ - { - "name": "DICTIONARY_URL", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "dictionary_url" - } - } - }, - { - "name": "GEN3_HOSTNAME", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "hostname" - } - } - }, - { - "name": "ROOT_NODE", - "value": "subject" - } - ], - "volumeMounts": [ - { - "name": "pelican-creds-volume", - "readOnly": true, - "mountPath": "/pelican-creds.json", - "subPath": "config.json" - }, - { - "name": "peregrine-creds-volume", - "readOnly": true, - "mountPath": "/peregrine-creds.json", - "subPath": "creds.json" - } - ], - "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", - "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" - }, - "volumes": [ - { - "name": "pelican-creds-volume", - "secret": { - "secretName": "pelicanservice-g3auto" - } - }, - { - "name": "peregrine-creds-volume", - "secret": { - "secretName": "peregrine-creds" - } - } - ], - "restart_policy": "Never" - }, - { - "name": "pelican-export-files", - "action": "export-files", - "container": { - "name": "job-task", - "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", - "pull_policy": "Always", - "env": [ - { - "name": "DICTIONARY_URL", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "dictionary_url" - } - } - }, - { - "name": "GEN3_HOSTNAME", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "hostname" - } - } - }, - { - "name": "ROOT_NODE", - "value": "file" - }, - { - "name": "EXTRA_NODES", - "value": "" - } - ], - "volumeMounts": [ - { - "name": "pelican-creds-volume", - "readOnly": true, - "mountPath": "/pelican-creds.json", - "subPath": "config.json" - }, - { - "name": "peregrine-creds-volume", - "readOnly": true, - "mountPath": "/peregrine-creds.json", - "subPath": "creds.json" - } - ], - "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", - "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" - }, - "volumes": [ - { - "name": "pelican-creds-volume", - "secret": { - "secretName": "pelicanservice-g3auto" - } - }, - { - "name": "peregrine-creds-volume", - "secret": { - "secretName": "peregrine-creds" - } - } - ], - "restart_policy": "Never" - } - ] + {{ .Values.sowerConfig | toJson | nindent 4 }} diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index cbde1275..bb327782 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -182,30 +182,86 @@ strategy: # -- (bool) Automount the default service account token automountServiceAccountToken: true -pelican: - image: - # -- (string) Docker repository. - repository: quay.io/cdis/pelican-export - # -- (string) Docker pull policy. - pullPolicy: Always - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" - # -- (string) The bucket for pelican exports - bucket: "" - # -- (map) Resource requests and limits for the containers in the pod - resources: - # -- (map) The amount of resources that the container requests - requests: - # -- (string) The amount of CPU requested - cpu: 100m - # -- (string) The amount of memory requested - memory: 20Mi - # -- (map) The maximum amount of resources that the container is allowed to use - limits: - # -- (string) The maximum amount of CPU the container can use - cpu: 1 - # -- (string) The maximum amount of memory the container can use - memory: 12Gi +sowerConfig: + - name: pelican-export + action: export + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: subject + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never + - name: pelican-export-files + action: export-files + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: file + - name: EXTRA_NODES + value: '' + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never + # -- (map) Service account to use or create. serviceAccount: From 3ab84261e820236c275dd81f24c4d05b93dcb611 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 15:34:19 -0600 Subject: [PATCH 047/279] integrating external secrets operator with gen3 helm charts --- .secrets.baseline | 57 ++++---- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 16 ++- helm/arborist/templates/_helpers.tpl | 24 +++- helm/arborist/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/arborist/templates/external-secret.yaml | 18 +++ helm/arborist/values.yaml | 25 ++++ helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 17 ++- helm/audit/templates/_helpers.tpl | 41 ++++-- helm/audit/templates/aws-config.yaml | 3 + .../audit/templates/cluster-secret-store.yaml | 3 + helm/audit/templates/external-secret.yaml | 35 +++++ helm/audit/templates/secrets.yaml | 2 +- helm/audit/values.yaml | 27 ++++ helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 16 ++- helm/aws-es-proxy/templates/aws-config.yaml | 3 + helm/aws-es-proxy/templates/aws-es-proxy.yaml | 10 -- helm/aws-es-proxy/templates/deployment.yaml | 6 +- helm/aws-es-proxy/values.yaml | 25 ++-- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/common/templates/_aws_config.tpl | 18 +++ .../templates/_cluster_secret_store.tpl | 24 ++++ helm/common/templates/_es_index_restore.tpl | 2 +- helm/common/templates/_restore_pgdump.tpl | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 27 +++- helm/fence/templates/_helpers.tpl | 52 +++++++- helm/fence/templates/aws-config.yaml | 3 + helm/fence/templates/aws-userysnc-creds.yaml | 10 -- .../fence/templates/cluster-secret-store.yaml | 3 + helm/fence/templates/external-secret.yaml | 86 ++++++++++++ helm/fence/templates/usersync-cron.yaml | 123 +++++++++--------- helm/fence/values.yaml | 82 ++++++++---- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 23 ++-- helm/gen3/templates/aws-config.yaml | 3 + helm/gen3/templates/aws_config.yaml | 10 -- helm/gen3/templates/cluster-secret-store.yaml | 3 + helm/gen3/values.yaml | 41 +++--- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 10 +- helm/guppy/templates/aws-config.yaml | 3 + helm/guppy/templates/aws-creds.yaml | 13 -- helm/guppy/values.yaml | 11 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 13 +- helm/indexd/templates/_helpers.tpl | 24 +++- helm/indexd/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/indexd/templates/external-secrets.yaml | 18 +++ helm/indexd/values.yaml | 29 ++++- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 16 ++- helm/manifestservice/templates/_helpers.tpl | 18 +++ .../manifestservice/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + .../templates/external-secret.yaml | 18 +++ ...-creds.yaml => manifestservice-creds.yaml} | 1 - helm/manifestservice/values.yaml | 25 ++++ helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 12 +- helm/metadata/templates/_helpers.tpl | 22 ++++ helm/metadata/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/metadata/templates/external-secret.yaml | 18 +++ helm/metadata/values.yaml | 17 +++ helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 12 +- helm/peregrine/templates/_helpers.tpl | 24 +++- helm/peregrine/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/peregrine/templates/external-secret.yaml | 18 +++ helm/peregrine/values.yaml | 18 +++ helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 12 +- helm/requestor/templates/_helpers.tpl | 24 +++- helm/requestor/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/requestor/templates/external-secret.yaml | 18 +++ helm/requestor/values.yaml | 17 +++ helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 13 +- helm/sheepdog/templates/_helpers.tpl | 24 +++- helm/sheepdog/templates/aws-config.yaml | 3 + .../templates/cluster-secret-store.yaml | 3 + helm/sheepdog/templates/external-secrets.yaml | 18 +++ helm/sheepdog/values.yaml | 15 +++ helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 13 +- helm/wts/templates/_helpers.tpl | 24 +++- helm/wts/templates/aws-config.yaml | 3 + helm/wts/templates/cluster-secret-store.yaml | 3 + helm/wts/templates/external-secret.yaml | 18 +++ helm/wts/values.yaml | 17 ++- 98 files changed, 1166 insertions(+), 305 deletions(-) create mode 100644 helm/arborist/templates/aws-config.yaml create mode 100644 helm/arborist/templates/cluster-secret-store.yaml create mode 100644 helm/arborist/templates/external-secret.yaml create mode 100644 helm/audit/templates/aws-config.yaml create mode 100644 helm/audit/templates/cluster-secret-store.yaml create mode 100644 helm/audit/templates/external-secret.yaml create mode 100644 helm/aws-es-proxy/templates/aws-config.yaml delete mode 100644 helm/aws-es-proxy/templates/aws-es-proxy.yaml create mode 100644 helm/common/templates/_aws_config.tpl create mode 100644 helm/common/templates/_cluster_secret_store.tpl create mode 100644 helm/fence/templates/aws-config.yaml delete mode 100644 helm/fence/templates/aws-userysnc-creds.yaml create mode 100644 helm/fence/templates/cluster-secret-store.yaml create mode 100644 helm/fence/templates/external-secret.yaml create mode 100644 helm/gen3/templates/aws-config.yaml delete mode 100644 helm/gen3/templates/aws_config.yaml create mode 100644 helm/gen3/templates/cluster-secret-store.yaml create mode 100644 helm/guppy/templates/aws-config.yaml delete mode 100644 helm/guppy/templates/aws-creds.yaml create mode 100644 helm/indexd/templates/aws-config.yaml create mode 100644 helm/indexd/templates/cluster-secret-store.yaml create mode 100644 helm/indexd/templates/external-secrets.yaml create mode 100644 helm/manifestservice/templates/aws-config.yaml create mode 100644 helm/manifestservice/templates/cluster-secret-store.yaml create mode 100644 helm/manifestservice/templates/external-secret.yaml rename helm/manifestservice/templates/{metadataservice-creds.yaml => manifestservice-creds.yaml} (99%) create mode 100644 helm/metadata/templates/aws-config.yaml create mode 100644 helm/metadata/templates/cluster-secret-store.yaml create mode 100644 helm/metadata/templates/external-secret.yaml create mode 100644 helm/peregrine/templates/aws-config.yaml create mode 100644 helm/peregrine/templates/cluster-secret-store.yaml create mode 100644 helm/peregrine/templates/external-secret.yaml create mode 100644 helm/requestor/templates/aws-config.yaml create mode 100644 helm/requestor/templates/cluster-secret-store.yaml create mode 100644 helm/requestor/templates/external-secret.yaml create mode 100644 helm/sheepdog/templates/aws-config.yaml create mode 100644 helm/sheepdog/templates/cluster-secret-store.yaml create mode 100644 helm/sheepdog/templates/external-secrets.yaml create mode 100644 helm/wts/templates/aws-config.yaml create mode 100644 helm/wts/templates/cluster-secret-store.yaml create mode 100644 helm/wts/templates/external-secret.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 35b38431..4a5dde43 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-07-03T15:16:07Z", + "generated_at": "2023-08-03T21:28:39Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -186,15 +186,6 @@ "type": "Secret Keyword" } ], - "helm/aws-es-proxy/README.md": [ - { - "hashed_secret": "7c150ec931dbb741d0bfd6c8f4ef914026c0b44b", - "is_secret": false, - "is_verified": false, - "line_number": 61, - "type": "Secret Keyword" - } - ], "helm/common/README.md": [ { "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", @@ -356,7 +347,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1916, + "line_number": 1944, "type": "Secret Keyword" } ], @@ -365,7 +356,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 118, + "line_number": 117, "type": "Secret Keyword" } ], @@ -445,35 +436,35 @@ "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", "is_secret": false, "is_verified": false, - "line_number": 31, + "line_number": 33, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 69, + "line_number": 74, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 101, + "line_number": 108, "type": "Secret Keyword" } ], @@ -491,7 +482,7 @@ "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 86, "type": "Secret Keyword" } ], @@ -509,28 +500,28 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 41, + "line_number": 43, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 63, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 65, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 79, + "line_number": 84, "type": "Secret Keyword" } ], @@ -675,21 +666,21 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 63, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 65, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 83, + "line_number": 88, "type": "Secret Keyword" } ], @@ -737,49 +728,49 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 41, + "line_number": 43, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 63, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 65, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 80, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 101, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 103, + "line_number": 110, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 105, + "line_number": 112, "type": "Secret Keyword" } ], @@ -806,7 +797,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 229, + "line_number": 240, "type": "Secret Keyword" } ], diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 08304731..25247023 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index df556040..954eaa83 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -28,13 +28,22 @@ A Helm chart for gen3 arborist | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | +| externalSecrets | map | `{"arboristSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.arboristSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -81,6 +90,9 @@ A Helm chart for gen3 arborist | resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | securityContext | map | `{}` | Security context to apply to the container | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | diff --git a/helm/arborist/templates/_helpers.tpl b/helm/arborist/templates/_helpers.tpl index 2aed27dc..1dfea5b1 100644 --- a/helm/arborist/templates/_helpers.tpl +++ b/helm/arborist/templates/_helpers.tpl @@ -77,4 +77,26 @@ Create the name of the service account to use {{- else }} {{- default .Values.postgres.password }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "arborist-sm-dbcreds" -}} +{{- if .Values.externalSecrets.arboristSmDbcreds }} + {{- default .Values.externalSecrets.arboristSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/arborist/templates/aws-config.yaml b/helm/arborist/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/arborist/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/arborist/templates/cluster-secret-store.yaml b/helm/arborist/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/arborist/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/arborist/templates/external-secret.yaml b/helm/arborist/templates/external-secret.yaml new file mode 100644 index 00000000..b0bca685 --- /dev/null +++ b/helm/arborist/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "arborist-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index a2cbfcbf..0ca7ff07 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -4,6 +4,14 @@ # -- (map) Global configuration options. global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true # -- (map) Postgres database configuration. @@ -48,6 +56,23 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + arboristSmDbcreds: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 966a2573..4201f353 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index e7d15409..9398de52 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -36,13 +36,23 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | +| externalSecrets | map | `{"auditG3auto":null,"auditSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.auditG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "audit-g3auto" | +| externalSecrets.auditSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -91,6 +101,9 @@ A Helm chart for Kubernetes | resources.requests | map | `{"cpu":0.2,"memory":"120Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.2` | The amount of CPU requested | | resources.requests.memory | string | `"120Mi"` | The amount of memory requested | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | server.AWS_CREDENTIALS | map | `{}` | AWS credentials to access SQS queue. | diff --git a/helm/audit/templates/_helpers.tpl b/helm/audit/templates/_helpers.tpl index e255d758..08700261 100644 --- a/helm/audit/templates/_helpers.tpl +++ b/helm/audit/templates/_helpers.tpl @@ -67,16 +67,6 @@ Create the name of the service account to use {{- end }} {{- end }} - - -{{/* -Create the name of the service account to use -*/}} -{{- define "audit.secretName" -}} -{{- default "audit-g3auto" }} -{{- end }} - - {{/* Postgres Password lookup */}} @@ -87,4 +77,33 @@ Create the name of the service account to use {{- else }} {{- default .Values.postgres.password }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Audit g3 Auto Secrets Manager Name +*/}} +{{- define "audit-g3auto" -}} +{{- default "audit-g3auto" .Values.externalSecrets.auditG3auto }} +{{- end }} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "audit-sm-dbcreds" -}} +{{- if .Values.externalSecrets.auditSmDbcreds }} + {{- default .Values.externalSecrets.auditSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/audit/templates/aws-config.yaml b/helm/audit/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/audit/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/audit/templates/cluster-secret-store.yaml b/helm/audit/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/audit/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/audit/templates/external-secret.yaml b/helm/audit/templates/external-secret.yaml new file mode 100644 index 00000000..56c36756 --- /dev/null +++ b/helm/audit/templates/external-secret.yaml @@ -0,0 +1,35 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: audit-g3auto +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: audit-g3auto + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "audit-g3auto" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "audit-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/audit/templates/secrets.yaml b/helm/audit/templates/secrets.yaml index 945c8d36..03a39c51 100644 --- a/helm/audit/templates/secrets.yaml +++ b/helm/audit/templates/secrets.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "audit.secretName" . }} + name: audit-g3auto labels: {{- include "audit.labels" . | nindent 4 }} stringData: diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 97e70118..b8b31d23 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -3,6 +3,14 @@ # Declare variables to be passed into your templates. # -- (map) Global configuration options. global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true # -- (map) Postgres database configuration. @@ -47,6 +55,25 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "audit-g3auto" + auditG3auto: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + auditSmDbcreds: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index e8ac19ef..dc35848c 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9cdb1805..161c15f2 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -26,7 +26,11 @@ A Helm chart for AWS ES Proxy Service for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | @@ -47,9 +51,9 @@ A Helm chart for AWS ES Proxy Service for gen3 | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"250Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| secrets.awsAccessKeyId | str | `""` | AWS access key ID | -| secrets.awsSecretAccessKey | str | `""` | AWS secret access key | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information to access AWS ES cluster. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":9200,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `9200` | The port number that the service exposes. | @@ -58,7 +62,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | -| volumes | list | `[{"name":"credentials","secret":{"secretName":"aws-es-proxy"}}]` | Volumes to attach to the pod | +| volumes | list | `nil` | Volumes to attach to the pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/templates/aws-config.yaml b/helm/aws-es-proxy/templates/aws-config.yaml new file mode 100644 index 00000000..4723e6b3 --- /dev/null +++ b/helm/aws-es-proxy/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end }} \ No newline at end of file diff --git a/helm/aws-es-proxy/templates/aws-es-proxy.yaml b/helm/aws-es-proxy/templates/aws-es-proxy.yaml deleted file mode 100644 index 734cb48c..00000000 --- a/helm/aws-es-proxy/templates/aws-es-proxy.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aws-es-proxy -type: Opaque -stringData: - credentials: | - [default] - aws_access_key_id={{.Values.secrets.awsAccessKeyId}} - aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index 3c74d70e..cd555b93 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -33,10 +33,10 @@ spec: {{- end }} spec: automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- with .Values.volumes }} volumes: - {{- toYaml . | nindent 8 }} - {{- end }} + - name: credentials + secret: + secretName: {{.Chart.Name}}-aws-config containers: - name: "esproxy" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 5367ba70..e2f11aee 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -4,6 +4,14 @@ # -- (map) Global configuration options. global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default # -- (bool) Whether Datadog is enabled. @@ -27,6 +35,13 @@ autoscaling: # -- (int) The target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 +# -- (map) Secret information to access AWS ES cluster. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: + # -- (int) Number of replicas for the deployment. replicaCount: 1 @@ -47,9 +62,6 @@ automountServiceAccountToken: false # -- (list) Volumes to attach to the pod volumes: - - name: credentials - secret: - secretName: aws-es-proxy # -- (map) Docker image information. image: @@ -93,13 +105,6 @@ service: # -- (int) The port number that the service exposes. port: 9200 -# -- (map) Secret information -secrets: - # -- (str) AWS access key ID - awsAccessKeyId: "" - # -- (str) AWS secret access key - awsSecretAccessKey: "" - # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index d55fd9fd..5007c4a7 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index e83608b2..a93a01fa 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_aws_config.tpl b/helm/common/templates/_aws_config.tpl new file mode 100644 index 00000000..be48047c --- /dev/null +++ b/helm/common/templates/_aws_config.tpl @@ -0,0 +1,18 @@ +{{/* + Credentials for all AWS stuff. +*/}} +{{ define "common.awsconfig" -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{.Chart.Name}}-aws-config +type: Opaque +stringData: + credentials: | + [default] + aws_access_key_id={{ .Values.secrets.awsAccessKeyId | default .Values.global.aws.awsAccessKeyId}} + aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey | default .Values.global.aws.awsSecretAccessKey}} +data: + access-key: {{ .Values.secrets.awsAccessKeyId | default .Values.global.aws.awsAccessKeyId | b64enc }} + secret-access-key: {{ .Values.secrets.awsSecretAccessKey | default .Values.global.aws.awsSecretAccessKey | b64enc }} +{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_cluster_secret_store.tpl b/helm/common/templates/_cluster_secret_store.tpl new file mode 100644 index 00000000..03261581 --- /dev/null +++ b/helm/common/templates/_cluster_secret_store.tpl @@ -0,0 +1,24 @@ +{{/* + External Secrets Secret Store will allow all charts to allow for authentication to AWS Secrets Manager +*/}} +{{ define "common.secretstore" -}} +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{.Chart.Name}}-secret-store +spec: + provider: + aws: + service: SecretsManager + region: us-east-1 + auth: + secretRef: + accessKeyIDSecretRef: + name: {{.Chart.Name}}-aws-config + key: access-key + namespace: default + secretAccessKeySecretRef: + name: {{.Chart.Name}}-aws-config + key: secret-access-key + namespace: default +{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_es_index_restore.tpl b/helm/common/templates/_es_index_restore.tpl index 7953a627..06393d2c 100644 --- a/helm/common/templates/_es_index_restore.tpl +++ b/helm/common/templates/_es_index_restore.tpl @@ -21,7 +21,7 @@ spec: volumes: - name: cred-volume secret: - secretName: aws-config-{{ .Chart.Name }} + secretName: {{.Chart.Name}}-aws-config containers: - name: create-indices image: quay.io/cdis/awshelper:master diff --git a/helm/common/templates/_restore_pgdump.tpl b/helm/common/templates/_restore_pgdump.tpl index 7f849e0c..3f7b4967 100644 --- a/helm/common/templates/_restore_pgdump.tpl +++ b/helm/common/templates/_restore_pgdump.tpl @@ -17,7 +17,7 @@ spec: volumes: - name: cred-volume secret: - secretName: aws-config + secretName: {{.Chart.Name}}-aws-config containers: - name: restore-dbs image: quay.io/cdis/awshelper:master diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 529a6d94..36d58d86 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index d75bdfa4..013a4673 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -89,13 +89,26 @@ A Helm chart for gen3 Fence | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | +| externalSecrets | map | `{"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null,"fenceSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.fenceConfig | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-config" | +| externalSecrets.fenceGoogleAppCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" | +| externalSecrets.fenceGoogleStorageCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-storage-creds-secret" | +| externalSecrets.fenceJwtKeys | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" | +| externalSecrets.fenceSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -153,6 +166,9 @@ A Helm chart for gen3 Fence | resources.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.requests.memory | string | `"128Mi"` | The amount of memory requested | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for Usersync and External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | @@ -164,19 +180,16 @@ A Helm chart for gen3 Fence | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"fence-sa"` | The name of the service account | | tolerations | list | `[]` | Tolerations for the pods | -| usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""},"slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Configuration options for usersync cronjob. | | usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | | usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | -| usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | -| usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | | usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | | usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | +| usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | diff --git a/helm/fence/templates/_helpers.tpl b/helm/fence/templates/_helpers.tpl index f7011103..28372690 100644 --- a/helm/fence/templates/_helpers.tpl +++ b/helm/fence/templates/_helpers.tpl @@ -95,4 +95,54 @@ Create the name of the service account to use {{- else }} {{- default .Values.postgres.password }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} +{{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Fence JWT Keys Secrets Manager Name +*/}} +{{- define "fence-jwt-keys" -}} +{{- default "fence-jwt-keys" .Values.externalSecrets.fenceJwtKeys }} +{{- end }} + +{{/* + Fence Google App Creds Secrets Manager Name +*/}} +{{- define "fence-google-app-creds-secret" -}} +{{- default "fence-google-app-creds-secret" .Values.externalSecrets.fenceGoogleAppCredsSecret }} +{{- end }} + +{{/* + Fence Google Storage Creds Secrets Manager Name +*/}} +{{- define "fence-google-storage-creds-secret" -}} +{{- default "fence-google-storage-creds-secret" .Values.externalSecrets.fenceGoogleStorageCredsSecret }} +{{- end }} + +{{/* + Fence Config Secrets Manager Name +*/}} +{{- define "fence-config" -}} +{{- default "fence-config" .Values.externalSecrets.fenceConfig }} +{{- end }} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "fence-sm-dbcreds" -}} +{{- if .Values.externalSecrets.fenceSmDbcreds }} + {{- default .Values.externalSecrets.fenceSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/helm/fence/templates/aws-config.yaml b/helm/fence/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/fence/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/fence/templates/aws-userysnc-creds.yaml b/helm/fence/templates/aws-userysnc-creds.yaml deleted file mode 100644 index c6baff53..00000000 --- a/helm/fence/templates/aws-userysnc-creds.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aws-config-fence -type: Opaque -stringData: - credentials: | - [default] - aws_access_key_id={{.Values.usersync.secrets.awsAccessKeyId}} - aws_secret_access_key={{.Values.usersync.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/helm/fence/templates/cluster-secret-store.yaml b/helm/fence/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/fence/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml new file mode 100644 index 00000000..f37d8287 --- /dev/null +++ b/helm/fence/templates/external-secret.yaml @@ -0,0 +1,86 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: fence-jwt-keys +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: fence-jwt-keys + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "fence-jwt-keys" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: fence-google-app-creds-secret +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: fence-google-app-creds-secret + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "fence-google-app-creds-secret" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: fence-google-storage-creds-secret +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: fence-google-storage-creds-secret + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "fence-google-storage-creds-secret" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: fence-config +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: fence-config + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "fence-config" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "fenceSmDbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index ef683944..3d8d8316 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -52,12 +52,71 @@ spec: emptyDir: {} - name: cred-volume secret: - secretName: aws-config-fence + secretName: {{.Chart.Name}}-aws-config initContainers: - name: wait-for-fence image: curlimages/curl:latest command: ["/bin/sh","-c"] args: ["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done"] + - name: awshelper + image: {{ .Values.usersync.custom_image | default "quay.io/cdis/awshelper:master" }} + imagePullPolicy: Always + env: + - name: gen3Env + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: userYamlS3Path + value: {{ .Values.usersync.userYamlS3Path | quote }} + - name: slackWebHook + value: {{ .Values.usersync.slack_webhook | quote }} + volumeMounts: + - name: user-yaml + mountPath: /var/www/fence + - name: shared-data + mountPath: /mnt/shared + - name: cred-volume + mountPath: "/home/ubuntu/.aws/credentials" + subPath: credentials + command: ["/bin/bash" ] + args: + - "-c" + - | + GEN3_HOME=/home/ubuntu/cloud-automation + source "${GEN3_HOME}/gen3/lib/utils.sh" + gen3_load "gen3/gen3setup" + + if [ "${userYamlS3Path}" = 'none' ]; then + echo "using local user.yaml" + cp /var/www/fence/user.yaml /mnt/shared/user.yaml + else + # ----------------- + echo "awshelper downloading ${userYamlS3Path} to /mnt/shared/user.yaml" + n=0 + until [ $n -ge 5 ]; do + echo "Download attempt $n" + aws s3 cp "${userYamlS3Path}" /mnt/shared/user.yaml && break + n=$[$n+1] + sleep 2 + done + fi + if [[ ! -f /mnt/shared/user.yaml ]]; then + echo "awshelper failed to retrieve /mnt/shared/user.yaml" + exit 1 + fi + #----------- + echo "awshelper updating etl configmap" + if ! gen3 gitops etl-convert < /mnt/shared/user.yaml > /tmp/user.yaml; then + echo "ERROR: failed to generate ETL config" + exit 1 + fi + # kubectl delete configmap fence > /dev/null 2>&1 + # kubectl create configmap fence --from-file=/tmp/user.yaml + if [ "${slackWebHook}" != 'None' ]; then + curl -X POST --data-urlencode "payload={\"text\": \"AWSHelper: Syncing users on ${gen3Env}\"}" "${slackWebHook}" + fi + echo "Helper exit ok" containers: - name: usersync image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -102,7 +161,7 @@ spec: # Script always succeeds if it runs (echo exits with 0) - | echo 'options use-vc' >> /etc/resolv.conf - pip3 install SQLAlchemy==1.3.6 + # pip3 install SQLAlchemy==1.3.6 # can be removed once this is merged: https://github.com/uc-cdis/fence/pull/1096 if [[ "$SYNC_FROM_DBGAP" != "true" && "$ADD_DBGAP" != "true" ]]; then if [[ -f /mnt/shared/user.yaml ]]; then @@ -147,65 +206,5 @@ spec: fi echo "Exit code: $exitcode" exit "$exitcode" - - name: awshelper - image: {{ .Values.usersync.custom_image | default "quay.io/cdis/awshelper:master" }} - imagePullPolicy: Always - env: - - name: gen3Env - valueFrom: - configMapKeyRef: - name: manifest-global - key: hostname - - name: userYamlS3Path - value: {{ .Values.usersync.userYamlS3Path | quote }} - - name: slackWebHook - value: {{ .Values.usersync.slack_webhook | quote }} - volumeMounts: - - name: user-yaml - mountPath: /var/www/fence - - name: shared-data - mountPath: /mnt/shared - - name: cred-volume - mountPath: "/home/ubuntu/.aws/credentials" - subPath: credentials - command: ["/bin/bash" ] - args: - - "-c" - - | - GEN3_HOME=/home/ubuntu/cloud-automation - source "${GEN3_HOME}/gen3/lib/utils.sh" - gen3_load "gen3/gen3setup" - - if [ "${userYamlS3Path}" = 'none' ]; then - echo "using local user.yaml" - cp /var/www/fence/user.yaml /mnt/shared/user.yaml - else - # ----------------- - echo "awshelper downloading ${userYamlS3Path} to /mnt/shared/user.yaml" - n=0 - until [ $n -ge 5 ]; do - echo "Download attempt $n" - aws s3 cp "${userYamlS3Path}" /mnt/shared/user.yaml && break - n=$[$n+1] - sleep 2 - echo "test 1" - done - fi - if [[ ! -f /mnt/shared/user.yaml ]]; then - echo "awshelper failed to retrieve /mnt/shared/user.yaml" - exit 1 - fi - #----------- - echo "awshelper updating etl configmap" - if ! gen3 gitops etl-convert < /mnt/shared/user.yaml > /tmp/user.yaml; then - echo "ERROR: failed to generate ETL config" - exit 1 - fi - # kubectl delete configmap fence > /dev/null 2>&1 - # kubectl create configmap fence --from-file=/tmp/user.yaml - if [ "${slackWebHook}" != 'None' ]; then - curl -X POST --data-urlencode "payload={\"text\": \"AWSHelper: Syncing users on ${gen3Env}\"}" "${slackWebHook}" - fi - echo "Helper exit ok" restartPolicy: "Never" {{- end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index f0352346..287d28b1 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -4,6 +4,14 @@ # -- (map) Global configuration options. global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true # -- (map) Postgres database configuration. @@ -52,6 +60,53 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" + fenceJwtKeys: + # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" + fenceGoogleAppCredsSecret: + # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-google-storage-creds-secret" + fenceGoogleStorageCredsSecret: + # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-config" + fenceConfig: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + fenceSmDbcreds: + +# -- (map) Configuration options for usersync cronjob. +usersync: + # -- (bool) Whether to run Fence usersync or not. + usersync: true + # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. + schedule: "*/30 * * * *" + # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. + custom_image: + # -- (bool) Whether to sync data from dbGaP. + syncFromDbgap: false + # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml + addDbgap: false + # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml + onlyDbgap: false + # -- (string) Path to the user.yaml file in S3. + userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml + # -- (string) Slack webhook endpoint used with certain jobs. + slack_webhook: None + # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. + slack_send_dbgap: false + +# -- (map) Secret information for Usersync and External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS access key ID. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: @@ -80,33 +135,6 @@ postgresql: # -- (bool) Option to persist the dbs data. enabled: false -# -- (map) Configuration options for usersync cronjob. -usersync: - # -- (bool) Whether to run Fence usersync or not. - usersync: false - # -- (map) Secret information - secrets: - # -- (str) AWS access key ID for usersync S3 bucket - awsAccessKeyId: "" - # -- (str) AWS secret access key for usersync S3 bucket - awsSecretAccessKey: "" - # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. - schedule: "*/30 * * * *" - # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. - custom_image: - # -- (bool) Whether to sync data from dbGaP. - syncFromDbgap: false - # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml - addDbgap: false - # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml - onlyDbgap: false - # -- (string) Path to the user.yaml file in S3. - userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml - # -- (string) Slack webhook endpoint used with certain jobs. - slack_webhook: None - # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. - slack_send_dbgap: false - # -- (int) Number of desired replicas replicaCount: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 5660c57c..51d65cd4 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -107,7 +107,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 98e37d69..248d5779 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -62,23 +62,17 @@ Helm chart to deploy Gen3 Data Commons | audit.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | | aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | -| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | | fence.FENCE_CONFIG | map | `nil` | Configuration settings for Fence app | | fence.USER_YAML | string | `nil` | USER YAML. Passed in as a multiline string. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | | fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | | fence.image.repository | string | `nil` | The Docker image repository for the fence service. | | fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| fence.usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","secrets":{"awsAccessKeyId":"","awsSecretAccessKey":""},"slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | | fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | fence.usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | | fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | -| fence.usersync.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| fence.usersync.secrets.awsAccessKeyId | str | `""` | AWS access key ID for usersync S3 bucket | -| fence.usersync.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for usersync S3 bucket | | fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | | fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | @@ -90,12 +84,17 @@ Helm chart to deploy Gen3 Data Commons | gitops.json | string | `nil` | multiline string - gitops.json | | gitops.logo | string | `nil` | - logo in base64 | | gitops.sponsors | string | `nil` | | -| global.aws | map | `{"enabled":false}` | AWS configuration | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | +| global.externalSecrets | map | `{"deploy":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.portalApp | string | `"gitops"` | Portal application name. | @@ -190,9 +189,9 @@ Helm chart to deploy Gen3 Data Commons | revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | | revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | | revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | -| secrets | map | `{"awsAccessKeyId":"test","awsSecretAccessKey":"test"}` | AWS credentials to access the db restore job S3 bucket | -| secrets.awsAccessKeyId | string | `"test"` | AWS access key. | -| secrets.awsSecretAccessKey | string | `"test"` | AWS secret access key. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | | sheepdog.image | map | `{"repository":null,"tag":null}` | Docker image information. | | sheepdog.image.repository | string | `nil` | The Docker image repository for the sheepdog service. | diff --git a/helm/gen3/templates/aws-config.yaml b/helm/gen3/templates/aws-config.yaml new file mode 100644 index 00000000..5fff9698 --- /dev/null +++ b/helm/gen3/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if .Values.global.aws.awsSecretAccessKey}} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/gen3/templates/aws_config.yaml b/helm/gen3/templates/aws_config.yaml deleted file mode 100644 index 3b51159c..00000000 --- a/helm/gen3/templates/aws_config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aws-config -type: Opaque -stringData: - credentials: | - [default] - aws_access_key_id={{.Values.secrets.awsAccessKeyId}} - aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey}} \ No newline at end of file diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..15558a80 --- /dev/null +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.deploy }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 00469112..9e9532cc 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -5,13 +5,12 @@ global: # -- (map) AWS configuration aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. enabled: false - # # -- (map) Credentials for AWS - # account: - # # Prep move of these keys here. - # aws_access_key_id: - # aws_secret_access_key: - + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (bool) Deploys postgres/elasticsearch for dev dev: true postgres: @@ -50,6 +49,10 @@ global: dispatcherJobNum: 10 # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. + deploy: false # Dependancy Charts @@ -99,12 +102,6 @@ aws-es-proxy: enabled: false # -- (str) Elasticsearch endpoint in AWS esEndpoint: test.us-east-1.es.amazonaws.com - # -- (map) Secret information - secrets: - # -- (str) AWS access key ID for aws-es-proxy - awsAccessKeyId: "" - # -- (str) AWS secret access key for aws-es-proxy - awsSecretAccessKey: "" fence: # -- (bool) Whether to deploy the fence subchart. @@ -123,12 +120,6 @@ fence: usersync: # -- (bool) Whether to run Fence usersync or not. usersync: false - # -- (map) Secret information - secrets: - # -- (str) AWS access key ID for usersync S3 bucket - awsAccessKeyId: "" - # -- (str) AWS secret access key for usersync S3 bucket - awsSecretAccessKey: "" # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. schedule: "*/30 * * * *" # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. @@ -372,16 +363,16 @@ wts: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: -# -- (map) AWS credentials to access the db restore job S3 bucket -secrets: - # -- (string) AWS access key. - awsAccessKeyId: test - # -- (string) AWS secret access key. - awsSecretAccessKey: test - # Disable persistence by default so we can spin up and down ephemeral environments postgresql: primary: persistence: # -- (bool) Option to persist the dbs data. enabled: false + +# -- (map) Secret information. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: \ No newline at end of file diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index ea90bf38..976494e2 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 25545b18..911be38f 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -36,7 +36,7 @@ A Helm chart for gen3 Guppy Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| dbRestore | bool | `true` | Whether or not to restore elasticsearch indices from a snapshot in s3 | +| dbRestore | bool | `false` | Whether or not to restore elasticsearch indices from a snapshot in s3 | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | @@ -84,9 +84,9 @@ A Helm chart for gen3 Guppy Service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"500Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | AWS credentials to access the db restore job S3 bucket | -| secrets.awsAccessKeyId | string | `nil` | AWS access key. | -| secrets.awsSecretAccessKey | string | `nil` | AWS secret access key. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information to access the db restore job S3 bucket. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":8000}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":8000}]` | The port number that the service exposes. | diff --git a/helm/guppy/templates/aws-config.yaml b/helm/guppy/templates/aws-config.yaml new file mode 100644 index 00000000..4723e6b3 --- /dev/null +++ b/helm/guppy/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end }} \ No newline at end of file diff --git a/helm/guppy/templates/aws-creds.yaml b/helm/guppy/templates/aws-creds.yaml deleted file mode 100644 index 77f70daf..00000000 --- a/helm/guppy/templates/aws-creds.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} -apiVersion: v1 -kind: Secret -metadata: - name: aws-config-guppy -type: Opaque -stringData: - credentials: | - [default] - aws_access_key_id={{ .Values.secrets.awsAccessKeyId | default .Values.global.aws.awsAccessKeyId }} - aws_secret_access_key={{ .Values.secrets.awsSecretAccessKey | default .Values.global.aws.awsSecretAccessKey }} -{{- end }} - diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 9857944f..fafd7c37 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -70,11 +70,13 @@ autoscaling: # -- (int) The target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 -# -- (map) AWS credentials to access the db restore job S3 bucket +# -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 +dbRestore: false +# -- (map) Secret information to access the db restore job S3 bucket. secrets: - # -- (string) AWS access key. + # -- (str) AWS access key ID. Overrides global key. awsAccessKeyId: - # -- (string) AWS secret access key. + # -- (str) AWS secret access key ID. Overrides global key. awsSecretAccessKey: # -- (int) Number of replicas for the deployment. @@ -195,9 +197,6 @@ enableEncryptWhitelist: true # -- (string) A comma-separated list of fields to encrypt encryptWhitelist: test1 -# -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 -dbRestore: true - # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 54634c9d..8890042a 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index ae4ea0bb..eaa6a92d 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -27,8 +27,10 @@ A Helm chart for gen3 indexd | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | +| externalSecrets | map | `{"indexdSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.indexdSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":true,"separate":true},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -38,6 +40,9 @@ A Helm chart for gen3 indexd | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":true,"separate":true}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `true` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | +| global.externalSecrets.separate | string | `true` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -85,7 +90,9 @@ A Helm chart for gen3 indexd | resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | -| secrets | map | `{"userdb":{"fence":null,"sheepdog":null}}` | Values for indexd secret. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"userdb":{"fence":null,"sheepdog":null}}` | Values for indexd secret. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID to access the db restore job S3 bucket. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | diff --git a/helm/indexd/templates/_helpers.tpl b/helm/indexd/templates/_helpers.tpl index 0f83473c..21635df6 100644 --- a/helm/indexd/templates/_helpers.tpl +++ b/helm/indexd/templates/_helpers.tpl @@ -101,4 +101,26 @@ Create the name of the service account to use */}} {{- define "indexd-gateway-creds" -}} {{- default (randAlphaNum 32) .Values.secrets.userdb.gateway }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "indexd-sm-dbcreds" -}} +{{- if .Values.externalSecrets.indexdSmDbcreds }} + {{- default .Values.externalSecrets.indexdSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/indexd/templates/aws-config.yaml b/helm/indexd/templates/aws-config.yaml new file mode 100644 index 00000000..4723e6b3 --- /dev/null +++ b/helm/indexd/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/templates/cluster-secret-store.yaml b/helm/indexd/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/indexd/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml new file mode 100644 index 00000000..5921b810 --- /dev/null +++ b/helm/indexd/templates/external-secrets.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "indexd-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index e9ee3d9c..4f4e0ef5 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -58,6 +58,28 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. + deploy: true + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: true + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + indexdSmDbcreds: + +# -- (map) Values for indexd secret. +secrets: + userdb: + fence: + sheepdog: + # gateway: + # -- (str) AWS access key ID to access the db restore job S3 bucket. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: @@ -198,13 +220,6 @@ env: - name: "GEN3_DEBUG" value: "False" -# -- (map) Values for indexd secret. -secrets: - userdb: - fence: - sheepdog: - # gateway: - # -- (map) Values for overriding uwsgi settings uwsgi: listen: 1024 diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index a8920546..e01a6ba2 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4e74a196..7969f749 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -33,9 +33,18 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | +| externalSecrets | map | `{"manifestserviceG3auto":null}` | External Secrets settings. | +| externalSecrets.manifestserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "manifestservice-g3auto" | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"minAvialable":1,"pdb":false}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":"2022.09"}` | Docker image information. | @@ -58,6 +67,9 @@ A Helm chart for Kubernetes | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | diff --git a/helm/manifestservice/templates/_helpers.tpl b/helm/manifestservice/templates/_helpers.tpl index d0d72644..b9702720 100644 --- a/helm/manifestservice/templates/_helpers.tpl +++ b/helm/manifestservice/templates/_helpers.tpl @@ -65,3 +65,21 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} +{{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Audit g3 Auto Secrets Manager Name +*/}} +{{- define "manifestservice-g3auto" -}} +{{- default "manifestservice-g3auto" .Values.externalSecrets.manifestserviceG3auto }} +{{- end }} diff --git a/helm/manifestservice/templates/aws-config.yaml b/helm/manifestservice/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/manifestservice/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/manifestservice/templates/cluster-secret-store.yaml b/helm/manifestservice/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/manifestservice/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/templates/external-secret.yaml b/helm/manifestservice/templates/external-secret.yaml new file mode 100644 index 00000000..51d31656 --- /dev/null +++ b/helm/manifestservice/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: manifestservice-g3auto +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: manifestservice-g3auto + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "manifestservice-g3auto" .}} +{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/templates/metadataservice-creds.yaml b/helm/manifestservice/templates/manifestservice-creds.yaml similarity index 99% rename from helm/manifestservice/templates/metadataservice-creds.yaml rename to helm/manifestservice/templates/manifestservice-creds.yaml index 22dd070a..5194515c 100644 --- a/helm/manifestservice/templates/metadataservice-creds.yaml +++ b/helm/manifestservice/templates/manifestservice-creds.yaml @@ -12,4 +12,3 @@ stringData: "aws_secret_access_key": "{{ .Values.manifestserviceG3auto.awssecretkey }}", "prefix": "{{ .Values.manifestserviceG3auto.prefix }}" } - diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 2607c9a7..4d1d0f67 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -4,6 +4,14 @@ # -- (map) Global configuration options. global: + # -- (map) AWS configuration + aws: + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default # -- (bool) Whether Datadog is enabled. @@ -12,6 +20,23 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "manifestservice-g3auto" + manifestserviceG3auto: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: # -- (int) Number of old revisions to retain revisionHistoryLimit: 2 diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 718ca364..5a079f18 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index aa2422ea..83cfac87 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -38,7 +38,9 @@ A Helm chart for gen3 Metadata Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| externalSecrets | map | `{"metadataSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.metadataSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,6 +50,9 @@ A Helm chart for gen3 Metadata Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -96,6 +101,9 @@ A Helm chart for gen3 Metadata Service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information to access the db restore job S3 bucket. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80}]` | The port number that the service exposes. | diff --git a/helm/metadata/templates/_helpers.tpl b/helm/metadata/templates/_helpers.tpl index f8424983..ef1edcef 100644 --- a/helm/metadata/templates/_helpers.tpl +++ b/helm/metadata/templates/_helpers.tpl @@ -77,3 +77,25 @@ Create the name of the service account to use {{- default .Values.postgres.password }} {{- end }} {{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "metadata-sm-dbcreds" -}} +{{- if .Values.externalSecrets.metadataSmDbcreds }} + {{- default .Values.externalSecrets.metadataSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/metadata/templates/aws-config.yaml b/helm/metadata/templates/aws-config.yaml new file mode 100644 index 00000000..4723e6b3 --- /dev/null +++ b/helm/metadata/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/cluster-secret-store.yaml b/helm/metadata/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/metadata/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/external-secret.yaml b/helm/metadata/templates/external-secret.yaml new file mode 100644 index 00000000..179c5f77 --- /dev/null +++ b/helm/metadata/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "metadata-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index baaa5cb6..cfdb6fd0 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -56,6 +56,23 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + metadataSmDbcreds: +# -- (map) Secret information to access the db restore job S3 bucket. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index cfdfe6e3..ada8310a 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 838e811c..1116148b 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -28,8 +28,10 @@ A Helm chart for gen3 Peregrine service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | +| externalSecrets | map | `{"peregrineSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.peregrineSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -39,6 +41,9 @@ A Helm chart for gen3 Peregrine service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -82,6 +87,9 @@ A Helm chart for gen3 Peregrine service | resources.requests | map | `{"cpu":0.1,"memory":"12Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | diff --git a/helm/peregrine/templates/_helpers.tpl b/helm/peregrine/templates/_helpers.tpl index 1674a02f..68bb8634 100644 --- a/helm/peregrine/templates/_helpers.tpl +++ b/helm/peregrine/templates/_helpers.tpl @@ -90,4 +90,26 @@ Define dictionaryUrl {{- else}} {{- .Values.dictionaryUrl }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "peregrine-sm-dbcreds" -}} +{{- if .Values.externalSecrets.peregrineSmDbcreds }} + {{- default .Values.externalSecrets.peregrineSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/peregrine/templates/aws-config.yaml b/helm/peregrine/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/peregrine/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/peregrine/templates/cluster-secret-store.yaml b/helm/peregrine/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/peregrine/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/peregrine/templates/external-secret.yaml b/helm/peregrine/templates/external-secret.yaml new file mode 100644 index 00000000..a25b7a45 --- /dev/null +++ b/helm/peregrine/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "peregrine-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 3335f8e3..fe92f044 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -53,6 +53,24 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + peregrineSmDbcreds: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: + # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 4e59fb2a..2c4a8c43 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 5e7666f8..4b7c0cc2 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -36,7 +36,9 @@ A Helm chart for gen3 Requestor Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| externalSecrets | map | `{"requestorSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.requestorSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -47,6 +49,9 @@ A Helm chart for gen3 Requestor Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -101,6 +106,9 @@ A Helm chart for gen3 Requestor Service | resources.requests.cpu | string | `0.1` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80}],"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80}]` | The port number that the service exposes. | diff --git a/helm/requestor/templates/_helpers.tpl b/helm/requestor/templates/_helpers.tpl index 899b723c..3af66e0b 100644 --- a/helm/requestor/templates/_helpers.tpl +++ b/helm/requestor/templates/_helpers.tpl @@ -77,4 +77,26 @@ Create the name of the service account to use {{- else }} {{- default .Values.secrets.password }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "requestor-sm-dbcreds" -}} +{{- if .Values.externalSecrets.requestorSmDbcreds }} + {{- default .Values.externalSecrets.requestorSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/requestor/templates/aws-config.yaml b/helm/requestor/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/requestor/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/requestor/templates/cluster-secret-store.yaml b/helm/requestor/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/requestor/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/templates/external-secret.yaml b/helm/requestor/templates/external-secret.yaml new file mode 100644 index 00000000..9476e59b --- /dev/null +++ b/helm/requestor/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "requestor-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 437ffac6..20ade152 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -70,6 +70,23 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + requestorSmDbcreds: +# -- (map) Secret information for External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index cb5745a2..7a68d313 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index e2a57245..026324b0 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -37,8 +37,10 @@ A Helm chart for gen3 Sheepdog Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | +| externalSecrets | map | `{"sheepdogSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.sheepdogSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,6 +50,9 @@ A Helm chart for gen3 Sheepdog Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -93,7 +98,9 @@ A Helm chart for gen3 Sheepdog Service | resources.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| secrets | map | `{"fence":{"database":"fence","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"},"gdcapi":{"secretKey":null},"indexd":{"password":"postgres"},"sheepdog":{"database":"sheepdog","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}}` | Values for sheepdog secret. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"fence":{"database":"fence","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"},"gdcapi":{"secretKey":null},"indexd":{"password":"postgres"},"sheepdog":{"database":"sheepdog","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}}` | Values for sheepdog secret. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID to access the db restore job S3 bucket. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. | | secrets.fence | map | `{"database":"fence","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}` | Values for sheepdog's access to the fence database. | | secrets.fence.database | string | `"fence"` | Database name for fence's db. | | secrets.fence.host | string | `"postgres-postgresql.postgres.svc.cluster.local"` | Host for fence's db. | diff --git a/helm/sheepdog/templates/_helpers.tpl b/helm/sheepdog/templates/_helpers.tpl index 1c935c37..669071f7 100644 --- a/helm/sheepdog/templates/_helpers.tpl +++ b/helm/sheepdog/templates/_helpers.tpl @@ -100,4 +100,26 @@ Define dictionaryUrl {{- else}} {{- .Values.dictionaryUrl }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "sheepdog-sm-dbcreds" -}} +{{- if .Values.externalSecrets.sheepdogSmDbcreds }} + {{- default .Values.externalSecrets.sheepdogSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/sheepdog/templates/aws-config.yaml b/helm/sheepdog/templates/aws-config.yaml new file mode 100644 index 00000000..745635c1 --- /dev/null +++ b/helm/sheepdog/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.dbRestore) (.Values.global.externalSecrets.deploy) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/sheepdog/templates/cluster-secret-store.yaml b/helm/sheepdog/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/sheepdog/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/templates/external-secrets.yaml b/helm/sheepdog/templates/external-secrets.yaml new file mode 100644 index 00000000..afd441e2 --- /dev/null +++ b/helm/sheepdog/templates/external-secrets.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "sheepdog-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 941c33c6..8a94905e 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -56,6 +56,17 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + sheepdogSmDbcreds: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: @@ -227,6 +238,10 @@ secrets: indexd: # -- (string) Password to indexd's db. password: postgres + # -- (str) AWS access key ID to access the db restore job S3 bucket. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. + awsSecretAccessKey: # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index a1c29c60..31869111 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index 7644f5fc..a52f93a7 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -26,8 +26,10 @@ A Helm chart for gen3 workspace token service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| externalSecrets | map | `{"wtsSmDbcreds":null}` | External Secrets settings. | +| externalSecrets.wtsSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -37,6 +39,9 @@ A Helm chart for gen3 workspace token service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -86,7 +91,9 @@ A Helm chart for gen3 workspace token service | resources.requests.cpu | string | `0.2` | The amount of CPU requested | | resources.requests.memory | string | `"120Mi"` | The amount of memory requested | | roleName | string | `"workspace-token-service"` | Name of the role to be used for the role binding. | -| secrets | map | `{"external_oidc":null}` | Values for wts secret. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"external_oidc":null}` | Values for wts secret and keys for External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"httpPort":80,"httpsPort":443,"type":"ClusterIP"}` | Configuration for the service | diff --git a/helm/wts/templates/_helpers.tpl b/helm/wts/templates/_helpers.tpl index f8cebb83..a4b820b5 100644 --- a/helm/wts/templates/_helpers.tpl +++ b/helm/wts/templates/_helpers.tpl @@ -78,4 +78,26 @@ Create the name of the service account to use {{- else }} {{- default .Values.postgres.password }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "cluster-secret-store" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} + {{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} + +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "wts-sm-dbcreds" -}} +{{- if .Values.externalSecrets.wtsSmDbcreds }} + {{- default .Values.externalSecrets.wtsSmDbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} diff --git a/helm/wts/templates/aws-config.yaml b/helm/wts/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/wts/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/wts/templates/cluster-secret-store.yaml b/helm/wts/templates/cluster-secret-store.yaml new file mode 100644 index 00000000..8c1c7717 --- /dev/null +++ b/helm/wts/templates/cluster-secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separate }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/wts/templates/external-secret.yaml b/helm/wts/templates/external-secret.yaml new file mode 100644 index 00000000..d18abd46 --- /dev/null +++ b/helm/wts/templates/external-secret.yaml @@ -0,0 +1,18 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + #name of secret in secrets manager + key: {{include "wts-sm-dbcreds" .}} +{{- end }} \ No newline at end of file diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 2eb8c2d1..e4ec06f6 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -56,6 +56,17 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false + +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + wtsSmDbcreds: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: @@ -185,8 +196,12 @@ affinity: {} # -- (string) Name of the role to be used for the role binding. roleName: workspace-token-service -# -- (map) Values for wts secret. +# -- (map) Values for wts secret and keys for External Secrets. secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: external_oidc: # - base_url: # oidc_client_id: From a7f368d9b319193d3f364c8f8b7cc9830f4d0db6 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 15:56:21 -0600 Subject: [PATCH 048/279] updating dependency versions --- .secrets.baseline | 36 ++++++++++++++--------------- helm/ambassador/Chart.yaml | 4 ++-- helm/ambassador/README.md | 4 ++-- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 4 ++-- helm/argo-wrapper/README.md | 4 ++-- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/dicom-server/Chart.yaml | 4 ++-- helm/dicom-server/README.md | 4 ++-- helm/dicom-viewer/Chart.yaml | 4 ++-- helm/dicom-viewer/README.md | 4 ++-- helm/elasticsearch/Chart.yaml | 4 ++-- helm/elasticsearch/README.md | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/gen3/Chart.yaml | 40 ++++++++++++++++---------------- helm/gen3/README.md | 41 ++++++++++++++++----------------- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 4 ++-- helm/hatchery/README.md | 4 ++-- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 4 ++-- helm/pidgin/README.md | 4 ++-- helm/portal/Chart.yaml | 4 ++-- helm/portal/README.md | 4 ++-- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 4 ++-- helm/revproxy/README.md | 4 ++-- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 4 ++-- helm/ssjdispatcher/README.md | 4 ++-- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 49 files changed, 124 insertions(+), 125 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4a5dde43..32f7c4a2 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-03T21:28:39Z", + "generated_at": "2023-08-03T21:53:32Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -131,28 +131,28 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 32, + "line_number": 34, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 56, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 74, "type": "Secret Keyword" } ], @@ -161,28 +161,28 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 40, + "line_number": 43, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 63, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 65, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 85, "type": "Secret Keyword" } ], @@ -530,35 +530,35 @@ "hashed_secret": "4e7b6794afbe3027589b92744144f18a3920b115", "is_secret": false, "is_verified": false, - "line_number": 32, + "line_number": 34, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 56, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 67, + "line_number": 72, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 96, + "line_number": 104, "type": "Secret Keyword" } ], @@ -886,28 +886,28 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 30, + "line_number": 32, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 70, + "line_number": 75, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 5acd83d5..b4e745d5 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 2a56dd52..06e4b0e2 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 25247023..3ef314d6 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 954eaa83..7df700a8 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index dbad7182..5d320e9d 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 8ca7a922..b5f7b3a1 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 4201f353..fbd974a8 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 9398de52..49ec0eca 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index dc35848c..80466f8b 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 161c15f2..7ddd2bfc 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index f8777d39..5605eab7 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 6d24ac03..fd8c52f9 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index bdff7a6a..dd84c125 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 3ea1757e..78ea3e63 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/elasticsearch/Chart.yaml b/helm/elasticsearch/Chart.yaml index 1720df09..a1754093 100644 --- a/helm/elasticsearch/Chart.yaml +++ b/helm/elasticsearch/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.16.0" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md index c9852ebc..132f8fa7 100644 --- a/helm/elasticsearch/README.md +++ b/helm/elasticsearch/README.md @@ -1,6 +1,6 @@ # elasticsearch -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 36d58d86..d3203de8 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index 013a4673..af3a93ac 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 1d602327..9c567bb5 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,78 +5,78 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.8" + version: "0.1.9" repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.8" + version: "0.1.9" repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: "0.1.4" + version: "0.1.5" repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.9" + version: "0.1.10" repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: "0.1.6" + version: "0.1.7" repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: "0.1.7" + version: "0.1.8" repository: file://../common - name: fence - version: "0.1.13" + version: "0.1.14" repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.8" + version: "0.1.9" repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: "0.1.6" + version: "0.1.7" repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.10" + version: "0.1.11" repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.10" + version: "0.1.11" repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.8" + version: "0.1.9" repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.9" + version: "0.1.10" repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.7" + version: "0.1.8" repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.7" + version: "0.1.8" repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.8" + version: "0.1.9" repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.10" + version: "0.1.11" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.10" + version: "0.1.11" repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.6" + version: "0.1.7" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower @@ -84,7 +84,7 @@ dependencies: condition: sower.enabled repository: "file://../sower" - name: wts - version: "0.1.10" + version: "0.1.11" repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 948fe7f0..0f574a9d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,28 +18,27 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.8 | -| file://../arborist | arborist | 0.1.8 | -| file://../argo-wrapper | argo-wrapper | 0.1.4 | -| file://../audit | audit | 0.1.9 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.6 | -| file://../common | common | 0.1.7 | +| file://../ambassador | ambassador | 0.1.9 | +| file://../arborist | arborist | 0.1.9 | +| file://../argo-wrapper | argo-wrapper | 0.1.5 | +| file://../audit | audit | 0.1.10 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.7 | +| file://../common | common | 0.1.8 | | file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.13 | -| file://../guppy | guppy | 0.1.8 | -| file://../hatchery | hatchery | 0.1.6 | -| file://../indexd | indexd | 0.1.10 | -| file://../manifestservice | manifestservice | 0.1.10 | -| file://../metadata | metadata | 0.1.8 | -| file://../peregrine | peregrine | 0.1.9 | -| file://../pidgin | pidgin | 0.1.7 | -| file://../portal | portal | 0.1.7 | -| file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.1.10 | -| file://../sheepdog | sheepdog | 0.1.10 | -| file://../sower | sower | 0.1.6 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.6 | -| file://../wts | wts | 0.1.10 | +| file://../fence | fence | 0.1.14 | +| file://../guppy | guppy | 0.1.9 | +| file://../hatchery | hatchery | 0.1.7 | +| file://../indexd | indexd | 0.1.11 | +| file://../manifestservice | manifestservice | 0.1.11 | +| file://../metadata | metadata | 0.1.9 | +| file://../peregrine | peregrine | 0.1.10 | +| file://../pidgin | pidgin | 0.1.8 | +| file://../portal | portal | 0.1.8 | +| file://../requestor | requestor | 0.1.9 | +| file://../revproxy | revproxy | 0.1.11 | +| file://../sheepdog | sheepdog | 0.1.11 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.7 | +| file://../wts | wts | 0.1.11 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 976494e2..8243c558 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 911be38f..f8c99a11 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 94913173..bb311c95 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 211e61f4..4e7bfe3c 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 8890042a..c7b2b223 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index eaa6a92d..e8108d81 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index e01a6ba2..3b5eee3a 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 7969f749..ad10c8c8 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 5a079f18..1b1a0f07 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 83cfac87..8e115391 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index ada8310a..6fea8732 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 1116148b..55b8da06 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 831c01ac..c871f126 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 5c4bcdb9..72b5f9bc 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 61f4b9ca..1a992152 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index dbc2e503..a1287bff 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 2c4a8c43..552ae3bc 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 4b7c0cc2..706c6391 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index ed6a92ba..8cc963aa 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 51ad7a6e..c038e4ea 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 7a68d313..5156d475 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 026324b0..405df79c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index c98d3d17..9dc8e8b7 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 9daf13f3..90bb3ae2 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index c5613110..4f97d26b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 46e84cfb..e09ea9f2 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 31869111..c572f64a 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index a52f93a7..266f4fb4 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From a65340dec3940b5f223b55f22f5109ec097065da Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 16:01:51 -0600 Subject: [PATCH 049/279] updating the elasticsearch version for the gen3 umbrella chart --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 32f7c4a2..d28066e8 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-03T21:53:32Z", + "generated_at": "2023-08-03T22:01:45Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -356,7 +356,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 117, + "line_number": 118, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9c567bb5..2dfe4231 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -90,7 +90,7 @@ dependencies: - name: elasticsearch - version: "0.1.5" + version: "0.1.6" repository: "file://../elasticsearch" condition: global.dev - name: postgresql diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 0f574a9d..6e20c654 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -24,7 +24,7 @@ Helm chart to deploy Gen3 Data Commons | file://../audit | audit | 0.1.10 | | file://../aws-es-proxy | aws-es-proxy | 0.1.7 | | file://../common | common | 0.1.8 | -| file://../elasticsearch | elasticsearch | 0.1.5 | +| file://../elasticsearch | elasticsearch | 0.1.6 | | file://../fence | fence | 0.1.14 | | file://../guppy | guppy | 0.1.9 | | file://../hatchery | hatchery | 0.1.7 | @@ -37,6 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.9 | | file://../revproxy | revproxy | 0.1.11 | | file://../sheepdog | sheepdog | 0.1.11 | +| file://../sower | sower | 0.1.6 | | file://../ssjdispatcher | ssjdispatcher | 0.1.7 | | file://../wts | wts | 0.1.11 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | From 1239a368b324b9c773ab6cea8989adca5605d4d4 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 16:06:22 -0600 Subject: [PATCH 050/279] bumping sower version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2dfe4231..b94f8053 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -80,7 +80,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: "0.1.6" + version: "0.1.7" condition: sower.enabled repository: "file://../sower" - name: wts diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 6e20c654..bc862aca 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.9 | | file://../revproxy | revproxy | 0.1.11 | | file://../sheepdog | sheepdog | 0.1.11 | -| file://../sower | sower | 0.1.6 | +| file://../sower | sower | 0.1.7 | | file://../ssjdispatcher | ssjdispatcher | 0.1.7 | | file://../wts | wts | 0.1.11 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 9dc8e8b7..95b847ab 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 90bb3ae2..8ccb3ee7 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower From e28fd34f7dfc1a14459dbc65ec4a4c2ab9c449ee Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 16:09:19 -0600 Subject: [PATCH 051/279] bumping gen3 chart version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index b94f8053..50e03461 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -111,7 +111,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bc862aca..77af0751 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons From c38dcb814b8883b9dd2b0d0634c797e1636b7f3d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 3 Aug 2023 16:14:49 -0600 Subject: [PATCH 052/279] adding a new line to the end of the file --- .secrets.baseline | 4 ++-- helm/gen3/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index d28066e8..24d4cf64 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-03T22:01:45Z", + "generated_at": "2023-08-03T22:14:44Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -365,7 +365,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 212, + "line_number": 203, "type": "Secret Keyword" } ], diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 9e9532cc..d62d77cd 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -375,4 +375,4 @@ secrets: # -- (str) AWS access key ID. Overrides global key. awsAccessKeyId: # -- (str) AWS secret access key ID. Overrides global key. - awsSecretAccessKey: \ No newline at end of file + awsSecretAccessKey: From 33f702e0297b0a5bafc06a742e4a63ccd23583c1 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 4 Aug 2023 08:33:16 -0600 Subject: [PATCH 053/279] updating the fence usersync job documentation to reflect the changes in the location of the aws access and secret access keys that are used to allow the job s3 access. --- docs/fence_usersync_job.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index a05ed7d6..b1890132 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -15,7 +15,7 @@ User lists can be synced from three sources: # S3 user.yaml Setup {#s3-setup} Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. -You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.usersync.secrets.awsAccessKeyId` and `.Values.usersync.secrets.awsSecretAccessKey` fields. +You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in `.Values.global.aws.awsAccessKeyId`/`.Values.global.aws.awsSecretAccessKey` or `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields. As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. From ca7f84c8e8adc951290fda6b3a176527cb6540fc Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 4 Aug 2023 13:37:18 -0600 Subject: [PATCH 054/279] addinng documentation for External Secrets and how to configure a Global Iam user --- docs/external_secrets.md | 143 +++++++++++++++++++++++++++++++++++ docs/fence_usersync_job.md | 7 +- docs/global_iam_helm_user.md | 55 ++++++++++++++ 3 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 docs/external_secrets.md create mode 100644 docs/global_iam_helm_user.md diff --git a/docs/external_secrets.md b/docs/external_secrets.md new file mode 100644 index 00000000..32b4c355 --- /dev/null +++ b/docs/external_secrets.md @@ -0,0 +1,143 @@ +# External Secrets Operator + + "External Secrets Operator" is a tool that was created by the Kubernetes community to manage external secrets in a Kubernetes cluster. It allows you to fetch and sync external secret values from various external secret management systems into Kubernetes secrets. One of the external secret management systems it can connect to is AWS Secrets Manager. Secrets Manager allows for the secure storing of your secrets as well as the ability to periodically and automatically rotate your secrets. + +This document will guide you through setting up the essential resources to access your secrets in AWS Secrets Manager and download the External Secrets Operator Helm chart. This way, you can effectively utilize your stored secrets with Helm. + +## Download External Secrets Operator and Create Resources in AWS. +You can use the following Bash script to apply the External Secrets Operator to your cluster and create the necessary AWS resources. Fill in the variables below to get started: + +***Notice: +The Gen3 Helm chart has various jobs and uses for an Iam user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same Iam user for External Secrets and jobs like ["Fence Usersync"](fence_usersync_job.md) or our "AWS ES Proxy Service", you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user. In case you opt for a global IAM user, please comment out the "create_iam_policy" and "create_iam_user" functions at the end of the script.*** + +``` +#!/bin/bash + +AWS_ACCOUNT="" +region="" +iam_policy="" +iam_user="" + +helm_install() +{ + echo "# ------------------ Install external-secrets via helm --------------------------#" + helm repo add external-secrets https://charts.external-secrets.io + helm install external-secrets \ + external-secrets/external-secrets \ + -n external-secrets \ + --create-namespace \ + --set installCRDs=true +} + +create_iam_policy() +{ + echo "# ------------------ create iam policy for secrets manager --------------------------#" + POLICY_ARN=$(aws iam create-policy --policy-name $iam_policy --policy-document '{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "secretsmanager:ListSecrets", + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "*" + ] + } + ] + }') + + iam_policy_arn=$(aws iam list-policies --query "Policies[?PolicyName=='$iam_policy'].Arn" --output text) + echo "Policy Arn: $iam_policy_arn" + # return $iam_policy_arn +} + +create_iam_user() +{ + echo "# ------------------ create user $iam_user --------------------------#" + aws iam create-user --user-name $iam_user + + echo "# ------------------ add iam user $iam_user to policy $iam_policy --------------------------#" + aws iam attach-user-policy --user-name $iam_user --policy-arn $iam_policy_arn + echo "aws iam attach-user-policy --user-name $iam_user --policy-arn $iam_policy_arn" + + echo "# ------------------ create access key and secret key for external-secrets --------------------------#" + aws iam create-access-key --user-name $iam_user > keys.json + access_key=$(jq -r .AccessKey.AccessKeyId keys.json) + secret_key=$(jq -r .AccessKey.SecretAccessKey keys.json) + kubectl create secret generic "$iam_user"-secret --from-literal=access-key=$access_key --from-literal=secret-access-key=$secret_key + rm keys.json +} + +helm_install +#comment out the below if using global iam user. +create_iam_policy +create_iam_user +``` + +***Please note that Terraform for the creation and population of Gen3 Secrets in Secrets Manager is in development currently. This Terraform will also create the Iam user and policies necessary to access these secrets.*** + +## Enabling External Secrets in Helm charts +To enable External Secrets to be used in a helm chart, you can set the `.Values.global.externalSecrets.deploy` field to "true" for an individual chart or globally by enabling this value in the Gen3 umbrella Helm chart. + +If you would like to only use External Secrets for specific charts, please ensure you set `.Values.global.externalSecrets.separate` to "true" in the appropriate charts to ensure a Secret Store can be created to authenticate with Secrets Manager. + +## Helm Iam User +If you are using a separate Iam user for Secrets Manager please follow the below instructions: + +This script Bash script at the beginning of this document should have created a secret titled "NameofIAMuser-user-secret" in your cluster. You will need to retrieve these values to input into your Helm chart for the Cluster Secret Store to authenticate with Secrets Manager. + + +Access Key: +``` +kubectl get secret "your secret name" -o jsonpath="{.data.access-key}" | base64 --decode +``` + + +Secret Access Key +``` +kubectl get secret "your secret name" -o jsonpath="{.data.secret-access-key}" | base64 --decode +``` + +You can paste the Iam access key and secret access key in the `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields in the values.yaml file for the chart(s) you would like to use external secrets for. + +Please note that only some Helm charts are compatible with External Secrets currently. We hope to expand this functionality in the future. If a chart is able to use External Secrets, you can see a `.Values.externalSecrets` section in the values.yaml file. + +## How External Secrets Works. +External Secrets relies on three main resources to function properly. (The below have links to examples of each resource) +1. Aws-config- Contains Access and Secret Access keys used by the Cluster Secret Store to authenticate with AWS Secrets Manager +2. Cluster Secret Store- Resource to Authenticate with AWS Secrets Manager +3. External Secret- References the Secret Store and is used as a "map" to tell External Secrets Operator what secret to grab from External Secrets and the name of the Kubernetes Secret to create locally. + + Anatomy of an ExternalSecret: + ``` + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + # Name of the External Secret resource + name: audit-g3auto + spec: + #How often to Sync with Secrets Manager + refreshInterval: 5m + secretStoreRef: + # The name of the Cluster Secret Store to use. + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + # What Kubernetes secret to create from the secret pulled from Secrets Manager. + name: audit-g3auto + creationPolicy: Owner + dataFrom: + - extract: + # The name of the secret pull from Secrets Manager + key: {{include "audit-g3auto" .}} + ``` + +The External Secrets resource will usually fail with "SecretSyncedError" when it cannot find the secret name that is supplied in Secrets Manager. If this happens, the secret may still exist in Kubernetes, but it will not be overwritten by the secret value in Secrets Manager. This is helpful to know if you want to enabled the use of Secrets Manager for some, but not all the secrets in a specific Helm chart. + +## Customizing the AWS Secrets Manager Secrets Name. +When pulling a secret from secrets manager, you want to ensure that the External Secret resource is referencing the proper name of the secret in Secrets Manager. +You can customize the name of the secret to pull from in the `.Values.externalSecrets` section of a Chart. You can see the name for the confiugrable secrets in a chart by looking in this section as well. + +Any string you put in this section will override the name of the secret that is pulled from Secrets Manager NOT the name of the Kubernetes secret that is created from the External Secret resource. diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index b1890132..a4230a0a 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -15,7 +15,10 @@ User lists can be synced from three sources: # S3 user.yaml Setup {#s3-setup} Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. -You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in `.Values.global.aws.awsAccessKeyId`/`.Values.global.aws.awsSecretAccessKey` or `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields. +You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.secrets.awsAccessKeyId` and `.Values.secrets.awsSecretAccessKey` fields. + +***Notice: +The Gen3 Helm chart has various jobs and uses for an Iam user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same Iam user for Fence Usersync, External Secrets, etc.- you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user.*** As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. @@ -59,7 +62,7 @@ For an example of a dbGap auth file (csv), please see [this](https://github.com/ -# Other Customizations +## Other Customizations The `.Values.usersync.schedule` option can be set to customize the cron schedule expression. The default setting is to have the job run once every 30 minutes. The `.Values.usersync.custom_image` can be set to override the default "awshelper" image for the init container of the userync cronjob. \ No newline at end of file diff --git a/docs/global_iam_helm_user.md b/docs/global_iam_helm_user.md new file mode 100644 index 00000000..e8f68507 --- /dev/null +++ b/docs/global_iam_helm_user.md @@ -0,0 +1,55 @@ +# AWS Iam Global User + +For Helm code resusability, we have added the functionality to use one iam user for various jobs/services. + +We are currently in the process of integrating this user into our Terraform code. In the meantime, you can manually create a global user by referring to this guide. + +## What this user can do in Helm +- Fence Usersync Job +- ES Index Restore +- Restore PGdump +- External Secrets +- AWS ES Proxy Service + + + +Example policy containing all the proper permissions: +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "s3:GetObject", + "Resource": [ + "arn:aws:s3:::$BUCKET/$ENVIRONMENT/*", + # Fence Usersync Job: Name of the userYamlS3Path containing the user.yaml file + "arn:aws:s3:::$BUCKET/$ENVIRONMENT/$VERSION/elasticsearch/*", + # ES Index Restore Job: Name of the dbRestoreBucket with the proper path to the ES dump files. + "arn:aws:s3:::$BUCKET/$ENVIRONMENT/$VERSION/pgdumps/*" + # DB PG Dump Restore Job: Name of the dbRestoreBucket with the proper path to the SQL dump files. + ] + }, + { + "Effect": "Allow", + "Action": [ + "secretsmanager:ListSecrets", + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "*" + # External Secrets: Leave as is to allow External Secrets access to your secrets in Secrets Manager. + ] + }, + { + "Effect": "Allow", + "Action": "es:*", + "Resource": "arn:aws:es:REGION:ACCOUNT_ID:domain/CLUSTER_NAME/*" + # AWS ES Proxy Service: Arn of your Elasticsearch Cluster in AWS. + } + ] +} +``` + +## After Creating the User +In order to integrate the user in Helm, paste in the values of your Access and Secret Access key in `.Values.global.aws.awsAccessKeyId` and `.Values.global.aws.awsSecretAccessKey` \ No newline at end of file From 8e7eec02f957f2a03968a58695b766769c2a8a5b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 4 Aug 2023 13:41:40 -0600 Subject: [PATCH 055/279] fixing one of the external secret yaml files and changing the default settings for indexd --- helm/fence/templates/external-secret.yaml | 2 +- helm/indexd/README.md | 8 ++++---- helm/indexd/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index f37d8287..dd4e3f7f 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -82,5 +82,5 @@ spec: dataFrom: - extract: #name of secret in secrets manager - key: {{include "fenceSmDbcreds" .}} + key: {{include "fence-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/indexd/README.md b/helm/indexd/README.md index e8108d81..3c037814 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -30,7 +30,7 @@ A Helm chart for gen3 indexd | externalSecrets | map | `{"indexdSmDbcreds":null}` | External Secrets settings. | | externalSecrets.indexdSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":true,"separate":true},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -40,9 +40,9 @@ A Helm chart for gen3 indexd | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":true,"separate":true}` | External Secrets settings. | -| global.externalSecrets.deploy | bool | `true` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | -| global.externalSecrets.separate | string | `true` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 4f4e0ef5..c2302ec0 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -61,9 +61,9 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. - deploy: true + deploy: false # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: true + separate: false # -- (map) External Secrets settings. externalSecrets: From 7da2bc1e866a799eeff1555ec832e50f595c49bf Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 21 Aug 2023 15:03:21 -0600 Subject: [PATCH 056/279] updating the volume mount for settings.py --- helm/peregrine/README.md | 2 +- helm/peregrine/templates/deployment.yaml | 6 ++---- helm/peregrine/values.yaml | 4 ++++ helm/sheepdog/README.md | 2 +- helm/sheepdog/values.yaml | 4 ++-- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 55b8da06..6f9f8c7b 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -100,7 +100,7 @@ A Helm chart for gen3 Peregrine service | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account | | tolerations | list | `[]` | Tolerations for the pods | -| volumeMounts | list | `nil` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ---------------------------------------------- diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index 561df45c..ed223cda 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -147,11 +147,9 @@ spec: value: "False" - name: CONF_HOSTNAME value: {{ .Values.global.hostname }} + {{- with .Values.volumeMounts }} volumeMounts: - - name: "config-volume" - readOnly: true - mountPath: "/var/www/peregrine/wsgi.py" - subPath: "settings.py" + {{- toYaml . | nindent 10 }} ports: - name: http containerPort: 80 diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index fe92f044..bca29606 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -203,6 +203,10 @@ volumes: # -- (list) Volumes to mount to the container. volumeMounts: + - name: "config-volume" + readOnly: true + mountPath: "/var/www/peregrine/settings.py" + subPath: "settings.py" # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 405df79c..7f707caf 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -122,7 +122,7 @@ A Helm chart for gen3 Sheepdog Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | -| volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/wsgi.py","name":"config-volume","readOnly":true,"subPath":"wsgi.py"}]` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 8a94905e..1ac1db3b 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -182,8 +182,8 @@ authNamespace: default volumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/www/sheepdog/wsgi.py" - subPath: "wsgi.py" + mountPath: "/var/www/sheepdog/settings.py" + subPath: "settings.py" # -- (map) Resource requests and limits for the containers in the pod resources: From f0fd53a6dfd785d3b8399e043d91286ba5e9b33b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 21 Aug 2023 15:08:19 -0600 Subject: [PATCH 057/279] adding in the "end" function to values.yaml --- helm/peregrine/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index ed223cda..e554be55 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -150,6 +150,7 @@ spec: {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} + {{- end }} ports: - name: http containerPort: 80 From 703b3416e5679bf227d8534f8e465942021c9808 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Wed, 23 Aug 2023 13:20:02 -0600 Subject: [PATCH 058/279] changing the gen3 umbrella chart to be able to use a local secret for external secrets --- .secrets.baseline | 4 ++-- helm/gen3/README.md | 3 +++ helm/gen3/templates/aws-config.yaml | 2 +- helm/gen3/templates/cluster-secret-store.yaml | 22 ++++++++++++++++++- helm/gen3/values.yaml | 5 +++++ 5 files changed, 32 insertions(+), 4 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 24d4cf64..3718a0a5 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-03T22:14:44Z", + "generated_at": "2023-08-23T19:17:36Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -365,7 +365,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 203, + "line_number": 208, "type": "Secret Keyword" } ], diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 77af0751..6dff3a79 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -201,6 +201,9 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.image | map | `{"repository":null,"tag":null}` | Docker image information. | | ssjdispatcher.image.repository | string | `nil` | The Docker image repository for the ssjdispatcher service. | | ssjdispatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| useLocalSecret.enabled | bool | `false` | | +| useLocalSecret.localSecretName | string | `nil` | | +| useLocalSecret.localSecretNamespace | string | `nil` | | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | | wts.image | map | `{"repository":null,"tag":null}` | Docker image information. | | wts.image.repository | string | `nil` | The Docker image repository for the wts service. | diff --git a/helm/gen3/templates/aws-config.yaml b/helm/gen3/templates/aws-config.yaml index 5fff9698..0adbb034 100644 --- a/helm/gen3/templates/aws-config.yaml +++ b/helm/gen3/templates/aws-config.yaml @@ -1,3 +1,3 @@ -{{- if .Values.global.aws.awsSecretAccessKey}} +{{- if and .Values.global.aws.awsSecretAccessKey (not .Values.useLocalSecret.enabled) }} {{ include "common.awsconfig" . }} {{- end -}} \ No newline at end of file diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml index 15558a80..1e01af1b 100644 --- a/helm/gen3/templates/cluster-secret-store.yaml +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -1,3 +1,23 @@ -{{ if .Values.global.externalSecrets.deploy }} +{{- if and .Values.global.externalSecrets.deploy (not .Values.useLocalSecret.enabled) }} {{ include "common.secretstore" . }} +{{- else if .Values.useLocalSecret.enabled }} +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{.Chart.Name}}-secret-store +spec: + provider: + aws: + service: SecretsManager + region: us-east-1 + auth: + secretRef: + accessKeyIDSecretRef: + name: {{ .Values.useLocalSecret.localSecretName }} + key: access-key + namespace: {{ .Values.useLocalSecret.localSecretNamespace }} + secretAccessKeySecretRef: + name: {{ .Values.useLocalSecret.localSecretName }} + key: secret-access-key + namespace: {{ .Values.useLocalSecret.localSecretNamespace }} {{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index d62d77cd..92aad101 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -54,6 +54,11 @@ global: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. deploy: false +useLocalSecret: + enabled: false + localSecretName: + localSecretNamespace: + # localSecretKey: # Dependancy Charts From f88cb7281dc4157bf82f5211f3768155b60c1da8 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Wed, 23 Aug 2023 14:42:30 -0600 Subject: [PATCH 059/279] fixing the include logic for sheepdog aws-config --- helm/sheepdog/templates/aws-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/sheepdog/templates/aws-config.yaml b/helm/sheepdog/templates/aws-config.yaml index 745635c1..398770d3 100644 --- a/helm/sheepdog/templates/aws-config.yaml +++ b/helm/sheepdog/templates/aws-config.yaml @@ -1,3 +1,3 @@ -{{- if or (.Values.dbRestore) (.Values.global.externalSecrets.deploy) }} +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} {{ include "common.awsconfig" . }} {{- end -}} \ No newline at end of file From 4131806285098d860af2953f273b0d663f713b93 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 28 Aug 2023 14:33:39 -0600 Subject: [PATCH 060/279] Editing the external secrets yaml files so unstructured secrets are pulled properly from secrets manager. Also, moving the local secret configuration option to the global section. --- .secrets.baseline | 4 +-- helm/arborist/templates/external-secret.yaml | 5 ++-- helm/audit/templates/external-secret.yaml | 10 +++++--- helm/common/templates/_restore_pgdump.tpl | 5 ++++ helm/fence/templates/external-secret.yaml | 25 +++++++++++-------- helm/gen3/README.md | 5 +--- helm/gen3/templates/aws-config.yaml | 2 +- helm/gen3/templates/cluster-secret-store.yaml | 12 ++++----- helm/gen3/values.yaml | 10 +++----- helm/indexd/templates/external-secrets.yaml | 5 ++-- .../templates/external-secret.yaml | 5 ++-- helm/metadata/templates/external-secret.yaml | 5 ++-- helm/peregrine/templates/external-secret.yaml | 5 ++-- helm/requestor/templates/external-secret.yaml | 7 +++--- helm/sheepdog/templates/external-secrets.yaml | 5 ++-- helm/wts/templates/external-secret.yaml | 5 ++-- 16 files changed, 65 insertions(+), 50 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 3718a0a5..1877bf36 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-23T19:17:36Z", + "generated_at": "2023-08-28T20:28:15Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -365,7 +365,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 208, + "line_number": 206, "type": "Secret Keyword" } ], diff --git a/helm/arborist/templates/external-secret.yaml b/helm/arborist/templates/external-secret.yaml index b0bca685..42ca56e0 100644 --- a/helm/arborist/templates/external-secret.yaml +++ b/helm/arborist/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "arborist-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/audit/templates/external-secret.yaml b/helm/audit/templates/external-secret.yaml index 56c36756..fca176ac 100644 --- a/helm/audit/templates/external-secret.yaml +++ b/helm/audit/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: audit-g3auto creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: audit-service-config.yaml + remoteRef: #name of secret in secrets manager key: {{include "audit-g3auto" .}} --- @@ -28,8 +29,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "audit-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/common/templates/_restore_pgdump.tpl b/helm/common/templates/_restore_pgdump.tpl index 3f7b4967..dffa024d 100644 --- a/helm/common/templates/_restore_pgdump.tpl +++ b/helm/common/templates/_restore_pgdump.tpl @@ -18,6 +18,11 @@ spec: - name: cred-volume secret: secretName: {{.Chart.Name}}-aws-config + {{- if .Values.global.aws.useLocalSecret.enabled -}} + secretName: {{ .Values.global.aws.useLocalSecret.localSecretName }} + {{ else }} + secretName: {{.Chart.Name}}-aws-config + {{ end }} containers: - name: restore-dbs image: quay.io/cdis/awshelper:master diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index dd4e3f7f..ece35301 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: fence-jwt-keys creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: jwt_private_key.pem + remoteRef: #name of secret in secrets manager key: {{include "fence-jwt-keys" .}} --- @@ -28,8 +29,9 @@ spec: target: name: fence-google-app-creds-secret creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: fence_google_app_creds_secret.json + remoteRef: #name of secret in secrets manager key: {{include "fence-google-app-creds-secret" .}} --- @@ -45,8 +47,9 @@ spec: target: name: fence-google-storage-creds-secret creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: fence_google_storage_creds_secret.json + remoteRef: #name of secret in secrets manager key: {{include "fence-google-storage-creds-secret" .}} --- @@ -62,8 +65,9 @@ spec: target: name: fence-config creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: fence-config.yaml + remoteRef: #name of secret in secrets manager key: {{include "fence-config" .}} --- @@ -79,8 +83,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "fence-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 6dff3a79..d8d73408 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -85,7 +85,7 @@ Helm chart to deploy Gen3 Data Commons | gitops.json | string | `nil` | multiline string - gitops.json | | gitops.logo | string | `nil` | - logo in base64 | | gitops.sponsors | string | `nil` | | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | @@ -201,9 +201,6 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.image | map | `{"repository":null,"tag":null}` | Docker image information. | | ssjdispatcher.image.repository | string | `nil` | The Docker image repository for the ssjdispatcher service. | | ssjdispatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| useLocalSecret.enabled | bool | `false` | | -| useLocalSecret.localSecretName | string | `nil` | | -| useLocalSecret.localSecretNamespace | string | `nil` | | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | | wts.image | map | `{"repository":null,"tag":null}` | Docker image information. | | wts.image.repository | string | `nil` | The Docker image repository for the wts service. | diff --git a/helm/gen3/templates/aws-config.yaml b/helm/gen3/templates/aws-config.yaml index 0adbb034..bec10059 100644 --- a/helm/gen3/templates/aws-config.yaml +++ b/helm/gen3/templates/aws-config.yaml @@ -1,3 +1,3 @@ -{{- if and .Values.global.aws.awsSecretAccessKey (not .Values.useLocalSecret.enabled) }} +{{- if and .Values.global.aws.awsSecretAccessKey (not .Values.global.aws.useLocalSecret.enabled) }} {{ include "common.awsconfig" . }} {{- end -}} \ No newline at end of file diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml index 1e01af1b..6251d0fb 100644 --- a/helm/gen3/templates/cluster-secret-store.yaml +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -1,6 +1,6 @@ -{{- if and .Values.global.externalSecrets.deploy (not .Values.useLocalSecret.enabled) }} +{{- if and .Values.global.externalSecrets.deploy (not .Values.global.aws.useLocalSecret.enabled) }} {{ include "common.secretstore" . }} -{{- else if .Values.useLocalSecret.enabled }} +{{- else if .Values.global.aws.useLocalSecret.enabled }} apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: @@ -13,11 +13,11 @@ spec: auth: secretRef: accessKeyIDSecretRef: - name: {{ .Values.useLocalSecret.localSecretName }} + name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: access-key - namespace: {{ .Values.useLocalSecret.localSecretNamespace }} + namespace: {{ .Values.global.aws.useLocalSecret.localSecretNamespace }} secretAccessKeySecretRef: - name: {{ .Values.useLocalSecret.localSecretName }} + name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: secret-access-key - namespace: {{ .Values.useLocalSecret.localSecretNamespace }} + namespace: {{ .Values.global.aws.useLocalSecret.localSecretNamespace }} {{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 92aad101..dc2c930c 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -11,6 +11,10 @@ global: awsAccessKeyId: # -- (string) Credentials for AWS stuff. awsSecretAccessKey: + useLocalSecret: + enabled: false + localSecretName: + localSecretNamespace: # -- (bool) Deploys postgres/elasticsearch for dev dev: true postgres: @@ -54,12 +58,6 @@ global: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. deploy: false -useLocalSecret: - enabled: false - localSecretName: - localSecretNamespace: - # localSecretKey: - # Dependancy Charts ambassador: diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml index 5921b810..7a00916f 100644 --- a/helm/indexd/templates/external-secrets.yaml +++ b/helm/indexd/templates/external-secrets.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "indexd-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/manifestservice/templates/external-secret.yaml b/helm/manifestservice/templates/external-secret.yaml index 51d31656..27b2c143 100644 --- a/helm/manifestservice/templates/external-secret.yaml +++ b/helm/manifestservice/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: manifestservice-g3auto creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: config.json + remoteRef: #name of secret in secrets manager key: {{include "manifestservice-g3auto" .}} {{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/external-secret.yaml b/helm/metadata/templates/external-secret.yaml index 179c5f77..478d262e 100644 --- a/helm/metadata/templates/external-secret.yaml +++ b/helm/metadata/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "metadata-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/peregrine/templates/external-secret.yaml b/helm/peregrine/templates/external-secret.yaml index a25b7a45..92cfab01 100644 --- a/helm/peregrine/templates/external-secret.yaml +++ b/helm/peregrine/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "peregrine-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/requestor/templates/external-secret.yaml b/helm/requestor/templates/external-secret.yaml index 9476e59b..01e37420 100644 --- a/helm/requestor/templates/external-secret.yaml +++ b/helm/requestor/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager - key: {{include "requestor-sm-dbcreds" .}} + key: {{nclude "requestor-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/sheepdog/templates/external-secrets.yaml b/helm/sheepdog/templates/external-secrets.yaml index afd441e2..25c8912f 100644 --- a/helm/sheepdog/templates/external-secrets.yaml +++ b/helm/sheepdog/templates/external-secrets.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "sheepdog-sm-dbcreds" .}} {{- end }} \ No newline at end of file diff --git a/helm/wts/templates/external-secret.yaml b/helm/wts/templates/external-secret.yaml index d18abd46..0ac706f6 100644 --- a/helm/wts/templates/external-secret.yaml +++ b/helm/wts/templates/external-secret.yaml @@ -11,8 +11,9 @@ spec: target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner - dataFrom: - - extract: + data: + - secretKey: data + remoteRef: #name of secret in secrets manager key: {{include "wts-sm-dbcreds" .}} {{- end }} \ No newline at end of file From e45b280bcae6f50c5242f21f7ca1e912cfd6af1d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 28 Aug 2023 15:25:26 -0600 Subject: [PATCH 061/279] fixing small typo --- helm/requestor/templates/external-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/requestor/templates/external-secret.yaml b/helm/requestor/templates/external-secret.yaml index 01e37420..048097fc 100644 --- a/helm/requestor/templates/external-secret.yaml +++ b/helm/requestor/templates/external-secret.yaml @@ -15,5 +15,5 @@ spec: - secretKey: data remoteRef: #name of secret in secrets manager - key: {{nclude "requestor-sm-dbcreds" .}} + key: {{include "requestor-sm-dbcreds" .}} {{- end }} \ No newline at end of file From bb6235cecd2fe35b5c0a4e92be02d31d4f7d467d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 29 Aug 2023 15:04:22 -0600 Subject: [PATCH 062/279] modifying the documentation as I added the ability to use a local secret for external secrets and fence. Edited the fence cronjob so it can now use a local secret if supplied. --- .secrets.baseline | 6 +++--- docs/external_secrets.md | 10 +++++++--- docs/fence_usersync_job.md | 2 ++ helm/fence/README.md | 8 ++++++-- helm/fence/templates/usersync-cron.yaml | 4 ++++ helm/fence/values.yaml | 8 ++++++++ helm/gen3/README.md | 4 ++++ helm/gen3/values.yaml | 4 ++++ 8 files changed, 38 insertions(+), 8 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 1877bf36..72a90745 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-28T20:28:15Z", + "generated_at": "2023-08-29T21:02:31Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -347,7 +347,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1944, + "line_number": 1952, "type": "Secret Keyword" } ], @@ -365,7 +365,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 206, + "line_number": 210, "type": "Secret Keyword" } ], diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 32b4c355..0852135d 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -102,6 +102,8 @@ kubectl get secret "your secret name" -o jsonpath="{.data.secret-access-key}" | You can paste the Iam access key and secret access key in the `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields in the values.yaml file for the chart(s) you would like to use external secrets for. +If you are deploying external secrets with the Gen3 umbrella chart, you can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. + Please note that only some Helm charts are compatible with External Secrets currently. We hope to expand this functionality in the future. If a chart is able to use External Secrets, you can see a `.Values.externalSecrets` section in the values.yaml file. ## How External Secrets Works. @@ -128,9 +130,11 @@ External Secrets relies on three main resources to function properly. (The below # What Kubernetes secret to create from the secret pulled from Secrets Manager. name: audit-g3auto creationPolicy: Owner - dataFrom: - - extract: - # The name of the secret pull from Secrets Manager + data: + # the key inside the new Kubernetes secret + - secretKey: audit-service-config.yaml + remoteRef: + #name of secret in secrets manager key: {{include "audit-g3auto" .}} ``` diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index a4230a0a..dc8d6ea8 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -17,6 +17,8 @@ Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_gu You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.secrets.awsAccessKeyId` and `.Values.secrets.awsSecretAccessKey` fields. +You can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. + ***Notice: The Gen3 Helm chart has various jobs and uses for an Iam user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same Iam user for Fence Usersync, External Secrets, etc.- you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user.*** diff --git a/helm/fence/README.md b/helm/fence/README.md index af3a93ac..09a300ce 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -96,11 +96,15 @@ A Helm chart for gen3 Fence | externalSecrets.fenceJwtKeys | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" | | externalSecrets.fenceSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null,"localSecretNamespace":null}` | Local secret setting if using a pre-exising secret. | +| global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | +| global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | +| global.aws.useLocalSecret.localSecretNamespace | string | `nil` | Namespace of the local secret. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 3d8d8316..7bf9d8b8 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -52,7 +52,11 @@ spec: emptyDir: {} - name: cred-volume secret: + {{- if .Values.global.aws.useLocalSecret.enabled }} + secretName: {{ .Values.global.aws.useLocalSecret.localSecretName }} + {{- else }} secretName: {{.Chart.Name}}-aws-config + {{- end }} initContainers: - name: wait-for-fence image: curlimages/curl:latest diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 287d28b1..300fd24a 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -12,6 +12,14 @@ global: awsAccessKeyId: # -- (string) Credentials for AWS stuff. awsSecretAccessKey: + # -- (map) Local secret setting if using a pre-exising secret. + useLocalSecret: + # -- (bool) Set to true if you would like to use a secret that is already running on your cluster. + enabled: false + # -- (string) Name of the local secret. + localSecretName: + # -- (string) Namespace of the local secret. + localSecretNamespace: # -- (bool) Whether the deployment is for development purposes. dev: true # -- (map) Postgres database configuration. diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d8d73408..c1cbb407 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -89,6 +89,10 @@ Helm chart to deploy Gen3 Data Commons | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null,"localSecretNamespace":null}` | Local secret setting if using a pre-exising secret. | +| global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | +| global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | +| global.aws.useLocalSecret.localSecretNamespace | string | `nil` | Namespace of the local secret. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index dc2c930c..7c0c0839 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -11,9 +11,13 @@ global: awsAccessKeyId: # -- (string) Credentials for AWS stuff. awsSecretAccessKey: + # -- (map) Local secret setting if using a pre-exising secret. useLocalSecret: + # -- (bool) Set to true if you would like to use a secret that is already running on your cluster. enabled: false + # -- (string) Name of the local secret. localSecretName: + # -- (string) Namespace of the local secret. localSecretNamespace: # -- (bool) Deploys postgres/elasticsearch for dev dev: true From 20b337959f38a379df936e172aa4751c78f703bd Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 7 Sep 2023 17:23:26 -0600 Subject: [PATCH 063/279] Simplify dbcreds externalSecrets --- .secrets.baseline | 332 ++++-------------- helm/ambassador/README.md | 1 - helm/ambassador/values.yaml | 3 +- helm/arborist/README.md | 9 +- helm/arborist/templates/_helpers.tpl | 21 -- helm/arborist/templates/db-init.yaml | 5 +- helm/arborist/templates/external-secret.yaml | 20 +- helm/arborist/values.yaml | 11 +- helm/argo-wrapper/README.md | 1 - helm/argo-wrapper/values.yaml | 3 +- helm/audit/README.md | 9 +- helm/audit/templates/_helpers.tpl | 10 - helm/audit/templates/db-init.yaml | 5 +- helm/audit/templates/external-secret.yaml | 20 +- helm/audit/values.yaml | 11 +- helm/aws-es-proxy/README.md | 1 - helm/aws-es-proxy/values.yaml | 3 +- helm/common/README.md | 5 +- helm/common/templates/_db_setup_job.tpl | 30 ++ helm/common/templates/_external_secrets.tpl | 36 ++ helm/common/values.yaml | 9 +- helm/dicom-server/README.md | 1 - helm/dicom-server/values.yaml | 3 +- helm/dicom-viewer/README.md | 1 - helm/dicom-viewer/values.yaml | 3 +- helm/elasticsearch/README.md | 1 - helm/elasticsearch/values.yaml | 3 +- helm/fence/README.md | 11 +- helm/fence/templates/db-init.yaml | 5 +- helm/fence/templates/external-secret.yaml | 20 +- helm/fence/values.yaml | 13 +- helm/gen3/README.md | 4 +- helm/gen3/values.yaml | 5 +- helm/guppy/README.md | 7 +- helm/guppy/values.yaml | 11 +- helm/hatchery/README.md | 5 +- helm/hatchery/values.yaml | 9 +- helm/indexd/README.md | 11 +- helm/indexd/templates/_helpers.tpl | 11 - helm/indexd/templates/db-init.yaml | 2 + helm/indexd/templates/external-secrets.yaml | 20 +- helm/indexd/values.yaml | 13 +- helm/manifestservice/README.md | 1 - helm/manifestservice/values.yaml | 3 +- helm/metadata/README.md | 9 +- helm/metadata/templates/_helpers.tpl | 22 -- helm/metadata/templates/external-secret.yaml | 20 +- helm/metadata/values.yaml | 11 +- helm/peregrine/README.md | 9 +- helm/peregrine/templates/db-init.yaml | 5 +- helm/peregrine/templates/external-secret.yaml | 20 +- helm/peregrine/values.yaml | 11 +- helm/pidgin/README.md | 5 +- helm/pidgin/values.yaml | 9 +- helm/portal/README.md | 7 +- helm/portal/values.yaml | 11 +- helm/requestor/README.md | 9 +- helm/requestor/templates/_helpers.tpl | 24 +- helm/requestor/templates/db-init.yaml | 5 +- helm/requestor/templates/external-secret.yaml | 20 +- helm/requestor/values.yaml | 11 +- helm/revproxy/README.md | 9 +- helm/revproxy/values.yaml | 11 +- helm/sheepdog/README.md | 9 +- helm/sheepdog/templates/_helpers.tpl | 24 +- helm/sheepdog/templates/external-secrets.yaml | 20 +- helm/sheepdog/values.yaml | 11 +- helm/sower/README.md | 5 +- helm/sower/values.yaml | 9 +- helm/ssjdispatcher/README.md | 5 +- helm/ssjdispatcher/values.yaml | 9 +- helm/wts/README.md | 9 +- helm/wts/templates/_helpers.tpl | 22 -- helm/wts/templates/db-init.yaml | 5 +- helm/wts/templates/external-secret.yaml | 20 +- helm/wts/values.yaml | 11 +- 76 files changed, 353 insertions(+), 742 deletions(-) create mode 100644 helm/common/templates/_external_secrets.tpl diff --git a/.secrets.baseline b/.secrets.baseline index 72a90745..e2a9d95b 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-08-29T21:02:31Z", + "generated_at": "2023-09-07T23:22:53Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -127,85 +127,43 @@ } ], "helm/arborist/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 34, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 54, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 73, "type": "Secret Keyword" } ], "helm/audit/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 43, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 63, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 64, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 85, + "line_number": 84, "type": "Secret Keyword" } ], "helm/common/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 11, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 22, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 24, + "line_number": 23, "type": "Secret Keyword" } ], @@ -230,14 +188,14 @@ "hashed_secret": "b47233f6f28e9716c72d5eba0278edea3a24baad", "is_secret": false, "is_verified": false, - "line_number": 39, + "line_number": 38, "type": "Secret Keyword" }, { "hashed_secret": "3f6d5580af2ddf647ca25346aa6ec9c434577d05", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 54, "type": "Secret Keyword" } ], @@ -246,44 +204,44 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 79, + "line_number": 80, "type": "Secret Keyword" } ], "helm/fence/README.md": [ { - "hashed_secret": "49bed5bac5cc06bafd528df89918bf34973861ec", + "hashed_secret": "4d10c0e4e0b7e73c9e709a15b81dbfa7ed3d91cc", "is_secret": false, "is_verified": false, - "line_number": 93, + "line_number": 92, "type": "Secret Keyword" }, { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", + "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", "is_secret": false, "is_verified": false, - "line_number": 106, + "line_number": 99, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 108, + "line_number": 124, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 135, + "line_number": 151, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 181, + "line_number": 197, "type": "Secret Keyword" } ], @@ -347,16 +305,23 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1952, + "line_number": 1955, "type": "Secret Keyword" } ], "helm/gen3/README.md": [ + { + "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", + "is_secret": false, + "is_verified": false, + "line_number": 88, + "type": "Secret Keyword" + }, { "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 118, + "line_number": 122, "type": "Secret Keyword" } ], @@ -365,60 +330,32 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 210, + "line_number": 211, "type": "Secret Keyword" } ], "helm/guppy/README.md": [ - { - "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", - "is_secret": false, - "is_verified": false, - "line_number": 43, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 60, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 61, "type": "Secret Keyword" } ], "helm/hatchery/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 30, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 47, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 48, "type": "Secret Keyword" }, { "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", "is_secret": false, "is_verified": false, - "line_number": 57, + "line_number": 56, "type": "Secret Keyword" } ], @@ -427,44 +364,30 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 186, + "line_number": 189, "type": "Secret Keyword" } ], "helm/indexd/README.md": [ - { - "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", - "is_secret": false, - "is_verified": false, - "line_number": 33, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 53, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 73, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 108, + "line_number": 107, "type": "Secret Keyword" } ], @@ -482,11 +405,11 @@ "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 86, + "line_number": 85, "type": "Secret Keyword" } ], - "helm/manifestservice/templates/metadataservice-creds.yaml": [ + "helm/manifestservice/templates/manifestservice-creds.yaml": [ { "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", "is_secret": false, @@ -496,69 +419,41 @@ } ], "helm/metadata/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 43, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 63, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 64, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 84, + "line_number": 83, "type": "Secret Keyword" } ], "helm/peregrine/README.md": [ - { - "hashed_secret": "4e7b6794afbe3027589b92744144f18a3920b115", - "is_secret": false, - "is_verified": false, - "line_number": 34, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 54, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 72, + "line_number": 71, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 104, + "line_number": 103, "type": "Secret Keyword" } ], @@ -581,32 +476,18 @@ } ], "helm/pidgin/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 36, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 53, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 54, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 67, + "line_number": 66, "type": "Secret Keyword" } ], @@ -625,25 +506,11 @@ "line_number": 41, "type": "Base64 High Entropy String" }, - { - "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", - "is_secret": false, - "is_verified": false, - "line_number": 42, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 59, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 60, "type": "Secret Keyword" } ], @@ -651,66 +518,45 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 469, + "line_number": 472, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 472, + "line_number": 475, "type": "Base64 High Entropy String" } ], "helm/requestor/README.md": [ - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 63, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 64, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 88, + "line_number": 87, "type": "Secret Keyword" } ], "helm/revproxy/README.md": [ - { - "hashed_secret": "5f0d5766b5954edbce68e73920428d26b9a293c8", - "is_secret": false, - "is_verified": false, - "line_number": 29, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 46, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 47, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 73, + "line_number": 74, "type": "Secret Keyword" } ], @@ -724,53 +570,39 @@ } ], "helm/sheepdog/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 43, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 63, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 64, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 80, + "line_number": 79, "type": "Secret Keyword" }, { "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", "is_secret": false, "is_verified": false, - "line_number": 101, + "line_number": 100, "type": "Secret Keyword" }, { "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 110, + "line_number": 109, "type": "Secret Keyword" }, { "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", "is_secret": false, "is_verified": false, - "line_number": 112, + "line_number": 111, "type": "Secret Keyword" } ], @@ -797,30 +629,16 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 240, + "line_number": 243, "type": "Secret Keyword" } ], "helm/sower/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 36, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 51, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 52, "type": "Secret Keyword" } ], @@ -834,32 +652,18 @@ } ], "helm/ssjdispatcher/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 40, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 57, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 58, "type": "Secret Keyword" }, { "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", "is_secret": false, "is_verified": false, - "line_number": 114, + "line_number": 113, "type": "Secret Keyword" } ], @@ -877,37 +681,23 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 215, + "line_number": 218, "type": "Secret Keyword" } ], "helm/wts/README.md": [ - { - "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", - "is_secret": false, - "is_verified": false, - "line_number": 32, - "type": "Secret Keyword" - }, - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 52, - "type": "Secret Keyword" - }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 53, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 74, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 06e4b0e2..e6489c31 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -26,7 +26,6 @@ A Helm chart for deploying ambassador for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `"ambassador-deployment"` | Override the full name of the deployment. | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index f3f6be41..0a78ca53 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -1,8 +1,7 @@ # Default values for ambassador. # This is a YAML-formatted file. # Declare variables to be passed into your templates. - -# -- (map) Global configuration options. +# Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 7df700a8..d5914a34 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -28,10 +28,9 @@ A Helm chart for gen3 arborist | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | -| externalSecrets | map | `{"arboristSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.arboristSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -39,7 +38,7 @@ A Helm chart for gen3 arborist | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. | @@ -51,8 +50,8 @@ A Helm chart for gen3 arborist | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/arborist/templates/_helpers.tpl b/helm/arborist/templates/_helpers.tpl index 1dfea5b1..9a85f4bd 100644 --- a/helm/arborist/templates/_helpers.tpl +++ b/helm/arborist/templates/_helpers.tpl @@ -79,24 +79,3 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "arborist-sm-dbcreds" -}} -{{- if .Values.externalSecrets.arboristSmDbcreds }} - {{- default .Values.externalSecrets.arboristSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index abbefb6e..6738ad76 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/arborist/templates/external-secret.yaml b/helm/arborist/templates/external-secret.yaml index 42ca56e0..70c278fe 100644 --- a/helm/arborist/templates/external-secret.yaml +++ b/helm/arborist/templates/external-secret.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "arborist-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index 0ca7ff07..fd9091f4 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -66,7 +69,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - arboristSmDbcreds: + dbcreds: # -- (map) Secret information for External Secrets. secrets: # -- (str) AWS access key ID. Overrides global key. diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index b5f7b3a1..29f396e2 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -32,7 +32,6 @@ A Helm chart for gen3 Argo Wrapper Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | environment | string | `"default"` | Environment name. | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index 47c711b0..e98ca8a7 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default diff --git a/helm/audit/README.md b/helm/audit/README.md index 49ec0eca..760da3c9 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -36,11 +36,10 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"auditG3auto":null,"auditSmDbcreds":null}` | External Secrets settings. | +| externalSecrets | map | `{"auditG3auto":null,"dbcreds":null}` | External Secrets settings. | | externalSecrets.auditG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "audit-g3auto" | -| externalSecrets.auditSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +47,7 @@ A Helm chart for Kubernetes | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | @@ -60,8 +59,8 @@ A Helm chart for Kubernetes | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/audit/templates/_helpers.tpl b/helm/audit/templates/_helpers.tpl index 08700261..ee0e4c3f 100644 --- a/helm/audit/templates/_helpers.tpl +++ b/helm/audit/templates/_helpers.tpl @@ -97,13 +97,3 @@ Create the name of the service account to use {{- default "audit-g3auto" .Values.externalSecrets.auditG3auto }} {{- end }} -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "audit-sm-dbcreds" -}} -{{- if .Values.externalSecrets.auditSmDbcreds }} - {{- default .Values.externalSecrets.auditSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index 50bd8e8f..f691b8e9 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/audit/templates/external-secret.yaml b/helm/audit/templates/external-secret.yaml index fca176ac..6302b3d2 100644 --- a/helm/audit/templates/external-secret.yaml +++ b/helm/audit/templates/external-secret.yaml @@ -16,22 +16,6 @@ spec: remoteRef: #name of secret in secrets manager key: {{include "audit-g3auto" .}} +{{- end }} --- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "audit-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index b8b31d23..fe372d8a 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -1,7 +1,8 @@ # Default values for audit. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -13,10 +14,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -48,7 +51,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -67,7 +70,7 @@ externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "audit-g3auto" auditG3auto: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - auditSmDbcreds: + dbcreds: # -- (map) Secret information for External Secrets. secrets: # -- (str) AWS access key ID. Overrides global key. diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 7ddd2bfc..3c0e30b7 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -26,7 +26,6 @@ A Helm chart for AWS ES Proxy Service for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index e2f11aee..1666f771 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: diff --git a/helm/common/README.md b/helm/common/README.md index a93a01fa..72b9bd35 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -8,19 +8,18 @@ A Helm chart for provisioning databases in gen3 | Key | Type | Default | Description | |-----|------|---------|-------------| -| global | map | `{"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index 7acd75bb..f48decb9 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -58,16 +58,44 @@ spec: name: {{ .Release.Name }}-postgresql key: postgres-password optional: false + {{- else if $.Values.global.postgres.externalSecret }} + valueFrom: + secretKeyRef: + name: {{ $.Values.global.postgres.externalSecret }} + key: password + optional: false {{- else }} value: {{ .Values.global.postgres.master.password | quote}} {{- end }} - name: PGUSER + {{- if $.Values.global.postgres.externalSecret }} + valueFrom: + secretKeyRef: + name: {{ $.Values.global.postgres.externalSecret }} + key: username + optional: false + {{- else }} value: {{ .Values.global.postgres.master.username | quote }} + {{- end }} - name: PGPORT + {{- if $.Values.global.postgres.externalSecret }} + valueFrom: + secretKeyRef: + name: {{ $.Values.global.postgres.externalSecret }} + key: port + optional: false + {{- else }} value: {{ .Values.global.postgres.master.port | quote }} + {{- end }} - name: PGHOST {{- if $.Values.global.dev }} value: "{{ .Release.Name }}-postgresql" + {{- else if $.Values.global.postgres.externalSecret }} + valueFrom: + secretKeyRef: + name: {{ $.Values.global.postgres.externalSecret }} + key: host + optional: false {{- else }} value: {{ .Values.global.postgres.master.host | quote }} {{- end }} @@ -140,6 +168,7 @@ Create k8s secrets for connecting to postgres */}} # DB Secrets {{- define "common.db-secret" -}} +{{- if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -154,4 +183,5 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl new file mode 100644 index 00000000..fd8f402e --- /dev/null +++ b/helm/common/templates/_external_secrets.tpl @@ -0,0 +1,36 @@ +{{/* + Service DB Creds Secrets Manager Name +*/}} +{{- define "common.externalSecret.dbcreds.name" -}} +{{- if .Values.externalSecrets.dbcreds }} + {{- default .Values.externalSecrets.dbcreds }} +{{- else }} + {{- .Values.global.environment }}- {{- .Chart.Name }}-creds +{{- end -}} +{{- end -}} + + +{{/* + ExternalSecrets Object +*/}} +{{- define "common.externalSecret.db" -}} +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ $.Chart.Name }}-dbcreds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: {{ $.Chart.Name }}-dbcreds + creationPolicy: Owner + dataFrom: + - extract: + key: {{include "common.externalSecret.dbcreds.name" .}} + conversionStrategy: Default + decodingStrategy: None +{{- end }} +{{- end -}} diff --git a/helm/common/values.yaml b/helm/common/values.yaml index d61b0b39..3d3d2297 100644 --- a/helm/common/values.yaml +++ b/helm/common/values.yaml @@ -2,14 +2,17 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -41,6 +44,6 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index fd8c52f9..a1a11814 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -24,7 +24,6 @@ A Helm chart for gen3 Dicom Server | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index d4dcdcc7..3cf06900 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 78ea3e63..d2bb751c 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -24,7 +24,6 @@ A Helm chart for gen3 Dicom Viewer | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"ddEnabled":false,"environment":"default","minAvialable":1,"pdb":false}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 0fa31147..01c3995b 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md index 132f8fa7..2a3e7758 100644 --- a/helm/elasticsearch/README.md +++ b/helm/elasticsearch/README.md @@ -25,7 +25,6 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | image.pullPolicy | string | `"IfNotPresent"` | | diff --git a/helm/elasticsearch/values.yaml b/helm/elasticsearch/values.yaml index 2f06d61e..7188c66b 100644 --- a/helm/elasticsearch/values.yaml +++ b/helm/elasticsearch/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default diff --git a/helm/fence/README.md b/helm/fence/README.md index 09a300ce..6456cf28 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -89,14 +89,13 @@ A Helm chart for gen3 Fence | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null,"fenceSmDbcreds":null}` | External Secrets settings. | +| externalSecrets | map | `{"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | externalSecrets.fenceConfig | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-config" | | externalSecrets.fenceGoogleAppCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" | | externalSecrets.fenceGoogleStorageCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-storage-creds-secret" | | externalSecrets.fenceJwtKeys | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" | -| externalSecrets.fenceSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -108,7 +107,7 @@ A Helm chart for gen3 Fence | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. | @@ -120,8 +119,8 @@ A Helm chart for gen3 Fence | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | @@ -131,7 +130,7 @@ A Helm chart for gen3 Fence | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/fence/templates/db-init.yaml b/helm/fence/templates/db-init.yaml index abbefb6e..6738ad76 100644 --- a/helm/fence/templates/db-init.yaml +++ b/helm/fence/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index ece35301..b5115387 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -70,22 +70,6 @@ spec: remoteRef: #name of secret in secrets manager key: {{include "fence-config" .}} +{{- end }} --- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "fence-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 300fd24a..ec8defd8 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -22,10 +23,12 @@ global: localSecretNamespace: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -57,11 +60,11 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -86,7 +89,7 @@ externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-config" fenceConfig: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - fenceSmDbcreds: + dbcreds: # -- (map) Configuration options for usersync cronjob. usersync: diff --git a/helm/gen3/README.md b/helm/gen3/README.md index c1cbb407..c4e2f8c8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -96,7 +96,7 @@ Helm chart to deploy Gen3 Data Commons | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | | global.externalSecrets | map | `{"deploy":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | @@ -111,7 +111,7 @@ Helm chart to deploy Gen3 Data Commons | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 7c0c0839..ba1b08f2 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -2,6 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# Global configuration global: # -- (map) AWS configuration aws: @@ -50,11 +51,11 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (map) External Secrets settings. diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f8c99a11..b40f3744 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -40,7 +40,6 @@ A Helm chart for gen3 Guppy Service | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +47,7 @@ A Helm chart for gen3 Guppy Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -57,8 +56,8 @@ A Helm chart for gen3 Guppy Service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | @@ -67,7 +66,7 @@ A Helm chart for gen3 Guppy Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index fafd7c37..f744257f 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -47,11 +50,11 @@ global: # -- (string) Access level for tiers. tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 4e7bfe3c..40ce0d73 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -27,7 +27,6 @@ A Helm chart for gen3 Hatchery | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -35,7 +34,7 @@ A Helm chart for gen3 Hatchery | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -44,8 +43,8 @@ A Helm chart for gen3 Hatchery | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 27127335..739f9457 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 3c037814..e7698753 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -27,10 +27,9 @@ A Helm chart for gen3 indexd | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"indexdSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.indexdSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -38,7 +37,7 @@ A Helm chart for gen3 indexd | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | @@ -50,8 +49,8 @@ A Helm chart for gen3 indexd | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | @@ -60,7 +59,7 @@ A Helm chart for gen3 indexd | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/indexd"` | The Docker image repository for the indexd service | diff --git a/helm/indexd/templates/_helpers.tpl b/helm/indexd/templates/_helpers.tpl index 21635df6..0c6704b6 100644 --- a/helm/indexd/templates/_helpers.tpl +++ b/helm/indexd/templates/_helpers.tpl @@ -113,14 +113,3 @@ Create the name of the service account to use {{- default "gen3-secret-store"}} {{- end -}} {{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "indexd-sm-dbcreds" -}} -{{- if .Values.externalSecrets.indexdSmDbcreds }} - {{- default .Values.externalSecrets.indexdSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} diff --git a/helm/indexd/templates/db-init.yaml b/helm/indexd/templates/db-init.yaml index 0393aa73..d25e1779 100644 --- a/helm/indexd/templates/db-init.yaml +++ b/helm/indexd/templates/db-init.yaml @@ -1,4 +1,6 @@ +{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} +{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml index 7a00916f..70c278fe 100644 --- a/helm/indexd/templates/external-secrets.yaml +++ b/helm/indexd/templates/external-secrets.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "indexd-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index c2302ec0..ec9379bb 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -47,11 +50,11 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -68,7 +71,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - indexdSmDbcreds: + dbcreds: # -- (map) Values for indexd secret. secrets: diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index ad10c8c8..c7294538 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -35,7 +35,6 @@ A Helm chart for Kubernetes | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | externalSecrets | map | `{"manifestserviceG3auto":null}` | External Secrets settings. | | externalSecrets.manifestserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "manifestservice-g3auto" | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"minAvialable":1,"pdb":false}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 4d1d0f67..ad768455 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 8e115391..157751bf 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -38,9 +38,8 @@ A Helm chart for gen3 Metadata Service | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | -| externalSecrets | map | `{"metadataSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.metadataSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +47,7 @@ A Helm chart for gen3 Metadata Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. | @@ -60,8 +59,8 @@ A Helm chart for gen3 Metadata Service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/metadata/templates/_helpers.tpl b/helm/metadata/templates/_helpers.tpl index ef1edcef..f8424983 100644 --- a/helm/metadata/templates/_helpers.tpl +++ b/helm/metadata/templates/_helpers.tpl @@ -77,25 +77,3 @@ Create the name of the service account to use {{- default .Values.postgres.password }} {{- end }} {{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "metadata-sm-dbcreds" -}} -{{- if .Values.externalSecrets.metadataSmDbcreds }} - {{- default .Values.externalSecrets.metadataSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} diff --git a/helm/metadata/templates/external-secret.yaml b/helm/metadata/templates/external-secret.yaml index 478d262e..70c278fe 100644 --- a/helm/metadata/templates/external-secret.yaml +++ b/helm/metadata/templates/external-secret.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "metadata-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index cfdb6fd0..0f9c6d7d 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -66,7 +69,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - metadataSmDbcreds: + dbcreds: # -- (map) Secret information to access the db restore job S3 bucket. secrets: # -- (str) AWS access key ID. Overrides global key. diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 6f9f8c7b..891b516b 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -28,10 +28,9 @@ A Helm chart for gen3 Peregrine service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | -| externalSecrets | map | `{"peregrineSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.peregrineSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -39,7 +38,7 @@ A Helm chart for gen3 Peregrine service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. | @@ -51,8 +50,8 @@ A Helm chart for gen3 Peregrine service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/peregrine/templates/db-init.yaml b/helm/peregrine/templates/db-init.yaml index abbefb6e..6738ad76 100644 --- a/helm/peregrine/templates/db-init.yaml +++ b/helm/peregrine/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/peregrine/templates/external-secret.yaml b/helm/peregrine/templates/external-secret.yaml index 92cfab01..70c278fe 100644 --- a/helm/peregrine/templates/external-secret.yaml +++ b/helm/peregrine/templates/external-secret.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "peregrine-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index bca29606..58553889 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -1,7 +1,8 @@ # Default values for peregrine. # This is a YAML-formatted file. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -13,10 +14,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -46,7 +49,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -63,7 +66,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - peregrineSmDbcreds: + dbcreds: # -- (map) Secret information for External Secrets. secrets: # -- (str) AWS access key ID. Overrides global key. diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 72b5f9bc..3172a0fc 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -33,7 +33,6 @@ A Helm chart for gen3 Pidgin Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -41,7 +40,7 @@ A Helm chart for gen3 Pidgin Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -50,8 +49,8 @@ A Helm chart for gen3 Pidgin Service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index fb683716..414d642b 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/portal/README.md b/helm/portal/README.md index a1287bff..acccd3e1 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -39,7 +39,6 @@ A Helm chart for gen3 data-portal | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | | gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -47,7 +46,7 @@ A Helm chart for gen3 data-portal | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -56,8 +55,8 @@ A Helm chart for gen3 data-portal | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | @@ -66,7 +65,7 @@ A Helm chart for gen3 data-portal | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index fa1e8467..b3b57347 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -1,7 +1,8 @@ # Default values for portal. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -13,10 +14,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -46,11 +49,11 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 706c6391..81e88c92 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -36,9 +36,8 @@ A Helm chart for gen3 Requestor Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| externalSecrets | map | `{"requestorSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.requestorSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | -| global | map | `{"addDbgap":false,"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"onlyDbgap":false,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Global configuration options. | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -47,7 +46,7 @@ A Helm chart for gen3 Requestor Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. | @@ -60,8 +59,8 @@ A Helm chart for gen3 Requestor Service | global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/requestor/templates/_helpers.tpl b/helm/requestor/templates/_helpers.tpl index 3af66e0b..899b723c 100644 --- a/helm/requestor/templates/_helpers.tpl +++ b/helm/requestor/templates/_helpers.tpl @@ -77,26 +77,4 @@ Create the name of the service account to use {{- else }} {{- default .Values.secrets.password }} {{- end }} -{{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "requestor-sm-dbcreds" -}} -{{- if .Values.externalSecrets.requestorSmDbcreds }} - {{- default .Values.externalSecrets.requestorSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index abbefb6e..6738ad76 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/requestor/templates/external-secret.yaml b/helm/requestor/templates/external-secret.yaml index 048097fc..70c278fe 100644 --- a/helm/requestor/templates/external-secret.yaml +++ b/helm/requestor/templates/external-secret.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "requestor-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 20ade152..b172815f 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -63,7 +66,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -80,7 +83,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - requestorSmDbcreds: + dbcreds: # -- (map) Secret information for External Secrets. secrets: # -- (str) AWS access key ID. Overrides global key. diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index c038e4ea..ce2eb8fa 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -26,7 +26,6 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000,"tls":{"cert":null,"key":null}}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -34,7 +33,7 @@ A Helm chart for gen3 revproxy | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -43,8 +42,8 @@ A Helm chart for gen3 revproxy | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | @@ -53,7 +52,9 @@ A Helm chart for gen3 revproxy | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tls.cert | string | `nil` | | +| global.tls.key | string | `nil` | | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 9c1c9b02..80039806 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: tls: cert: @@ -17,10 +18,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -50,11 +53,11 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 7f707caf..1e095b5b 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -37,10 +37,9 @@ A Helm chart for gen3 Sheepdog Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| externalSecrets | map | `{"sheepdogSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.sheepdogSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fenceUrl | string | `"http://fence-service"` | URL for the fence service | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +47,7 @@ A Helm chart for gen3 Sheepdog Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. | @@ -60,8 +59,8 @@ A Helm chart for gen3 Sheepdog Service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/sheepdog/templates/_helpers.tpl b/helm/sheepdog/templates/_helpers.tpl index 669071f7..1c935c37 100644 --- a/helm/sheepdog/templates/_helpers.tpl +++ b/helm/sheepdog/templates/_helpers.tpl @@ -100,26 +100,4 @@ Define dictionaryUrl {{- else}} {{- .Values.dictionaryUrl }} {{- end }} -{{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "sheepdog-sm-dbcreds" -}} -{{- if .Values.externalSecrets.sheepdogSmDbcreds }} - {{- default .Values.externalSecrets.sheepdogSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/templates/external-secrets.yaml b/helm/sheepdog/templates/external-secrets.yaml index 25c8912f..70c278fe 100644 --- a/helm/sheepdog/templates/external-secrets.yaml +++ b/helm/sheepdog/templates/external-secrets.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "sheepdog-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 1ac1db3b..d95cddeb 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -66,7 +69,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - sheepdogSmDbcreds: + dbcreds: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/sower/README.md b/helm/sower/README.md index 8ccb3ee7..55b30141 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -33,7 +33,6 @@ A Helm chart for gen3 sower | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -41,15 +40,15 @@ A Helm chart for gen3 sower | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index bb327782..3bc59048 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index e09ea9f2..b5e43599 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -37,7 +37,6 @@ A Helm chart for gen3 ssjdispatcher | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -45,7 +44,7 @@ A Helm chart for gen3 ssjdispatcher | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -54,8 +53,8 @@ A Helm chart for gen3 ssjdispatcher | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index d1b028d7..74ed990b 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. diff --git a/helm/wts/README.md b/helm/wts/README.md index 266f4fb4..4d067411 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -26,10 +26,9 @@ A Helm chart for gen3 workspace token service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| externalSecrets | map | `{"wtsSmDbcreds":null}` | External Secrets settings. | -| externalSecrets.wtsSmDbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","externalSecrets":{"deploy":false,"separate":false},"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -37,7 +36,7 @@ A Helm chart for gen3 workspace token service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. | @@ -49,8 +48,8 @@ A Helm chart for gen3 workspace token service | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | +| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | | global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | | global.postgres.master.host | string | `nil` | hostname of postgres server | | global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | diff --git a/helm/wts/templates/_helpers.tpl b/helm/wts/templates/_helpers.tpl index a4b820b5..a8a094c0 100644 --- a/helm/wts/templates/_helpers.tpl +++ b/helm/wts/templates/_helpers.tpl @@ -79,25 +79,3 @@ Create the name of the service account to use {{- default .Values.postgres.password }} {{- end }} {{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "wts-sm-dbcreds" -}} -{{- if .Values.externalSecrets.wtsSmDbcreds }} - {{- default .Values.externalSecrets.wtsSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index abbefb6e..6738ad76 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,5 +1,6 @@ -{{ include "common.db_setup_job" . }} ---- +{{- if not .Values.global.externalSecrets.deploy }} +{{ include "common.db-secret" . }} +{{- end }} {{ include "common.db-secret" . }} --- {{ include "common.db_setup_sa" . }} diff --git a/helm/wts/templates/external-secret.yaml b/helm/wts/templates/external-secret.yaml index 0ac706f6..70c278fe 100644 --- a/helm/wts/templates/external-secret.yaml +++ b/helm/wts/templates/external-secret.yaml @@ -1,19 +1 @@ -{{ if .Values.global.externalSecrets.deploy }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ $.Chart.Name }}-dbcreds -spec: - refreshInterval: 5m - secretStoreRef: - name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore - target: - name: {{ $.Chart.Name }}-dbcreds - creationPolicy: Owner - data: - - secretKey: data - remoteRef: - #name of secret in secrets manager - key: {{include "wts-sm-dbcreds" .}} -{{- end }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index e4ec06f6..2a440cee 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -2,7 +2,8 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# -- (map) Global configuration options. + +# Global configuration global: # -- (map) AWS configuration aws: @@ -14,10 +15,12 @@ global: awsSecretAccessKey: # -- (bool) Whether the deployment is for development purposes. dev: true - # -- (map) Postgres database configuration. + postgres: # -- (bool) Whether the database should be created. dbCreate: true + # -- (string) Name of external secret. Disabled if empty + externalSecret: "" # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres master: # -- (string) hostname of postgres server @@ -49,7 +52,7 @@ global: # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -66,7 +69,7 @@ global: # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" - wtsSmDbcreds: + dbcreds: # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: From e8ecba5e5067362afaf876853d6e86aea55ea482 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 7 Sep 2023 17:33:09 -0600 Subject: [PATCH 064/279] quote troublesome env var --- helm/guppy/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index ebb8bcac..9496be65 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -71,9 +71,9 @@ spec: value: {{ . }} {{- end }} - name: TIER_ACCESS_LEVEL - value: {{ .Values.global.tierAccessLevel }} + value: {{ .Values.global.tierAccessLevel | quote }} - name: TIER_ACCESS_LIMIT - value: {{ .Values.global.tierAccessLimit }} + value: {{ .Values.global.tierAccessLimit | quote}} {{- with .Values.volumeMounts }} From 6f8a43cfbf3336f57e228f193d30b7b1d10d429b Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 7 Sep 2023 18:04:32 -0600 Subject: [PATCH 065/279] Fix db-init --- helm/arborist/templates/db-init.yaml | 5 +++-- helm/audit/templates/db-init.yaml | 3 ++- helm/fence/templates/db-init.yaml | 5 +++-- helm/peregrine/templates/db-init.yaml | 5 +++-- helm/requestor/templates/db-init.yaml | 5 +++-- helm/wts/templates/db-init.yaml | 3 ++- 6 files changed, 16 insertions(+), 10 deletions(-) diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index 6738ad76..56e1ea41 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} --- -{{ include "common.db_setup_sa" . }} +{{ include "common.db_setup_job" . }} --- +{{ include "common.db_setup_sa" . }} +--- \ No newline at end of file diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index f691b8e9..56e1ea41 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} +--- +{{ include "common.db_setup_job" . }} --- {{ include "common.db_setup_sa" . }} --- \ No newline at end of file diff --git a/helm/fence/templates/db-init.yaml b/helm/fence/templates/db-init.yaml index 6738ad76..56e1ea41 100644 --- a/helm/fence/templates/db-init.yaml +++ b/helm/fence/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} --- -{{ include "common.db_setup_sa" . }} +{{ include "common.db_setup_job" . }} --- +{{ include "common.db_setup_sa" . }} +--- \ No newline at end of file diff --git a/helm/peregrine/templates/db-init.yaml b/helm/peregrine/templates/db-init.yaml index 6738ad76..56e1ea41 100644 --- a/helm/peregrine/templates/db-init.yaml +++ b/helm/peregrine/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} --- -{{ include "common.db_setup_sa" . }} +{{ include "common.db_setup_job" . }} --- +{{ include "common.db_setup_sa" . }} +--- \ No newline at end of file diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index 6738ad76..56e1ea41 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} --- -{{ include "common.db_setup_sa" . }} +{{ include "common.db_setup_job" . }} --- +{{ include "common.db_setup_sa" . }} +--- \ No newline at end of file diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 6738ad76..1e55878d 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,7 +1,8 @@ {{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} {{- end }} -{{ include "common.db-secret" . }} +--- +{{ include "common.db_setup_job" . }} --- {{ include "common.db_setup_sa" . }} --- From 8f2632c8b2d3f7d7e5d6f281be4a507d5406f805 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 7 Sep 2023 18:06:43 -0600 Subject: [PATCH 066/279] Conditional dbCreate --- helm/common/templates/_db_setup_job.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index f48decb9..d1f49c1f 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -31,6 +31,7 @@ roleRef: # DB Setup Job {{- define "common.db_setup_job" -}} +{{- if or $.Values.global.postgres.dbCreate $.Values.postgres.dbCreate }} apiVersion: batch/v1 kind: Job metadata: @@ -160,6 +161,7 @@ spec: # Update secret to signal that db has been created, and services can start kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}' fi +{{- end}} {{- end }} From 6f0c0b27ede140d74ef50e09808c75c1f9d28f94 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 11 Sep 2023 12:38:00 -0600 Subject: [PATCH 067/279] set TLS 1.3 in aws --- helm/revproxy/templates/ingress_aws.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/revproxy/templates/ingress_aws.yaml b/helm/revproxy/templates/ingress_aws.yaml index 7b0760c3..530e276b 100644 --- a/helm/revproxy/templates/ingress_aws.yaml +++ b/helm/revproxy/templates/ingress_aws.yaml @@ -10,6 +10,7 @@ metadata: alb.ingress.kubernetes.io/group.name: {{ .Values.global.environment }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 spec: ingressClassName: alb rules: From 32feb909496043ef243023aae5896dbf7f4d0cf7 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 11 Sep 2023 14:47:13 -0600 Subject: [PATCH 068/279] Add indexd-service creds to externalSecrets --- helm/indexd/README.md | 2 +- helm/indexd/templates/external-secrets.yaml | 22 ++++++++++++++++++++- helm/indexd/values.yaml | 1 + 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/helm/indexd/README.md b/helm/indexd/README.md index e7698753..e387d035 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -27,7 +27,7 @@ A Helm chart for gen3 indexd | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets | map | `{"dbcreds":null,"serviceCreds":"indexd-service-creds"}` | External Secrets settings. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml index 70c278fe..f80a4920 100644 --- a/helm/indexd/templates/external-secrets.yaml +++ b/helm/indexd/templates/external-secrets.yaml @@ -1 +1,21 @@ -{{ include "common.externalSecret.db" . }} \ No newline at end of file +{{ include "common.externalSecret.db" . }} +--- +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: indexd-service-creds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: indexd-service-creds + creationPolicy: Owner + dataFrom: + - extract: + key: {{ .Values.externalSecrets.serviceCreds }} + conversionStrategy: Default + decodingStrategy: None +{{- end }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index ec9379bb..39f424fc 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -72,6 +72,7 @@ global: externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" dbcreds: + serviceCreds: "indexd-service-creds" # -- (map) Values for indexd secret. secrets: From 8bf1983062133ca13d1f7b4d6c711b475a85de29 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 11 Sep 2023 15:15:18 -0600 Subject: [PATCH 069/279] Add aws-es-proxy creds to secrets manager --- helm/aws-es-proxy/README.md | 2 ++ .../templates/external-secrets.yaml | 19 +++++++++++++++++++ helm/aws-es-proxy/values.yaml | 5 +++++ 3 files changed, 26 insertions(+) create mode 100644 helm/aws-es-proxy/templates/external-secrets.yaml diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 3c0e30b7..ab1f091d 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -26,6 +26,8 @@ A Helm chart for AWS ES Proxy Service for gen3 | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| externalSecrets | map | `{"awsCreds":"aws-es-proxy-aws-credentials"}` | External Secrets settings. | +| externalSecrets.awsCreds | string | `"aws-es-proxy-aws-credentials"` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/aws-es-proxy/templates/external-secrets.yaml b/helm/aws-es-proxy/templates/external-secrets.yaml new file mode 100644 index 00000000..5f963657 --- /dev/null +++ b/helm/aws-es-proxy/templates/external-secrets.yaml @@ -0,0 +1,19 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-es-proxy-aws-config +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "cluster-secret-store" .}} + kind: ClusterSecretStore + target: + name: aws-es-proxy-aws-config + creationPolicy: Owner + data: + - secretKey: credentials + remoteRef: + #name of secret in secrets manager + key: {{ .Values.externalSecrets.awsCreds }} +{{- end }} \ No newline at end of file diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 1666f771..ee4989ab 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -22,6 +22,11 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" + awsCreds: "aws-es-proxy-aws-credentials" + # -- (map) Annotations to add to the pod podAnnotations: From 33f033e25f8336902773dc7eb5bf5f7cc889c8a3 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 11 Sep 2023 16:44:52 -0600 Subject: [PATCH 070/279] do not create secrets, if external secrets is enabled --- helm/fence/templates/fence-config.yaml | 4 +++- helm/indexd/templates/indexd-secret.yaml | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 29d0df2e..e50568ee 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -8,4 +9,5 @@ stringData: {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} ---- \ No newline at end of file +--- +{{- end }} \ No newline at end of file diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index 7c7ca648..65c79f19 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -6,6 +6,7 @@ type: Opaque data: {{ (.Files.Glob "indexd-settings/*").AsSecrets | indent 2 }} --- +{{ if .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -14,3 +15,4 @@ type: Opaque data: fence: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.fence "indexd-service-creds" "fence" 20 .Release.Namespace) }} sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} +{{- end }} \ No newline at end of file From 590eec021951e512d4cd91ace77ce68565f5530e Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 11 Sep 2023 16:48:08 -0600 Subject: [PATCH 071/279] do not create secrets, if external secrets is enabled --- helm/indexd/templates/indexd-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index 65c79f19..a970e9a1 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -6,7 +6,7 @@ type: Opaque data: {{ (.Files.Glob "indexd-settings/*").AsSecrets | indent 2 }} --- -{{ if .Values.global.externalSecrets.deploy }} +{{ if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: From c8fba8f08d3233d6e8f3baddb417f042f11f2287 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 21 Sep 2023 13:24:20 -0500 Subject: [PATCH 072/279] Update fence-service-ga4gh.conf --- helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf b/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf index b017919f..522fad15 100644 --- a/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf +++ b/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf @@ -3,8 +3,8 @@ location ~ \/ga4gh\/drs\/v1\/objects\/(.*)\/access { return 403 "failed csrf check"; } - set $proxy_service "presigned_url_fence"; - set $upstream http://presigned_url_fence-service$des_domain; + set $proxy_service "presigned-url-fence"; + set $upstream http://presigned-url-fence-service$des_domain; rewrite ^/user/(.*) /$1 break; proxy_pass $upstream; } From 986f88679d711a1db3f9589142fc8b7836458d39 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 21 Sep 2023 13:24:45 -0500 Subject: [PATCH 073/279] Update Chart.yaml --- helm/revproxy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index ed6a92ba..1cbf1b32 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 534b09fe7c9cc37dfdb09e3e530ea85341760482 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 21 Sep 2023 13:25:28 -0500 Subject: [PATCH 074/279] Update revproxy and create a new gen3 release --- helm/gen3/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 1d602327..a95d45b9 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.10" + version: "0.1.11" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -111,7 +111,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 558bbce657ee6e04012b35e169cda34682fbd2ce Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 25 Sep 2023 16:03:55 -0500 Subject: [PATCH 075/279] Moving reference to externalSecrets to common chart --- helm/audit/templates/_helpers.tpl | 10 ---- helm/audit/templates/external-secret.yaml | 2 +- .../templates/external-secrets.yaml | 2 +- .../templates/_cluster_secret_store.tpl | 24 --------- helm/common/templates/_external_secrets.tpl | 49 ++++++++++++++++++- helm/fence/templates/_helpers.tpl | 21 -------- helm/fence/templates/external-secret.yaml | 8 +-- helm/indexd/templates/_helpers.tpl | 11 ----- helm/indexd/templates/external-secrets.yaml | 2 +- helm/manifestservice/templates/_helpers.tpl | 11 ----- .../templates/external-secret.yaml | 2 +- helm/peregrine/templates/_helpers.tpl | 22 --------- 12 files changed, 56 insertions(+), 108 deletions(-) delete mode 100644 helm/common/templates/_cluster_secret_store.tpl diff --git a/helm/audit/templates/_helpers.tpl b/helm/audit/templates/_helpers.tpl index ee0e4c3f..6f70cc66 100644 --- a/helm/audit/templates/_helpers.tpl +++ b/helm/audit/templates/_helpers.tpl @@ -79,16 +79,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} {{/* Audit g3 Auto Secrets Manager Name diff --git a/helm/audit/templates/external-secret.yaml b/helm/audit/templates/external-secret.yaml index 6302b3d2..f8b3df61 100644 --- a/helm/audit/templates/external-secret.yaml +++ b/helm/audit/templates/external-secret.yaml @@ -6,7 +6,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: audit-g3auto diff --git a/helm/aws-es-proxy/templates/external-secrets.yaml b/helm/aws-es-proxy/templates/external-secrets.yaml index 5f963657..07d2d4ba 100644 --- a/helm/aws-es-proxy/templates/external-secrets.yaml +++ b/helm/aws-es-proxy/templates/external-secrets.yaml @@ -6,7 +6,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: aws-es-proxy-aws-config diff --git a/helm/common/templates/_cluster_secret_store.tpl b/helm/common/templates/_cluster_secret_store.tpl deleted file mode 100644 index 03261581..00000000 --- a/helm/common/templates/_cluster_secret_store.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* - External Secrets Secret Store will allow all charts to allow for authentication to AWS Secrets Manager -*/}} -{{ define "common.secretstore" -}} -apiVersion: external-secrets.io/v1beta1 -kind: ClusterSecretStore -metadata: - name: {{.Chart.Name}}-secret-store -spec: - provider: - aws: - service: SecretsManager - region: us-east-1 - auth: - secretRef: - accessKeyIDSecretRef: - name: {{.Chart.Name}}-aws-config - key: access-key - namespace: default - secretAccessKeySecretRef: - name: {{.Chart.Name}}-aws-config - key: secret-access-key - namespace: default -{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index fd8f402e..10a77cb8 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -10,6 +10,8 @@ {{- end -}} + + {{/* ExternalSecrets Object */}} @@ -22,7 +24,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: {{ $.Chart.Name }}-dbcreds @@ -34,3 +36,48 @@ spec: decodingStrategy: None {{- end }} {{- end -}} + + +{{/* + External Secrets Secret Store will allow all charts to allow for authentication to AWS Secrets Manager +*/}} +{{ define "common.secretstore" -}} +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{.Chart.Name}}-secret-store +spec: + provider: + aws: + service: SecretsManager + region: us-east-1 + auth: + secretRef: + accessKeyIDSecretRef: + name: {{.Chart.Name}}-aws-config + key: access-key + namespace: default + secretAccessKeySecretRef: + name: {{.Chart.Name}}-aws-config + key: secret-access-key + namespace: default +{{- end }} + + + +{{/* + # Name of the clusterSecretStore + # We want to allow override here, in case a chart is being deployed without the umbrella chart, + # or any other needs to deploy a separate secret store per service. +*/}} + +{{/* + Cluster Secret Store for External Secrets +*/}} +{{- define "common.clusterSecretStore" -}} +{{- if .Values.global.externalSecrets.separate }} + {{- .Chart.Name }}-secret-store +{{- else }} +{{- default "gen3-secret-store"}} +{{- end -}} +{{- end -}} diff --git a/helm/fence/templates/_helpers.tpl b/helm/fence/templates/_helpers.tpl index 28372690..c4a4aa77 100644 --- a/helm/fence/templates/_helpers.tpl +++ b/helm/fence/templates/_helpers.tpl @@ -97,16 +97,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} -{{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} {{/* Fence JWT Keys Secrets Manager Name @@ -135,14 +125,3 @@ Create the name of the service account to use {{- define "fence-config" -}} {{- default "fence-config" .Values.externalSecrets.fenceConfig }} {{- end }} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "fence-sm-dbcreds" -}} -{{- if .Values.externalSecrets.fenceSmDbcreds }} - {{- default .Values.externalSecrets.fenceSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index b5115387..1262f9d0 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -6,7 +6,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: fence-jwt-keys @@ -24,7 +24,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore .}} kind: ClusterSecretStore target: name: fence-google-app-creds-secret @@ -42,7 +42,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: fence-google-storage-creds-secret @@ -60,7 +60,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: fence-config diff --git a/helm/indexd/templates/_helpers.tpl b/helm/indexd/templates/_helpers.tpl index 0c6704b6..5778d510 100644 --- a/helm/indexd/templates/_helpers.tpl +++ b/helm/indexd/templates/_helpers.tpl @@ -102,14 +102,3 @@ Create the name of the service account to use {{- define "indexd-gateway-creds" -}} {{- default (randAlphaNum 32) .Values.secrets.userdb.gateway }} {{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml index f80a4920..95485e5b 100644 --- a/helm/indexd/templates/external-secrets.yaml +++ b/helm/indexd/templates/external-secrets.yaml @@ -8,7 +8,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: indexd-service-creds diff --git a/helm/manifestservice/templates/_helpers.tpl b/helm/manifestservice/templates/_helpers.tpl index b9702720..fb9b68c7 100644 --- a/helm/manifestservice/templates/_helpers.tpl +++ b/helm/manifestservice/templates/_helpers.tpl @@ -66,17 +66,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} -{{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - {{/* Audit g3 Auto Secrets Manager Name */}} diff --git a/helm/manifestservice/templates/external-secret.yaml b/helm/manifestservice/templates/external-secret.yaml index 27b2c143..af54469f 100644 --- a/helm/manifestservice/templates/external-secret.yaml +++ b/helm/manifestservice/templates/external-secret.yaml @@ -6,7 +6,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "cluster-secret-store" .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: manifestservice-g3auto diff --git a/helm/peregrine/templates/_helpers.tpl b/helm/peregrine/templates/_helpers.tpl index 68bb8634..4d1439e0 100644 --- a/helm/peregrine/templates/_helpers.tpl +++ b/helm/peregrine/templates/_helpers.tpl @@ -91,25 +91,3 @@ Define dictionaryUrl {{- .Values.dictionaryUrl }} {{- end }} {{- end }} - -{{/* - Cluster Secret Store for External Secrets -*/}} -{{- define "cluster-secret-store" -}} -{{- if .Values.global.externalSecrets.separate }} - {{- .Chart.Name }}-secret-store -{{- else }} - {{- default "gen3-secret-store"}} -{{- end -}} -{{- end -}} - -{{/* - Service DB Creds Secrets Manager Name -*/}} -{{- define "peregrine-sm-dbcreds" -}} -{{- if .Values.externalSecrets.peregrineSmDbcreds }} - {{- default .Values.externalSecrets.peregrineSmDbcreds }} -{{- else }} - {{- .Values.global.environment }}- {{- .Chart.Name }}-creds -{{- end -}} -{{- end -}} From ff4d840773e4952cd99850b8433c98f86d5140a3 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 25 Sep 2023 16:23:16 -0500 Subject: [PATCH 076/279] Moving reference to externalSecrets to common chart --- helm/fence/templates/external-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index 1262f9d0..6a6e661f 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -24,7 +24,7 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore .}} + name: {{include "common.clusterSecretStore" .}} kind: ClusterSecretStore target: name: fence-google-app-creds-secret From ab7ce28e87fb8dedd2ad58aeb148ed297b11fa1d Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 25 Sep 2023 16:38:07 -0500 Subject: [PATCH 077/279] Add global values to aws-es-proxy chart --- helm/aws-es-proxy/README.md | 2 ++ helm/aws-es-proxy/values.yaml | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index ab1f091d..3d0b7d6f 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -34,6 +34,8 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | +| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index ee4989ab..6f896e48 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -21,6 +21,11 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. + deploy: false + # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. + separate: false # -- (map) External Secrets settings. externalSecrets: From 89035e8fedfd87fd49b9858a732fc7bb0e696475 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 27 Jul 2023 23:47:50 +0200 Subject: [PATCH 078/279] Add role binding for sower --- helm/gen3/Chart.yaml | 4 ++++ helm/gen3/README.md | 1 + helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/sower/templates/role-binding.yaml | 12 ++++++++++++ 5 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 helm/sower/templates/role-binding.yaml diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 00381172..7d72cd7f 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -83,6 +83,10 @@ dependencies: version: "0.1.6" repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled +- name: sower + version: "0.1.6" + condition: sower.enabled + repository: "file://../sower" - name: wts version: "0.1.10" repository: "file://../wts" diff --git a/helm/gen3/README.md b/helm/gen3/README.md index b601eaa9..149f9619 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -38,6 +38,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.8 | | file://../revproxy | revproxy | 0.1.11 | | file://../sheepdog | sheepdog | 0.1.10 | +| file://../sower | sower | 0.1.6 | | file://../ssjdispatcher | ssjdispatcher | 0.1.6 | | file://../wts | wts | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index b6bb0dc2..c98d3d17 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 1ca46dd6..45e8cdb7 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/sower/templates/role-binding.yaml b/helm/sower/templates/role-binding.yaml new file mode 100644 index 00000000..94d7e189 --- /dev/null +++ b/helm/sower/templates/role-binding.yaml @@ -0,0 +1,12 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sower-binding +subjects: +- kind: ServiceAccount + name: {{ include "sower.serviceAccountName" . }} + apiGroup: "" +roleRef: + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file From 735106f4025f95bd39b7d245a434a6ec1c69b4e5 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 31 Jul 2023 18:13:10 +0200 Subject: [PATCH 079/279] Move sower config to values --- helm/sower/README.md | 69 ++++++++++-- helm/sower/templates/manifest-sower.yaml | 135 +---------------------- helm/sower/values.yaml | 104 +++++++++++++---- 3 files changed, 139 insertions(+), 169 deletions(-) diff --git a/helm/sower/README.md b/helm/sower/README.md index 45e8cdb7..9daf13f3 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -66,17 +66,6 @@ A Helm chart for gen3 sower | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | -| pelican.bucket | string | `""` | The bucket for pelican exports | -| pelican.image.pullPolicy | string | `"Always"` | Docker pull policy. | -| pelican.image.repository | string | `"quay.io/cdis/pelican-export"` | Docker repository. | -| pelican.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| pelican.resources | map | `{"limits":{"cpu":1,"memory":"12Gi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | Resource requests and limits for the containers in the pod | -| pelican.resources.limits | map | `{"cpu":1,"memory":"12Gi"}` | The maximum amount of resources that the container is allowed to use | -| pelican.resources.limits.cpu | string | `1` | The maximum amount of CPU the container can use | -| pelican.resources.limits.memory | string | `"12Gi"` | The maximum amount of memory the container can use | -| pelican.resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | -| pelican.resources.requests.cpu | string | `"100m"` | The amount of CPU requested | -| pelican.resources.requests.memory | string | `"20Mi"` | The amount of memory requested | | podSecurityContext | map | `{"fsGroup":1000,"runAsUser":1000}` | Security context to apply to the pod | | podSecurityContext.fsGroup | int | `1000` | Group that Kubernetes will change the permissions of all files in volumes to when volumes are mounted by a pod. | | podSecurityContext.runAsUser | int | `1000` | User that all the processes will run under in the container. | @@ -97,6 +86,64 @@ A Helm chart for gen3 sower | serviceAccount.annotations | map | `{}` | Annotations to add to the service account. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"sower-service-account"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| sowerConfig[0].action | string | `"export"` | | +| sowerConfig[0].container.cpu-limit | string | `"1"` | | +| sowerConfig[0].container.env[0].name | string | `"DICTIONARY_URL"` | | +| sowerConfig[0].container.env[0].valueFrom.configMapKeyRef.key | string | `"dictionary_url"` | | +| sowerConfig[0].container.env[0].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[0].container.env[1].name | string | `"GEN3_HOSTNAME"` | | +| sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.key | string | `"hostname"` | | +| sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[0].container.env[2].name | string | `"ROOT_NODE"` | | +| sowerConfig[0].container.env[2].value | string | `"subject"` | | +| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[0].container.memory-limit | string | `"12Gi"` | | +| sowerConfig[0].container.name | string | `"job-task"` | | +| sowerConfig[0].container.pull_policy | string | `"Always"` | | +| sowerConfig[0].container.volumeMounts[0].mountPath | string | `"/pelican-creds.json"` | | +| sowerConfig[0].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[0].container.volumeMounts[0].readOnly | bool | `true` | | +| sowerConfig[0].container.volumeMounts[0].subPath | string | `"config.json"` | | +| sowerConfig[0].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | | +| sowerConfig[0].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[0].container.volumeMounts[1].readOnly | bool | `true` | | +| sowerConfig[0].container.volumeMounts[1].subPath | string | `"creds.json"` | | +| sowerConfig[0].name | string | `"pelican-export"` | | +| sowerConfig[0].restart_policy | string | `"Never"` | | +| sowerConfig[0].volumes[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[0].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | +| sowerConfig[0].volumes[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[0].volumes[1].secret.secretName | string | `"peregrine-creds"` | | +| sowerConfig[1].action | string | `"export-files"` | | +| sowerConfig[1].container.cpu-limit | string | `"1"` | | +| sowerConfig[1].container.env[0].name | string | `"DICTIONARY_URL"` | | +| sowerConfig[1].container.env[0].valueFrom.configMapKeyRef.key | string | `"dictionary_url"` | | +| sowerConfig[1].container.env[0].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[1].container.env[1].name | string | `"GEN3_HOSTNAME"` | | +| sowerConfig[1].container.env[1].valueFrom.configMapKeyRef.key | string | `"hostname"` | | +| sowerConfig[1].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | +| sowerConfig[1].container.env[2].name | string | `"ROOT_NODE"` | | +| sowerConfig[1].container.env[2].value | string | `"file"` | | +| sowerConfig[1].container.env[3].name | string | `"EXTRA_NODES"` | | +| sowerConfig[1].container.env[3].value | string | `""` | | +| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[1].container.memory-limit | string | `"12Gi"` | | +| sowerConfig[1].container.name | string | `"job-task"` | | +| sowerConfig[1].container.pull_policy | string | `"Always"` | | +| sowerConfig[1].container.volumeMounts[0].mountPath | string | `"/pelican-creds.json"` | | +| sowerConfig[1].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[1].container.volumeMounts[0].readOnly | bool | `true` | | +| sowerConfig[1].container.volumeMounts[0].subPath | string | `"config.json"` | | +| sowerConfig[1].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | | +| sowerConfig[1].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[1].container.volumeMounts[1].readOnly | bool | `true` | | +| sowerConfig[1].container.volumeMounts[1].subPath | string | `"creds.json"` | | +| sowerConfig[1].name | string | `"pelican-export-files"` | | +| sowerConfig[1].restart_policy | string | `"Never"` | | +| sowerConfig[1].volumes[0].name | string | `"pelican-creds-volume"` | | +| sowerConfig[1].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | +| sowerConfig[1].volumes[1].name | string | `"peregrine-creds-volume"` | | +| sowerConfig[1].volumes[1].secret.secretName | string | `"peregrine-creds"` | | | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | diff --git a/helm/sower/templates/manifest-sower.yaml b/helm/sower/templates/manifest-sower.yaml index a9635260..8c70a330 100644 --- a/helm/sower/templates/manifest-sower.yaml +++ b/helm/sower/templates/manifest-sower.yaml @@ -4,137 +4,4 @@ metadata: name: manifest-sower data: json: |- - [ - { - "name": "pelican-export", - "action": "export", - "container": { - "name": "job-task", - "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", - "pull_policy": "Always", - "env": [ - { - "name": "DICTIONARY_URL", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "dictionary_url" - } - } - }, - { - "name": "GEN3_HOSTNAME", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "hostname" - } - } - }, - { - "name": "ROOT_NODE", - "value": "subject" - } - ], - "volumeMounts": [ - { - "name": "pelican-creds-volume", - "readOnly": true, - "mountPath": "/pelican-creds.json", - "subPath": "config.json" - }, - { - "name": "peregrine-creds-volume", - "readOnly": true, - "mountPath": "/peregrine-creds.json", - "subPath": "creds.json" - } - ], - "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", - "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" - }, - "volumes": [ - { - "name": "pelican-creds-volume", - "secret": { - "secretName": "pelicanservice-g3auto" - } - }, - { - "name": "peregrine-creds-volume", - "secret": { - "secretName": "peregrine-creds" - } - } - ], - "restart_policy": "Never" - }, - { - "name": "pelican-export-files", - "action": "export-files", - "container": { - "name": "job-task", - "image": "{{ .Values.pelican.image.repository }}:{{ .Values.pelican.image.tag | default .Chart.AppVersion }}", - "pull_policy": "Always", - "env": [ - { - "name": "DICTIONARY_URL", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "dictionary_url" - } - } - }, - { - "name": "GEN3_HOSTNAME", - "valueFrom": { - "configMapKeyRef": { - "name": "manifest-global", - "key": "hostname" - } - } - }, - { - "name": "ROOT_NODE", - "value": "file" - }, - { - "name": "EXTRA_NODES", - "value": "" - } - ], - "volumeMounts": [ - { - "name": "pelican-creds-volume", - "readOnly": true, - "mountPath": "/pelican-creds.json", - "subPath": "config.json" - }, - { - "name": "peregrine-creds-volume", - "readOnly": true, - "mountPath": "/peregrine-creds.json", - "subPath": "creds.json" - } - ], - "cpu-limit": "{{ .Values.pelican.resources.limits.cpu }}", - "memory-limit": "{{ .Values.pelican.resources.limits.memory }}" - }, - "volumes": [ - { - "name": "pelican-creds-volume", - "secret": { - "secretName": "pelicanservice-g3auto" - } - }, - { - "name": "peregrine-creds-volume", - "secret": { - "secretName": "peregrine-creds" - } - } - ], - "restart_policy": "Never" - } - ] + {{ .Values.sowerConfig | toJson | nindent 4 }} diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index cbde1275..bb327782 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -182,30 +182,86 @@ strategy: # -- (bool) Automount the default service account token automountServiceAccountToken: true -pelican: - image: - # -- (string) Docker repository. - repository: quay.io/cdis/pelican-export - # -- (string) Docker pull policy. - pullPolicy: Always - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" - # -- (string) The bucket for pelican exports - bucket: "" - # -- (map) Resource requests and limits for the containers in the pod - resources: - # -- (map) The amount of resources that the container requests - requests: - # -- (string) The amount of CPU requested - cpu: 100m - # -- (string) The amount of memory requested - memory: 20Mi - # -- (map) The maximum amount of resources that the container is allowed to use - limits: - # -- (string) The maximum amount of CPU the container can use - cpu: 1 - # -- (string) The maximum amount of memory the container can use - memory: 12Gi +sowerConfig: + - name: pelican-export + action: export + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: subject + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never + - name: pelican-export-files + action: export-files + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: file + - name: EXTRA_NODES + value: '' + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never + # -- (map) Service account to use or create. serviceAccount: From 49db51be2ed3a9a75d2d350f20bd6199a05ebdc9 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 21 Sep 2023 13:24:20 -0500 Subject: [PATCH 080/279] Update fence-service-ga4gh.conf --- helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf b/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf index b017919f..522fad15 100644 --- a/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf +++ b/helm/revproxy/gen3.nginx.conf/fence-service-ga4gh.conf @@ -3,8 +3,8 @@ location ~ \/ga4gh\/drs\/v1\/objects\/(.*)\/access { return 403 "failed csrf check"; } - set $proxy_service "presigned_url_fence"; - set $upstream http://presigned_url_fence-service$des_domain; + set $proxy_service "presigned-url-fence"; + set $upstream http://presigned-url-fence-service$des_domain; rewrite ^/user/(.*) /$1 break; proxy_pass $upstream; } From 9f284b335806657c4945e2ec022256573b63a60d Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Thu, 21 Sep 2023 13:25:28 -0500 Subject: [PATCH 081/279] Update revproxy and create a new gen3 release --- helm/gen3/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 7d72cd7f..308bf4a8 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -113,7 +113,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 38d3aebdcbf765b33fa0793850bbba184992a09e Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Tue, 10 Oct 2023 16:46:27 -0500 Subject: [PATCH 082/279] update --- helm/frontend-framework/README.md | 10 +++++----- helm/frontend-framework/values.yaml | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 8a455a85..268ee9ef 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -29,8 +29,8 @@ A Helm chart for the gen3 frontend framework | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | +| datadogLogsInjection | bool | `false` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | +| datadogProfilingEnabled | bool | `false` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | @@ -60,10 +60,10 @@ A Helm chart for the gen3 frontend framework | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | -| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/frontend-framework","tag":"PXP-10877"}` | Docker image information. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/frontend-framework"` | Docker repository. | -| image.tag | string | `"PXP-10877"` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `"develop"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 9f132734..03bb3777 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -66,7 +66,7 @@ image: # -- (string) Docker pull policy. pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "PXP-10877" + tag: "develop" # -- (list) Docker image pull secrets. imagePullSecrets: [] diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 308bf4a8..f421f929 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -113,7 +113,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 +version: 0.1.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 149f9619..e989ab56 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 1cbf1b32..5fbc44a9 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 97844eca9e012972a656a3e22d8ec33d02120865 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Tue, 10 Oct 2023 16:47:33 -0500 Subject: [PATCH 083/279] update again --- helm/revproxy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 07ff5d2d..5391280a 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From a8d9397a54dbfa0ee03fefa730342f11d6eba1c5 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Tue, 10 Oct 2023 17:55:39 -0500 Subject: [PATCH 084/279] merge from master --- helm/frontend-framework/Chart.yaml | 6 +++--- helm/gen3/Chart.yaml | 8 ++++++-- helm/gen3/README.md | 2 +- helm/revproxy/README.md | 2 +- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 82d4ccd5..a2243c80 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,15 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.10.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "PXP-10877" +appVersion: "develop" dependencies: - name: common - version: 0.1.5 + version: 0.1.7 repository: file://../common diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 07083eae..3c3688bb 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -27,6 +27,10 @@ dependencies: - name: common version: "0.1.7" repository: file://../common +- name: frontend-framework + version: "0.10.0" + repository: "file://../frontend-framework" + condition: frontend-framework.enabled - name: fence version: "0.1.13" repository: "file://../fence" @@ -60,7 +64,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.7" + version: "0.1.8" repository: "file://../portal" condition: portal.enabled - name: requestor @@ -68,7 +72,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.11" + version: "0.1.12" repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bc2a6c0d..70e055be 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 07ff5d2d..5391280a 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From e49bd48008683b146ad1bb8de9bdd4c6a859e2e4 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 13 Oct 2023 20:22:37 -0500 Subject: [PATCH 085/279] update values --- helm/frontend-framework/README.md | 4 ++-- helm/gen3/README.md | 6 ++++-- helm/gen3/values.yaml | 2 ++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 268ee9ef..b8949d10 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: PXP-10877](https://img.shields.io/badge/AppVersion-PXP--10877-informational?style=flat-square) +![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.5 | +| file://../common | common | 0.1.7 | ## Values diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 70e055be..dd5849b0 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -26,6 +26,7 @@ Helm chart to deploy Gen3 Data Commons | file://../common | common | 0.1.7 | | file://../elasticsearch | elasticsearch | 0.1.5 | | file://../fence | fence | 0.1.13 | +| file://../frontend-framework | frontend-framework | 0.10.0 | | file://../guppy | guppy | 0.1.8 | | file://../hatchery | hatchery | 0.1.6 | | file://../indexd | indexd | 0.1.10 | @@ -33,9 +34,9 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.8 | | file://../peregrine | peregrine | 0.1.9 | | file://../pidgin | pidgin | 0.1.7 | -| file://../portal | portal | 0.1.7 | +| file://../portal | portal | 0.1.8 | | file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.1.11 | +| file://../revproxy | revproxy | 0.1.12 | | file://../sheepdog | sheepdog | 0.1.10 | | file://../sower | sower | 0.1.6 | | file://../ssjdispatcher | ssjdispatcher | 0.1.6 | @@ -91,6 +92,7 @@ Helm chart to deploy Gen3 Data Commons | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | +| frontend-framework | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for frontend-framework chart. | | frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | | frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | | frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index c83aa55a..3b2f0cc0 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -171,6 +171,8 @@ fence: slack_webhook: None # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack. slack_send_dbgap: false + +# -- (map) Configurations for frontend-framework chart. frontend-framework: # -- (bool) Whether to deploy the frontend-framework subchart. enabled: true From 89ec70ab207956e3e108231417069ea89a6e6ea1 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Wed, 18 Oct 2023 19:33:35 -0500 Subject: [PATCH 086/279] try changing nginx config for portal vs frontend framework --- helm/revproxy/templates/configMaps.yaml | 11 ++++++----- helm/revproxy/templates/deployment.yaml | 8 +++++++- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index eb2b5e60..e6a48f2c 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -1,16 +1,17 @@ apiVersion: v1 kind: ConfigMap -metadata: +metadata: name: revproxy-nginx-subconf data: {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/*.conf" }} {{ ($a := split "/" $path)._1 }}: | - {{- $bytes | toString | nindent 4 }} + {{- $bytes | toString | nindent 4 }} {{- end}} {{- if eq "portal" .Values.global.frontendRoot }} {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/portal-as-root/*.conf" }} {{ ($a := split "/" $path)._2 }}: | {{- $bytes | toString | nindent 4 }} + {{ $path }} {{- end}} {{- end}} {{- if eq "gen3ff" .Values.global.frontendRoot }} @@ -22,10 +23,10 @@ data: --- apiVersion: v1 kind: ConfigMap -metadata: +metadata: name: revproxy-nginx-conf data: {{- range $path, $bytes := .Files.Glob "nginx/*" }} {{ ($a := split "/" $path)._1 }}: | - {{- $bytes | toString | nindent 4 }} -{{- end}} \ No newline at end of file + {{- $bytes | toString | nindent 4 }} +{{- end}} diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 043b4e7a..b9e391ee 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -125,7 +125,7 @@ spec: secretKeyRef: name: gateway-g3auto key: base64Authz.txt - optional: true + optional: true - name: MDS_AUTHZ valueFrom: secretKeyRef: @@ -144,6 +144,12 @@ spec: - name: "revproxy-subconf" readOnly: true mountPath: "/etc/nginx/gen3.conf" + - name: "revproxy-subconf" + readOnly: true + mountPath: "/etc/nginx/gen3.conf/portal-as-root" + - name: "revproxy-subconf" + readOnly: true + mountPath: "/etc/nginx/gen3.conf/gen3ff-as-root" # - name: "modsec-conf" # readOnly: true # mountPath: "/etc/nginx/modsec" From c20865bdfd23729ff5346b329fa7b20a42f582f7 Mon Sep 17 00:00:00 2001 From: Uwe Winter Date: Fri, 27 Oct 2023 09:25:37 +1100 Subject: [PATCH 087/279] added documentation to raise vm.max_map_count --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 6eb475ed..5a63cef1 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,9 @@ NOTE: Gen3 helm charts are currently not used in production by CTDS, but we are For local development you must be connected to a kubernetes cluster. As referenced above in the section `Kubernetes cluster` we recommend using [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your local machine, especially on M1 Mac's. You also get ingress and other benefits out of the box. +> **Warning** +> If you are using Rancher Desktop you need to increase the vm.max_map_count as outlined [here](https://docs.rancherdesktop.io/how-to-guides/increasing-open-file-limit/) + 1. Clone the repository 2. Navigate to the `gen3-helm/helm/gen3` directory and run `helm dependency update` 3. Navigate to the back to the `gen3-helm` directory and create your values.yaml file. See the `TL;DR` section for a minimal example. From eb96031db01416b643086a8a240f6ebed2b1559a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 27 Oct 2023 16:13:13 +1100 Subject: [PATCH 088/279] Updated pre-built portal documenation --- docs/portal/prebuild-portal.md | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/portal/prebuild-portal.md b/docs/portal/prebuild-portal.md index b352c945..f6e71727 100644 --- a/docs/portal/prebuild-portal.md +++ b/docs/portal/prebuild-portal.md @@ -15,7 +15,7 @@ This documentation will provide instructions on how to set up a static Gen3 Port Setup the configuration locally on your machine. -The dockerfile expects your portal configuration under the configurations folder. See exapmle for `dev.planx-pla.net` +The dockerfile expects your portal configuration under the configurations folder. See example for `dev.planx-pla.net` ``` configurations @@ -36,7 +36,10 @@ https:///api/v0/submission/_dictionary/_all **Hint:** both of these are served via sheepdog service -Use the provided Dockerfile as a template for building your container. +Use the provided Dockerfile as a template for building your container. Update: +``` +ARG PORTAL_HOSTNAME= +``` Build your container using the following command inside the same folder as the Dockerfile: @@ -44,6 +47,10 @@ Build your container using the following command inside the same folder as the D docker build -t : . ``` +If you are using localhost, you will need to add the `--network="host"` option in the above command, e.g: +``` +docker build -t : . --network="host" +``` Push the container to your repository using the command: ``` @@ -54,6 +61,26 @@ Update the image and tag in the Gen3 Portal configuration to use the new contain Note: Make sure to replace the with the actual name you want to give to your image. +Update or create the `values.yaml`, for example: +``` +global: + dev: true + hostname: localhost + +portal: + image: + repository: + tag: + resources: + requests: + cpu: 0.2 + memory: 500Mi +``` + +Update helm charts +``` +helm upgrade --install dev gen3/gen3 -f values.yaml +``` # Conclusion: Using a static Gen3 Data Portal can significantly improve the performance of the Gen3 Portal by pre-running the WebPack build and creating static files, which are then served using nginx. From 87a07269993ff7aa1912b7e764b7a3c25c7d95e5 Mon Sep 17 00:00:00 2001 From: "J. Q" <55899496+jawadqur@users.noreply.github.com> Date: Tue, 28 Nov 2023 15:49:24 -0600 Subject: [PATCH 089/279] Elasticsearch 7 support (#143) * Initial ES7 and ETL integration * Update gitops.json * Add test-connection pods * Add test-connection pods * Add chart install + test * Add chart install + test * Add chart install + test * Add chart install + test * Add chart install + test * Add agg-mds sync job * Bump versions * Update gh actions * Update gh actions * Fix linting issues * Update KIND doc * Update KIND doc * Update ETL and ES values * Delete local ES chart and update ETL job * move aggMDS to cron that can be triggered --- .github/ct.yaml | 4 +- .github/workflows/lint_test.yaml | 32 ++- .secrets.baseline | 25 ++- docs/CONFIGURATION.md | 99 ++++++-- docs/etl.md | 29 +++ docs/kubernetes-in-docker.md | 115 ++++++++++ helm/ambassador/Chart.yaml | 4 +- helm/ambassador/README.md | 4 +- helm/ambassador/templates/deployment.yaml | 6 +- .../templates/tests/test-connection.yaml | 4 +- helm/arborist/Chart.yaml | 4 +- helm/arborist/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/argo-wrapper/Chart.yaml | 4 +- helm/argo-wrapper/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/audit/Chart.yaml | 4 +- helm/audit/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/aws-es-proxy/Chart.yaml | 4 +- helm/aws-es-proxy/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/common/templates/_es_index_restore.tpl | 2 +- helm/dicom-server/Chart.yaml | 4 +- helm/dicom-server/README.md | 4 +- helm/dicom-viewer/Chart.yaml | 4 +- helm/dicom-viewer/README.md | 4 +- helm/elasticsearch/.helmignore | 23 -- helm/elasticsearch/README.md | 63 ------ helm/elasticsearch/templates/NOTES.txt | 22 -- helm/elasticsearch/templates/_helpers.tpl | 68 ------ helm/elasticsearch/templates/deployment.yaml | 78 ------- helm/elasticsearch/templates/hpa.yaml | 28 --- helm/elasticsearch/templates/ingress.yaml | 61 ----- helm/elasticsearch/templates/service.yaml | 14 -- .../templates/serviceaccount.yaml | 12 - .../templates/tests/test-connection.yaml | 15 -- helm/elasticsearch/values.yaml | 105 --------- helm/{elasticsearch => etl}/Chart.yaml | 14 +- helm/etl/README.md | 107 +++++++++ helm/etl/templates/etl-job.yaml | 211 ++++++++++++++++++ helm/etl/templates/etl-mapping.yaml | 10 + helm/etl/values.yaml | 145 ++++++++++++ helm/fence/Chart.yaml | 4 +- helm/fence/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/gen3/Chart.yaml | 52 +++-- helm/gen3/README.md | 56 +++-- helm/gen3/ci/portal-values.yaml | 9 + helm/gen3/values.yaml | 16 +- helm/guppy/Chart.yaml | 4 +- helm/guppy/README.md | 14 +- helm/guppy/templates/deployment.yaml | 6 +- helm/guppy/values.yaml | 8 +- helm/hatchery/Chart.yaml | 4 +- helm/hatchery/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/indexd/Chart.yaml | 4 +- helm/indexd/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/manifestservice/Chart.yaml | 4 +- helm/manifestservice/README.md | 8 +- .../manifestservice/templates/deployment.yaml | 4 +- helm/manifestservice/templates/service.yaml | 4 +- .../templates/tests/test-connection.yaml | 6 +- helm/manifestservice/values.yaml | 2 +- helm/metadata/Chart.yaml | 8 +- helm/metadata/README.md | 22 +- helm/metadata/templates/agg-mds-sync.yaml | 160 +++++++++++++ helm/metadata/templates/deployment.yaml | 2 +- .../templates/tests/test-connection.yaml | 2 +- helm/metadata/values.yaml | 88 +++++++- helm/peregrine/Chart.yaml | 4 +- helm/peregrine/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/pidgin/Chart.yaml | 4 +- helm/pidgin/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/portal/Chart.yaml | 4 +- helm/portal/README.md | 8 +- .../templates/tests/test-connection.yaml | 2 +- helm/portal/values.yaml | 14 +- helm/requestor/Chart.yaml | 4 +- helm/requestor/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/revproxy/Chart.yaml | 4 +- helm/revproxy/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/sheepdog/Chart.yaml | 4 +- helm/sheepdog/README.md | 4 +- .../templates/tests/test-connection.yaml | 2 +- helm/sower/Chart.yaml | 4 +- helm/sower/README.md | 4 +- .../templates/tests/test-connection.yaml | 4 +- helm/ssjdispatcher/Chart.yaml | 4 +- helm/ssjdispatcher/README.md | 4 +- helm/wts/Chart.yaml | 4 +- helm/wts/README.md | 4 +- helm/wts/templates/tests/test-connection.yaml | 4 +- helm/wts/templates/wts-oidc.yaml | 5 +- 102 files changed, 1245 insertions(+), 747 deletions(-) create mode 100644 docs/etl.md create mode 100644 docs/kubernetes-in-docker.md delete mode 100644 helm/elasticsearch/.helmignore delete mode 100644 helm/elasticsearch/README.md delete mode 100644 helm/elasticsearch/templates/NOTES.txt delete mode 100644 helm/elasticsearch/templates/_helpers.tpl delete mode 100644 helm/elasticsearch/templates/deployment.yaml delete mode 100644 helm/elasticsearch/templates/hpa.yaml delete mode 100644 helm/elasticsearch/templates/ingress.yaml delete mode 100644 helm/elasticsearch/templates/service.yaml delete mode 100644 helm/elasticsearch/templates/serviceaccount.yaml delete mode 100644 helm/elasticsearch/templates/tests/test-connection.yaml delete mode 100644 helm/elasticsearch/values.yaml rename helm/{elasticsearch => etl}/Chart.yaml (82%) create mode 100644 helm/etl/README.md create mode 100644 helm/etl/templates/etl-job.yaml create mode 100644 helm/etl/templates/etl-mapping.yaml create mode 100644 helm/etl/values.yaml create mode 100644 helm/gen3/ci/portal-values.yaml create mode 100644 helm/metadata/templates/agg-mds-sync.yaml diff --git a/.github/ct.yaml b/.github/ct.yaml index 531244f4..ff4f6239 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -4,7 +4,9 @@ chart-dirs: - helm chart-repos: - bitnami=https://charts.bitnami.com/bitnami + - elastic=https://helm.elastic.co helm-extra-args: --timeout 600s check-version-increment: true debug: false -validate-maintainers: false \ No newline at end of file +validate-maintainers: false +helm-dependency-extra-args: "--skip-refresh" \ No newline at end of file diff --git a/.github/workflows/lint_test.yaml b/.github/workflows/lint_test.yaml index 60f85dca..20be854e 100644 --- a/.github/workflows/lint_test.yaml +++ b/.github/workflows/lint_test.yaml @@ -22,7 +22,7 @@ jobs: check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -34,17 +34,29 @@ jobs: - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml - - # deploy-charts-to-kind: - # name: ${{ matrix.environments }} - gen3 data portal build + + # TODO: add back in when we have tests + # deploy-and-test-chart: + # name: Deploy and Test Chart # timeout-minutes: 20 # runs-on: ubuntu-latest - # needs: [get-changes-for-envs] - # if: ${{ needs.get-changes-for-envs.outputs.matrix != '[]' && needs.get-changes-for-envs.outputs.matrix != '' }} # steps: + + # - name: Checkout + # uses: actions/checkout@v2 + # with: + # fetch-depth: 0 + + # - name: Set up Helm + # uses: azure/setup-helm@v3 + + # - name: Set up chart-testing + # uses: helm/chart-testing-action@v2.6.1 + + # - name: Create kind cluster - # uses: helm/kind-action@v1.4.0 - # if: steps.list-changed.outputs.changed == 'true' + # uses: helm/kind-action@v1.8.0 + - # - name: Run chart-testing (install) - # run: ct install + # - name: Run chart install + testing + # run: ct install --charts ./helm/gen3 --config .github/ct.yaml diff --git a/.secrets.baseline b/.secrets.baseline index ea7061a4..fc20cd69 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2023-07-27T21:47:16Z", + "generated_at": "2023-11-20T21:39:41Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -108,6 +108,15 @@ "type": "Secret Keyword" } ], + "docs/kubernetes-in-docker.md": [ + { + "hashed_secret": "5320294d100314ce19330d99abada8c26c4993a3", + "is_secret": false, + "is_verified": false, + "line_number": 96, + "type": "Secret Keyword" + } + ], "examples/gke_dev_values.yaml": [ { "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", @@ -365,7 +374,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 119, + "line_number": 127, "type": "Secret Keyword" } ], @@ -374,13 +383,13 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 212, + "line_number": 216, "type": "Secret Keyword" } ], "helm/guppy/README.md": [ { - "hashed_secret": "0d5cd5f3caaaf8354a6c62816b97bcae006d4bcf", + "hashed_secret": "39e819806b607b544fec2ea49fa88a7ab81929ca", "is_secret": false, "is_verified": false, "line_number": 43, @@ -509,28 +518,28 @@ "hashed_secret": "8a10cd156f8f43ec303f885a7985b1cf90635e23", "is_secret": false, "is_verified": false, - "line_number": 41, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 66, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 68, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 79, + "line_number": 87, "type": "Secret Keyword" } ], diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 06d5a575..6ba633f8 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -205,7 +205,7 @@ global: guppy: # -- (int) Only relevant if tireAccessLevel is set to "regular". # The minimum amount of files unauthorized users can filter down to - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (list) Elasticsearch index configurations indices: @@ -512,26 +512,97 @@ To configure sheepdog we require an entry in the versions block. It also require ``` --> ## Extra Information - - - +```yaml +sower: + enabled: true + sowerConfig: + - name: pelican-export + action: export + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: subject + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never + - name: pelican-export-files + action: export-files + container: + name: job-task + image: quay.io/cdis/pelican-export:master + pull_policy: Always + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: file + - name: EXTRA_NODES + value: '' + volumeMounts: + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: '1' + memory-limit: 12Gi + volumes: + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto + - name: peregrine-creds-volume + secret: + secretName: peregrine-creds + restart_policy: Never +``` ## Extra Information --> \ No newline at end of file diff --git a/docs/etl.md b/docs/etl.md new file mode 100644 index 00000000..946438e8 --- /dev/null +++ b/docs/etl.md @@ -0,0 +1,29 @@ +# ETL + +The Gen3 Tube ETL is designed to translate data from a graph data model, stored in a PostgreSQL database, to indexed documents in ElasticSearch (ES), which supports efficient ways to query data from the front-end. The purpose of the Gen3 Tube ETL is to create indexed documents to reduce the response time of requests to query data. It is configured through an etlMapping.yaml configuration file, which describes which tables and fields to ETL to ElasticSearch. + + +You can configure the ETL like this: + +```yaml +etl: + enabled: true + esEndpoint: "" + etlMapping: + +``` + +To kick off etl job run this command: + +```bash +kubectl create job --from=cronjob/etl-cronjob etl +``` + +If you already have a job called etl run the following. This will delete the old job and create a new instance. + +```bash +kubectl delete job etl +kubectl create job --from=cronjob/etl-cronjob etl +``` + +For more information about our ETL read [here github.com/uc-cdis/tube](https://github.com/uc-cdis/tube) \ No newline at end of file diff --git a/docs/kubernetes-in-docker.md b/docs/kubernetes-in-docker.md new file mode 100644 index 00000000..91707a20 --- /dev/null +++ b/docs/kubernetes-in-docker.md @@ -0,0 +1,115 @@ +# Gen3 in KIND +## Kind (Kubernetes IN Docker) + +### Overview +KIND runs Kubernetes inside a Docker container, making it an excellent choice for local development and testing. It is also used by the Kubernetes team to test Kubernetes itself. + +### Pros: + +Fast cluster creation (around 20 seconds). +Robust and reliable, thanks to containerd usage. +Suitable for CI environments (e.g., TravisCI, CircleCI). + +### Cons: + +Ingress controllers needs to be deployed manually + + + + +# Step 1. Create cluster + +```bash +cat < OAuth client ID. + +Select the Web application application type. Name your OAuth 2.0 client and click Create. + +For Authorized Javascript Origins add https:// + +For "Authorized redirect URIs" add https:///user/login/google/login/ + +After configuration is complete, take note of the client ID that was created. You will need the client ID and client secret to complete the next steps. + +## Prepare values.yaml + +Create a file called values.yaml and populate it like this (This is the main way of configuring gen3. this is just some default values that will help you get started) + +```yaml +global: + # This can be anything you want! + hostname: dev.planx-pla.net + +fence: + FENCE_CONFIG: + OPENID_CONNECT: + google: + client_id: "" + client_secret: "" + +# Use a prebuilt portal image if you're deploying to a laptop, less resources consumed by gen3 +portal: + resources: + requests: + cpu: "0.2" + memory: 100Mi + image: + repository: quay.io/cdis/data-portal-prebuilt + tag: dev + +``` + +## deploy gen3 + +```bash +helm repo add gen3 http://helm.gen3.org +helm upgrade --install gen3 gen3/gen3 -f ./values.yaml +``` \ No newline at end of file diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 5acd83d5..b4e745d5 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 2a56dd52..06e4b0e2 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index 8c813687..ec6683ca 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -53,11 +53,7 @@ spec: {{- include "common.datadogEnvVar" . | nindent 10 }} {{- end }} - name: AMBASSADOR_NAMESPACE - value: {{ if eq .Release.Namespace "default" -}} - {{- printf "%s" .Values.userNamespace | quote -}} - {{- else -}} - {{- printf "%s-%s" .Values.userNamespace .Release.Name | quote -}} - {{- end }} + value: {{ printf "%s-%s" .Values.userNamespace .Release.Name | quote }} - name: AMBASSADOR_SINGLE_NAMESPACE value: "true" ports: diff --git a/helm/ambassador/templates/tests/test-connection.yaml b/helm/ambassador/templates/tests/test-connection.yaml index 363d01c8..3b88ad1c 100644 --- a/helm/ambassador/templates/tests/test-connection.yaml +++ b/helm/ambassador/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "ambassador.fullname" . }}-test-connection" + name: "ambassador-test-connection" labels: {{- include "ambassador.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "ambassador.fullname" . }}:{{ .Values.service.port }}'] + args: ['ambassador-service:80/ambassador/v0/check_ready'] restartPolicy: Never diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 08304731..3ef314d6 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index df556040..13f542c6 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/arborist/templates/tests/test-connection.yaml b/helm/arborist/templates/tests/test-connection.yaml index c072755b..2a913dd0 100644 --- a/helm/arborist/templates/tests/test-connection.yaml +++ b/helm/arborist/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "arborist.fullname" . }}-test-connection" + name: "arborist-test-connection" labels: {{- include "arborist.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "arborist.fullname" . }}:{{ .Values.service.port }}'] + args: ['arborist-service:{{ .Values.service.port }}/health'] restartPolicy: Never diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index dbad7182..5d320e9d 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 8ca7a922..b5f7b3a1 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/argo-wrapper/templates/tests/test-connection.yaml b/helm/argo-wrapper/templates/tests/test-connection.yaml index 0233f0e2..02e99617 100644 --- a/helm/argo-wrapper/templates/tests/test-connection.yaml +++ b/helm/argo-wrapper/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "argo-wrapper.fullname" . }}:{{ .Values.service.port }}'] + args: ['argo-wrapper-service:{{ .Values.service.port }}/test'] restartPolicy: Never diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 966a2573..fbd974a8 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index e7d15409..a8b49f18 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/audit/templates/tests/test-connection.yaml b/helm/audit/templates/tests/test-connection.yaml index 72841458..d0a13d3a 100644 --- a/helm/audit/templates/tests/test-connection.yaml +++ b/helm/audit/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "audit.fullname" . }}:{{ .Values.service.port }}'] + args: ['audit-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index e8ac19ef..80466f8b 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9cdb1805..43ce7cb2 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/aws-es-proxy/templates/tests/test-connection.yaml b/helm/aws-es-proxy/templates/tests/test-connection.yaml index 32c8c104..aa28c31d 100644 --- a/helm/aws-es-proxy/templates/tests/test-connection.yaml +++ b/helm/aws-es-proxy/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "aws-es-proxy.fullname" . }}:{{ .Values.service.port }}'] + args: ['elasticsearch:{{ .Values.service.port }}/'] restartPolicy: Never diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index d55fd9fd..5007c4a7 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index e83608b2..a93a01fa 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_es_index_restore.tpl b/helm/common/templates/_es_index_restore.tpl index 7953a627..c0c927a1 100644 --- a/helm/common/templates/_es_index_restore.tpl +++ b/helm/common/templates/_es_index_restore.tpl @@ -29,7 +29,7 @@ spec: - name: GEN3_HOME value: /home/ubuntu/cloud-automation - name: ESHOST - value: elasticsearch:9200 + value: {{ default "gen3-elasticsearch-master:9200" $.Values.esEndpoint }} - name: GUPPY_INDICES value: {{ range $.Values.indices }} {{ .index }} {{ end }} - name: GUPPY_CONFIGINDEX diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index f8777d39..5605eab7 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 6d24ac03..fd8c52f9 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index bdff7a6a..dd84c125 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 3ea1757e..78ea3e63 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/elasticsearch/.helmignore b/helm/elasticsearch/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/helm/elasticsearch/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md deleted file mode 100644 index c9852ebc..00000000 --- a/helm/elasticsearch/README.md +++ /dev/null @@ -1,63 +0,0 @@ -# elasticsearch - -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| file://../common | common | 0.1.7 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | -| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| fullnameOverride | string | `""` | | -| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | -| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"quay.io/cdis/elasticsearch"` | | -| image.tag | string | `"feat_es_dockerfile"` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | -| replicaCount | int | `1` | | -| resources.limits.cpu | string | `"500m"` | | -| resources.limits.memory | string | `"750Mi"` | | -| resources.requests.cpu | string | `"500m"` | | -| resources.requests.memory | string | `"750Mi"` | | -| securityContext | object | `{}` | | -| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | -| service.port | int | `9200` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/elasticsearch/templates/NOTES.txt b/helm/elasticsearch/templates/NOTES.txt deleted file mode 100644 index bf80dccb..00000000 --- a/helm/elasticsearch/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "elasticsearch.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "elasticsearch.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "elasticsearch.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "elasticsearch.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/helm/elasticsearch/templates/_helpers.tpl b/helm/elasticsearch/templates/_helpers.tpl deleted file mode 100644 index 5c2c702e..00000000 --- a/helm/elasticsearch/templates/_helpers.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "elasticsearch.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "elasticsearch.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "elasticsearch.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "elasticsearch.labels" -}} -{{- if .Values.commonLabels }} - {{- with .Values.commonLabels }} - {{- toYaml . }} - {{- end }} -{{- else }} - {{- (include "common.commonLabels" .)}} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "elasticsearch.selectorLabels" -}} -{{- if .Values.selectorLabels }} - {{- with .Values.selectorLabels }} - {{- toYaml . }} - {{- end }} -{{- else }} - {{- (include "common.selectorLabels" .)}} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "elasticsearch.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "elasticsearch.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/elasticsearch/templates/deployment.yaml b/helm/elasticsearch/templates/deployment.yaml deleted file mode 100644 index 03e9a84b..00000000 --- a/helm/elasticsearch/templates/deployment.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: elasticsearch-deployment - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "elasticsearch.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "elasticsearch.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "elasticsearch.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - - name: ES_JAVA_OPTS - value: "-Xms300m -Xmx300m" - ports: - - name: http - containerPort: 9200 - protocol: TCP - - name: transport - containerPort: 9300 - protocol: TCP - livenessProbe: - httpGet: - path: /_cluster/health?local=true - port: 9200 - initialDelaySeconds: 90 - readinessProbe: - httpGet: - path: /_cluster/health - port: 9200 - initialDelaySeconds: 5 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/helm/elasticsearch/templates/hpa.yaml b/helm/elasticsearch/templates/hpa.yaml deleted file mode 100644 index 22388451..00000000 --- a/helm/elasticsearch/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "elasticsearch.fullname" . }} - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "elasticsearch.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/helm/elasticsearch/templates/ingress.yaml b/helm/elasticsearch/templates/ingress.yaml deleted file mode 100644 index 3f8cc2aa..00000000 --- a/helm/elasticsearch/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "elasticsearch.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/helm/elasticsearch/templates/service.yaml b/helm/elasticsearch/templates/service.yaml deleted file mode 100644 index 794cb991..00000000 --- a/helm/elasticsearch/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: elasticsearch - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 9200 - protocol: TCP - selector: - {{- include "elasticsearch.selectorLabels" . | nindent 4 }} diff --git a/helm/elasticsearch/templates/serviceaccount.yaml b/helm/elasticsearch/templates/serviceaccount.yaml deleted file mode 100644 index 1f191c55..00000000 --- a/helm/elasticsearch/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "elasticsearch.serviceAccountName" . }} - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/helm/elasticsearch/templates/tests/test-connection.yaml b/helm/elasticsearch/templates/tests/test-connection.yaml deleted file mode 100644 index af8dd035..00000000 --- a/helm/elasticsearch/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "elasticsearch.fullname" . }}-test-connection" - labels: - {{- include "elasticsearch.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "elasticsearch.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/helm/elasticsearch/values.yaml b/helm/elasticsearch/values.yaml deleted file mode 100644 index 2f06d61e..00000000 --- a/helm/elasticsearch/values.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Default values for elasticsearch. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# -- (map) Global configuration options. -global: - # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. - environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false - -replicaCount: 1 - -image: - repository: quay.io/cdis/elasticsearch - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "feat_es_dockerfile" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 9200 - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - limits: - cpu: 500m - memory: 750Mi - requests: - cpu: 500m - memory: 750Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Values to determine the labels that are used for the deployment, pod, etc. -# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". -release: "production" -# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". -criticalService: "true" -# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. -partOf: "Explorer-Tab" -# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl -selectorLabels: -# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl -commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/elasticsearch/Chart.yaml b/helm/etl/Chart.yaml similarity index 82% rename from helm/elasticsearch/Chart.yaml rename to helm/etl/Chart.yaml index 1720df09..0f9e2fb9 100644 --- a/helm/elasticsearch/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: elasticsearch -description: A Helm chart for Kubernetes +name: etl +description: A Helm chart for gen3 etl # A chart can be either an 'application' or a 'library' chart. # @@ -15,15 +15,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "master" -dependencies: -- name: common - version: 0.1.7 - repository: file://../common +dependencies: [] diff --git a/helm/etl/README.md b/helm/etl/README.md new file mode 100644 index 00000000..f874e334 --- /dev/null +++ b/helm/etl/README.md @@ -0,0 +1,107 @@ +# etl + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) + +A Helm chart for gen3 etl + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| esEndpoint | string | `"gen3-elasticsearch-master"` | | +| etlMapping.mappings[0].aggregated_props[0].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[0].name | string | `"_samples_count"` | | +| etlMapping.mappings[0].aggregated_props[0].path | string | `"samples"` | | +| etlMapping.mappings[0].aggregated_props[1].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[1].name | string | `"_aliquots_count"` | | +| etlMapping.mappings[0].aggregated_props[1].path | string | `"samples.aliquots"` | | +| etlMapping.mappings[0].aggregated_props[2].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[2].name | string | `"_submitted_methylations_count"` | | +| etlMapping.mappings[0].aggregated_props[2].path | string | `"samples.aliquots.submitted_methylation_files"` | | +| etlMapping.mappings[0].aggregated_props[3].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[3].name | string | `"_submitted_copy_number_files_on_aliquots_count"` | | +| etlMapping.mappings[0].aggregated_props[3].path | string | `"samples.aliquots.submitted_copy_number_files"` | | +| etlMapping.mappings[0].aggregated_props[4].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[4].name | string | `"_read_groups_count"` | | +| etlMapping.mappings[0].aggregated_props[4].path | string | `"samples.aliquots.read_groups"` | | +| etlMapping.mappings[0].aggregated_props[5].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[5].name | string | `"_submitted_aligned_reads_count"` | | +| etlMapping.mappings[0].aggregated_props[5].path | string | `"samples.aliquots.read_groups.submitted_aligned_reads_files"` | | +| etlMapping.mappings[0].aggregated_props[6].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[6].name | string | `"_submitted_unaligned_reads_count"` | | +| etlMapping.mappings[0].aggregated_props[6].path | string | `"samples.aliquots.read_groups.submitted_unaligned_reads_files"` | | +| etlMapping.mappings[0].aggregated_props[7].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[7].name | string | `"_submitted_copy_number_files_on_read_groups_count"` | | +| etlMapping.mappings[0].aggregated_props[7].path | string | `"samples.aliquots.read_groups.submitted_copy_number_files"` | | +| etlMapping.mappings[0].aggregated_props[8].fn | string | `"count"` | | +| etlMapping.mappings[0].aggregated_props[8].name | string | `"_submitted_somatic_mutations_count"` | | +| etlMapping.mappings[0].aggregated_props[8].path | string | `"samples.aliquots.read_groups.submitted_somatic_mutations"` | | +| etlMapping.mappings[0].doc_type | string | `"case"` | | +| etlMapping.mappings[0].flatten_props[0].path | string | `"demographics"` | | +| etlMapping.mappings[0].flatten_props[0].props[0].name | string | `"gender"` | | +| etlMapping.mappings[0].flatten_props[0].props[0].value_mappings[0].female | string | `"F"` | | +| etlMapping.mappings[0].flatten_props[0].props[0].value_mappings[1].male | string | `"M"` | | +| etlMapping.mappings[0].flatten_props[0].props[1].name | string | `"race"` | | +| etlMapping.mappings[0].flatten_props[0].props[1].value_mappings[0]."american indian or alaskan native" | string | `"Indian"` | | +| etlMapping.mappings[0].flatten_props[0].props[2].name | string | `"ethnicity"` | | +| etlMapping.mappings[0].flatten_props[0].props[3].name | string | `"year_of_birth"` | | +| etlMapping.mappings[0].joining_props[0].index | string | `"file"` | | +| etlMapping.mappings[0].joining_props[0].join_on | string | `"_case_id"` | | +| etlMapping.mappings[0].joining_props[0].props[0].fn | string | `"set"` | | +| etlMapping.mappings[0].joining_props[0].props[0].name | string | `"data_format"` | | +| etlMapping.mappings[0].joining_props[0].props[0].src | string | `"data_format"` | | +| etlMapping.mappings[0].joining_props[0].props[1].fn | string | `"set"` | | +| etlMapping.mappings[0].joining_props[0].props[1].name | string | `"data_type"` | | +| etlMapping.mappings[0].joining_props[0].props[1].src | string | `"data_type"` | | +| etlMapping.mappings[0].joining_props[0].props[2].fn | string | `"set"` | | +| etlMapping.mappings[0].joining_props[0].props[2].name | string | `"_file_id"` | | +| etlMapping.mappings[0].joining_props[0].props[2].src | string | `"_file_id"` | | +| etlMapping.mappings[0].name | string | `"dev_case"` | | +| etlMapping.mappings[0].props[0].name | string | `"submitter_id"` | | +| etlMapping.mappings[0].props[1].name | string | `"project_id"` | | +| etlMapping.mappings[0].props[2].name | string | `"disease_type"` | | +| etlMapping.mappings[0].props[3].name | string | `"primary_site"` | | +| etlMapping.mappings[0].root | string | `"case"` | | +| etlMapping.mappings[0].type | string | `"aggregator"` | | +| etlMapping.mappings[1].category | string | `"data_file"` | | +| etlMapping.mappings[1].doc_type | string | `"file"` | | +| etlMapping.mappings[1].injecting_props.case.props[0].fn | string | `"set"` | | +| etlMapping.mappings[1].injecting_props.case.props[0].name | string | `"_case_id"` | | +| etlMapping.mappings[1].injecting_props.case.props[0].src | string | `"id"` | | +| etlMapping.mappings[1].injecting_props.case.props[1].name | string | `"project_id"` | | +| etlMapping.mappings[1].name | string | `"dev_file"` | | +| etlMapping.mappings[1].props[0].name | string | `"object_id"` | | +| etlMapping.mappings[1].props[1].name | string | `"md5sum"` | | +| etlMapping.mappings[1].props[2].name | string | `"file_name"` | | +| etlMapping.mappings[1].props[3].name | string | `"file_size"` | | +| etlMapping.mappings[1].props[4].name | string | `"data_format"` | | +| etlMapping.mappings[1].props[5].name | string | `"data_type"` | | +| etlMapping.mappings[1].props[6].name | string | `"state"` | | +| etlMapping.mappings[1].root | string | `"None"` | | +| etlMapping.mappings[1].target_nodes[0].name | string | `"slide_image"` | | +| etlMapping.mappings[1].target_nodes[0].path | string | `"slides.samples.cases"` | | +| etlMapping.mappings[1].type | string | `"collector"` | | +| image.spark.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | +| image.spark.repository | string | `"quay.io/cdis/gen3-spark"` | The Docker image repository for the spark service | +| image.spark.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| image.tube.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | +| image.tube.repository | string | `"quay.io/cdis/tube"` | The Docker image repository for the fence service | +| image.tube.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Docker image pull secrets. | +| podAnnotations | map | `{}` | Annotations to add to the pod | +| resources | map | `{"spark":{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}},"tube":{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}}}` | Resource requests and limits for the containers in the pod | +| resources.spark.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | +| resources.spark.limits.cpu | string | `1` | The maximum amount of CPU the container can use | +| resources.spark.limits.memory | string | `"2Gi"` | The maximum amount of memory the container can use | +| resources.spark.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | +| resources.spark.requests.cpu | string | `0.3` | The amount of CPU requested | +| resources.spark.requests.memory | string | `"128Mi"` | The amount of memory requested | +| resources.tube.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | +| resources.tube.limits.cpu | string | `1` | The maximum amount of CPU the container can use | +| resources.tube.limits.memory | string | `"2Gi"` | The maximum amount of memory the container can use | +| resources.tube.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | +| resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | +| resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml new file mode 100644 index 00000000..0b306d07 --- /dev/null +++ b/helm/etl/templates/etl-job.yaml @@ -0,0 +1,211 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: etl-cronjob +spec: + schedule: "0 0 1 1 */5" + jobTemplate: + spec: + backoffLimit: 0 + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} + labels: + app: gen3job + spec: + shareProcessNamespace: true + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - weight: 99 + preference: + matchExpressions: + - key: eks.amazonaws.com/capacityType + operator: In + values: + - ONDEMAND + volumes: + - name: signal-volume + emptyDir: {} + - name: creds-volume + secret: + secretName: "peregrine-dbcreds" + - name: etl-mapping + configMap: + name: etl-mapping + - name: fence-yaml + configMap: + name: useryaml + containers: + - name: gen3-spark + image: {{ .Values.image.spark.repository }}:{{ .Values.image.spark.tag }} + ports: + - containerPort: 22 + - containerPort: 9000 + - containerPort: 8030 + - containerPort: 8031 + - containerPort: 8032 + - containerPort: 7077 + readinessProbe: + tcpSocket: + port: 9000 + initialDelaySeconds: 10 + periodSeconds: 30 + env: + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: HADOOP_URL + value: hdfs://0.0.0.0:9000 + - name: HADOOP_HOST + value: 0.0.0.0 + volumeMounts: + - mountPath: /usr/share/pod + name: signal-volume + readOnly: true + imagePullPolicy: {{ .Values.image.spark.pullPolicy }} + resources: + requests: + cpu: {{ .Values.resources.spark.requests.cpu }} + memory: {{ .Values.resources.spark.requests.memory }} + # limits: + # cpu: {{ .Values.resources.spark.limits.cpu }} + # memory: {{ .Values.resources.spark.limits.memory }} + command: ["/bin/bash" ] + args: + - "-c" + - | + trap 'exit 0' SIGINT SIGQUIT SIGTERM + # get /usr/local/share/ca-certificates/cdis-ca.crt into system bundle + ssh server sudo /etc/init.d/ssh start + # update-ca-certificates + python run_config.py + hdfs namenode -format + hdfs --daemon start namenode + hdfs --daemon start datanode + yarn --daemon start resourcemanager + yarn --daemon start nodemanager + hdfs dfsadmin -safemode leave + hdfs dfs -mkdir /result + hdfs dfs -mkdir /jars + hdfs dfs -mkdir /archive + /spark/sbin/start-all.sh + while true; do sleep 5; done + - name: tube + imagePullPolicy: IfNotPresent + # image: quay.io/cdis/tube:feat_helm_test + image: {{ .Values.image.tube.repository }}:{{ .Values.image.tube.tag }} + ports: + - containerPort: 80 + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: host + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: sheepdog-dbcreds + key: database + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: sheepdog-dbcreds + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: sheepdog-dbcreds + key: password + - name: DB_PORT + valueFrom: + secretKeyRef: + name: sheepdog-dbcreds + key: port + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: HADOOP_URL + value: hdfs://localhost:9000 + - name: ES_URL + value: {{ .Values.esEndpoint }} + - name: HADOOP_HOST + value: localhost + - name: HADOOP_CLIENT_OPTS + value: -Xmx1g + - name: SPARK_EXECUTOR_MEMORY + value: 4g + - name: SPARK_DRIVER_MEMORY + value: 6g + - name: ETL_FORCED + value: "TRUE" + - name: gen3Env + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: slackWebHook + valueFrom: + configMapKeyRef: + name: global + key: slack_webhook + optional: true + volumeMounts: + # - name: "creds-volume" + # readOnly: true + # mountPath: "/gen3/tube/creds.json" + # subPath: creds.json + # Volume to signal when to kill spark + - mountPath: /usr/share/pod + name: signal-volume + - name: "etl-mapping" + readOnly: true + mountPath: "/gen3/tube/etlMapping.yaml" + subPath: "etlMapping.yaml" + - name: "fence-yaml" + readOnly: true + mountPath: "/gen3/tube/user.yaml" + subPath: useryaml + resources: + requests: + cpu: {{ .Values.resources.tube.requests.cpu }} + memory: {{ .Values.resources.tube.requests.memory }} + # limits: + # cpu: {{ .Values.resources.tube.limits.cpu }} + # memory: {{ .Values.resources.tube.limits.memory }} + command: ["/bin/bash"] + args: + - "-c" + - | + while ! bash -c "echo >/dev/tcp/localhost/9000"; do + echo "Spark is not ready on port 9000... waiting for 10 seconds." + sleep 10 + done + + # Port 9000 is open, continue with the rest of the script + echo "Port 9000 is now open. Continuing with the script..." + + echo "python run_config.py && python run_etl.py" + python run_config.py && python run_etl.py + exitcode=$? + + # Kill sidecar and all processes + echo "Exit code: $exitcode" + pkill -u root && exit $exitcode + exit "$exitcode" & + restartPolicy: Never \ No newline at end of file diff --git a/helm/etl/templates/etl-mapping.yaml b/helm/etl/templates/etl-mapping.yaml new file mode 100644 index 00000000..184a3e25 --- /dev/null +++ b/helm/etl/templates/etl-mapping.yaml @@ -0,0 +1,10 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: etl-mapping +data: + etlMapping.yaml: | + {{- with .Values.etlMapping }} + {{- toYaml . | nindent 4 }} + {{ end }} +--- \ No newline at end of file diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml new file mode 100644 index 00000000..1db9765e --- /dev/null +++ b/helm/etl/values.yaml @@ -0,0 +1,145 @@ +# populate with normal values from a regular chart created by helm create + +image: + tube: + # -- (string) The Docker image repository for the fence service + repository: quay.io/cdis/tube + # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "master" + spark: + # -- (string) The Docker image repository for the spark service + repository: quay.io/cdis/gen3-spark + # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used. + pullPolicy: Always + # -- (string) Overrides the image tag whose default is the chart appVersion. + tag: "master" + + +# -- (list) Docker image pull secrets. +imagePullSecrets: [] + +# -- (map) Annotations to add to the pod +podAnnotations: {} + + +# -- (map) Resource requests and limits for the containers in the pod +resources: + tube: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 0.3 + # -- (string) The amount of memory requested + memory: 128Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of CPU the container can use + cpu: 1.0 + # -- (string) The maximum amount of memory the container can use + memory: 2Gi + spark: + # -- (map) The amount of resources that the container requests + requests: + # -- (string) The amount of CPU requested + cpu: 0.3 + # -- (string) The amount of memory requested + memory: 128Mi + # -- (map) The maximum amount of resources that the container is allowed to use + limits: + # -- (string) The maximum amount of CPU the container can use + cpu: 1.0 + # -- (string) The maximum amount of memory the container can use + memory: 2Gi + + +esEndpoint: gen3-elasticsearch-master + +etlMapping: + mappings: + - name: dev_case + doc_type: case + type: aggregator + root: case + props: + - name: submitter_id + - name: project_id + - name: disease_type + - name: primary_site + flatten_props: + - path: demographics + props: + - name: gender + value_mappings: + - female: F + - male: M + - name: race + value_mappings: + - american indian or alaskan native: Indian + - name: ethnicity + - name: year_of_birth + aggregated_props: + - name: _samples_count + path: samples + fn: count + - name: _aliquots_count + path: samples.aliquots + fn: count + - name: _submitted_methylations_count + path: samples.aliquots.submitted_methylation_files + fn: count + - name: _submitted_copy_number_files_on_aliquots_count + path: samples.aliquots.submitted_copy_number_files + fn: count + - name: _read_groups_count + path: samples.aliquots.read_groups + fn: count + - name: _submitted_aligned_reads_count + path: samples.aliquots.read_groups.submitted_aligned_reads_files + fn: count + - name: _submitted_unaligned_reads_count + path: samples.aliquots.read_groups.submitted_unaligned_reads_files + fn: count + - name: _submitted_copy_number_files_on_read_groups_count + path: samples.aliquots.read_groups.submitted_copy_number_files + fn: count + - name: _submitted_somatic_mutations_count + path: samples.aliquots.read_groups.submitted_somatic_mutations + fn: count + joining_props: + - index: file + join_on: _case_id + props: + - name: data_format + src: data_format + fn: set + - name: data_type + src: data_type + fn: set + - name: _file_id + src: _file_id + fn: set + - name: dev_file + doc_type: file + type: collector + root: None + category: data_file + props: + - name: object_id + - name: md5sum + - name: file_name + - name: file_size + - name: data_format + - name: data_type + - name: state + injecting_props: + case: + props: + - name: _case_id + src: id + fn: set + - name: project_id + target_nodes: + - name: slide_image + path: slides.samples.cases diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 529a6d94..d3203de8 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index d75bdfa4..f80d4215 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/fence/templates/tests/test-connection.yaml b/helm/fence/templates/tests/test-connection.yaml index 2a65b670..7986768b 100644 --- a/helm/fence/templates/tests/test-connection.yaml +++ b/helm/fence/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "fence.fullname" . }}-test-connection" + name: "fence-test-connection" labels: {{- include "fence.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "fence.fullname" . }}:{{ .Values.service.port }}'] + args: ['fence-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index a95d45b9..259fb435 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,93 +5,97 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: "0.1.8" + version: 0.1.9 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: "0.1.8" + version: 0.1.9 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: "0.1.4" + version: 0.1.5 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: "0.1.9" + version: 0.1.10 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: "0.1.6" + version: 0.1.7 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: "0.1.7" + version: 0.1.8 repository: file://../common +- name: etl + version: 0.1.0 + repository: file://../etl + condition: etl.enabled - name: fence - version: "0.1.13" + version: 0.1.14 repository: "file://../fence" condition: fence.enabled - name: guppy - version: "0.1.8" + version: 0.1.9 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: "0.1.6" + version: 0.1.7 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: "0.1.10" + version: 0.1.11 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: "0.1.10" + version: 0.1.11 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: "0.1.8" + version: 0.1.9 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: "0.1.9" + version: 0.1.10 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: "0.1.7" + version: 0.1.8 repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: "0.1.7" + version: 0.1.8 repository: "file://../portal" condition: portal.enabled - name: requestor - version: "0.1.8" + version: 0.1.9 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: "0.1.11" + version: 0.1.12 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: "0.1.10" + version: 0.1.11 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: "0.1.6" + version: 0.1.7 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: "0.1.6" + version: 0.1.7 condition: sower.enabled repository: "file://../sower" - name: wts - version: "0.1.10" + version: 0.1.11 repository: "file://../wts" condition: wts.enabled - name: elasticsearch - version: "0.1.5" - repository: "file://../elasticsearch" + version: 7.10.2 + repository: "https://helm.elastic.co" condition: global.dev - name: postgresql version: 11.9.13 @@ -111,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 +version: 0.1.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index acf56f1c..220a9cc4 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,29 +18,30 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.8 | -| file://../arborist | arborist | 0.1.8 | -| file://../argo-wrapper | argo-wrapper | 0.1.4 | -| file://../audit | audit | 0.1.9 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.6 | -| file://../common | common | 0.1.7 | -| file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.13 | -| file://../guppy | guppy | 0.1.8 | -| file://../hatchery | hatchery | 0.1.6 | -| file://../indexd | indexd | 0.1.10 | -| file://../manifestservice | manifestservice | 0.1.10 | -| file://../metadata | metadata | 0.1.8 | -| file://../peregrine | peregrine | 0.1.9 | -| file://../pidgin | pidgin | 0.1.7 | -| file://../portal | portal | 0.1.7 | -| file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.1.10 | -| file://../sheepdog | sheepdog | 0.1.10 | -| file://../sower | sower | 0.1.6 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.6 | -| file://../wts | wts | 0.1.10 | +| file://../ambassador | ambassador | 0.1.9 | +| file://../arborist | arborist | 0.1.9 | +| file://../argo-wrapper | argo-wrapper | 0.1.5 | +| file://../audit | audit | 0.1.10 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.7 | +| file://../common | common | 0.1.8 | +| file://../etl | etl | 0.1.0 | +| file://../fence | fence | 0.1.14 | +| file://../guppy | guppy | 0.1.9 | +| file://../hatchery | hatchery | 0.1.7 | +| file://../indexd | indexd | 0.1.11 | +| file://../manifestservice | manifestservice | 0.1.11 | +| file://../metadata | metadata | 0.1.9 | +| file://../peregrine | peregrine | 0.1.10 | +| file://../pidgin | pidgin | 0.1.8 | +| file://../portal | portal | 0.1.8 | +| file://../requestor | requestor | 0.1.9 | +| file://../revproxy | revproxy | 0.1.12 | +| file://../sheepdog | sheepdog | 0.1.11 | +| file://../sower | sower | 0.1.7 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.7 | +| file://../wts | wts | 0.1.11 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | +| https://helm.elastic.co | elasticsearch | 7.10.2 | ## Values @@ -66,6 +67,13 @@ Helm chart to deploy Gen3 Data Commons | aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | | aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | | aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | +| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | +| elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | +| elasticsearch.esConfig."elasticsearch.yml" | string | `"# Here we can add elasticsearch config\n"` | | +| elasticsearch.maxUnavailable | int | `0` | | +| elasticsearch.replicas | int | `1` | | +| elasticsearch.singleNode | bool | `true` | | +| etl.enabled | bool | `true` | Whether to deploy the etl subchart. | | fence.FENCE_CONFIG | map | `nil` | Configuration settings for Fence app | | fence.USER_YAML | string | `nil` | USER YAML. Passed in as a multiline string. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | @@ -108,7 +116,7 @@ Helm chart to deploy Gen3 Data Commons | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | | guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | | guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | diff --git a/helm/gen3/ci/portal-values.yaml b/helm/gen3/ci/portal-values.yaml new file mode 100644 index 00000000..7b5bee17 --- /dev/null +++ b/helm/gen3/ci/portal-values.yaml @@ -0,0 +1,9 @@ +portal: + image: + repository: quay.io/cdis/data-portal-prebuilt + tag: "toxcommons.com-master" + + resources: + requests: + cpu: "0.2" + memory: 100Mi diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 00469112..0bb20303 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -43,7 +43,7 @@ global: # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. @@ -106,6 +106,10 @@ aws-es-proxy: # -- (str) AWS secret access key for aws-es-proxy awsSecretAccessKey: "" +etl: + # -- (bool) Whether to deploy the etl subchart. + enabled: true + fence: # -- (bool) Whether to deploy the fence subchart. enabled: true @@ -385,3 +389,13 @@ postgresql: persistence: # -- (bool) Option to persist the dbs data. enabled: false + +elasticsearch: + clusterName: gen3-elasticsearch + maxUnavailable: 0 + singleNode: true + replicas: 1 + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" + esConfig: + elasticsearch.yml: | + # Here we can add elasticsearch config diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index ea90bf38..8243c558 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 25545b18..a785aca3 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values @@ -36,11 +36,11 @@ A Helm chart for gen3 Guppy Service | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| dbRestore | bool | `true` | Whether or not to restore elasticsearch indices from a snapshot in s3 | +| dbRestore | bool | `false` | Whether or not to restore elasticsearch indices from a snapshot in s3 | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | -| esEndpoint | string | `""` | Elasticsearch endpoint. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | +| esEndpoint | string | `"gen3-elasticsearch-master:9200"` | Elasticsearch endpoint. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":"10","environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":"1000"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -48,7 +48,7 @@ A Helm chart for gen3 Guppy Service | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -67,7 +67,7 @@ A Helm chart for gen3 Guppy Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | -| global.tierAccessLimit | int | `1000` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index ebb8bcac..8a1e16d8 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -65,7 +65,7 @@ spec: - name: GUPPY_CONFIG_FILEPATH value: /guppy/guppy_config.json - name: GEN3_ES_ENDPOINT - value: {{ default "elasticsearch:9200" .Values.esEndpoint }} + value: {{ default "gen3-elasticsearch-master:9200" .Values.esEndpoint }} {{- with .Values.arboristUrl }} - name: GEN3_ARBORIST_ENDPOINT value: {{ . }} @@ -73,9 +73,7 @@ spec: - name: TIER_ACCESS_LEVEL value: {{ .Values.global.tierAccessLevel }} - name: TIER_ACCESS_LIMIT - value: {{ .Values.global.tierAccessLimit }} - - + value: {{ .Values.global.tierAccessLimit | quote }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 9857944f..a8465f80 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -47,11 +47,11 @@ global: # -- (string) Access level for tiers. tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. - tierAccessLimit: 1000 + tierAccessLimit: "1000" # -- (bool) Whether network policies are enabled. netPolicy: true # -- (int) Number of dispatcher jobs. - dispatcherJobNum: 10 + dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -141,7 +141,7 @@ image: # Environment Variables # -- (string) Elasticsearch endpoint. -esEndpoint: "" +esEndpoint: "gen3-elasticsearch-master:9200" # -- (string) Arborist service URL. arboristUrl: http://arborist-service @@ -196,7 +196,7 @@ enableEncryptWhitelist: true encryptWhitelist: test1 # -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 -dbRestore: true +dbRestore: false # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 94913173..bb311c95 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 211e61f4..4e7bfe3c 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/hatchery/templates/tests/test-connection.yaml b/helm/hatchery/templates/tests/test-connection.yaml index 606b6519..141c6c25 100644 --- a/helm/hatchery/templates/tests/test-connection.yaml +++ b/helm/hatchery/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "hatchery.fullname" . }}-test-connection" + name: "hatchery-test-connection" labels: {{- include "hatchery.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "hatchery.fullname" . }}:{{ .Values.service.port }}'] + args: ['hatchery-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 54634c9d..c7b2b223 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index ae4ea0bb..353637e2 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/indexd/templates/tests/test-connection.yaml b/helm/indexd/templates/tests/test-connection.yaml index a33cf51f..fc5d3935 100644 --- a/helm/indexd/templates/tests/test-connection.yaml +++ b/helm/indexd/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "indexd.fullname" . }}-test-connection" + name: "indexd-test-connection" labels: {{- include "indexd.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "indexd.fullname" . }}:{{ .Values.service.port }}'] + args: ['indexd-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index a8920546..3b5eee3a 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4e74a196..501ee639 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values @@ -38,10 +38,10 @@ A Helm chart for Kubernetes | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":"2022.09"}` | Docker image information. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/manifestservice"` | Docker repository. | -| image.tag | string | `"2022.09"` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | manifestserviceG3auto | map | `{"awsaccesskey":"","awssecretkey":"","bucketName":"testbucket","hostname":"testinstall","prefix":"test"}` | Values for manifestservice secret. | | manifestserviceG3auto.awsaccesskey | string | `""` | AWS access key. | | manifestserviceG3auto.awssecretkey | string | `""` | AWS secret access key. | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 4dd08001..6923a5c0 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -12,8 +12,8 @@ spec: replicas: {{ .Values.replicaCount }} {{- end }} selector: - matchLabels: - {{- include "manifestservice.selectorLabels" . | nindent 8 }} + matchLabels: + {{- include "manifestservice.selectorLabels" . | nindent 6 }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: {{- toYaml .Values.strategy | nindent 8 }} diff --git a/helm/manifestservice/templates/service.yaml b/helm/manifestservice/templates/service.yaml index df8ef44a..173ba48c 100644 --- a/helm/manifestservice/templates/service.yaml +++ b/helm/manifestservice/templates/service.yaml @@ -1,14 +1,14 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "manifestservice.fullname" . }} + name: manifestservice-service labels: {{- include "manifestservice.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: http + targetPort: 80 protocol: TCP name: http selector: diff --git a/helm/manifestservice/templates/tests/test-connection.yaml b/helm/manifestservice/templates/tests/test-connection.yaml index e54df7be..3d4b1d87 100644 --- a/helm/manifestservice/templates/tests/test-connection.yaml +++ b/helm/manifestservice/templates/tests/test-connection.yaml @@ -1,9 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "manifestservice.fullname" . }}-test-connection" - labels: - {{- include "manifestservice.labels" . | nindent 4 }} + name: "manifestservice-test-connection" annotations: "helm.sh/hook": test spec: @@ -11,5 +9,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "manifestservice.fullname" . }}:{{ .Values.service.port }}'] + args: ['manifestservice-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 2607c9a7..1b9d9e64 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -26,7 +26,7 @@ image: # -- (string) Docker pull policy. pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "2022.09" + tag: "" # -- (map) Kubernetes service information. service: diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 718ca364..b0730575 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,9 +25,13 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 repository: "https://charts.bitnami.com/bitnami" condition: postgres.separate +- name: elasticsearch + version: "7.17.1" + repository: "https://helm.elastic.co" + condition: elasticsearch.separate diff --git a/helm/metadata/README.md b/helm/metadata/README.md index aa2422ea..151ea2f8 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -8,8 +8,9 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | +| https://helm.elastic.co | elasticsearch | 7.17.1 | ## Values @@ -22,7 +23,8 @@ A Helm chart for gen3 Metadata Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator | string | `"In"` | Operation type for the match expression. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["metadata"]` | Value for the match expression key. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | -| aggMdsNamespace | string | `nil` | Namespae to use if AggMds is enabled. | +| aggMdsConfig | string | `"{\n \"configuration\": {\n \"schema\": {\n \"_subjects_count\": {\n \"type\": \"integer\"\n },\n \"__manifest\": {\n \"description\": \"an array of filename (usually DRS ids and its size\",\n \"type\": \"array\",\n \"properties\": {\n \"file_name\": {\n \"type\": \"string\"\n },\n \"file_size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"tags\": {\n \"type\": \"array\"\n },\n \"_unique_id\": {},\n \"study_description\": {},\n \"study_id\": {},\n \"study_url\": {},\n \"project_id\": {},\n \"short_name\": {\n \"default\": \"not_set\"\n },\n \"year\": {\n \"default\": \"not_set\"\n },\n \"full_name\": {},\n \"commons_url\": {},\n \"commons\": {}\n },\n \"settings\": {\n \"cache_drs\": true\n }\n },\n \"adapter_commons\": {\n \"Gen3\": {\n \"mds_url\": \"https://gen3.datacommons.io/\",\n \"commons_url\": \"gen3.datacommons.io/\",\n \"adapter\": \"gen3\",\n \"config\": {\n \"guid_type\": \"discovery_metadata\",\n \"study_field\": \"gen3_discovery\"\n },\n \"keep_original_fields\": false,\n \"field_mappings\": {\n \"tags\": \"path:tags\",\n \"_unique_id\": \"path:_unique_id\",\n \"study_description\": \"path:summary\",\n \"full_name\": \"path:study_title\",\n \"short_name\": \"path:short_name\",\n \"year\": \"path:year\",\n \"accession_number\": \"path:accession_number\",\n \"commons\": \"Gen3 Data Commons\",\n \"study_url\": {\n \"path\": \"link\",\n \"default\": \"unknown\"\n }\n }\n }\n }\n}\n"` | | +| aggMdsNamespace | string | `"default"` | Namespae to use if AggMds is enabled. | | args | list | `["-c","/env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | @@ -37,7 +39,13 @@ A Helm chart for gen3 Metadata Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | -| esEndpoint | string | `"elasticsearch:9200"` | Elasticsearch endpoint. | +| elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | +| elasticsearch.esConfig."elasticsearch.yml" | string | `"# Here we can add elasticsearch config\n"` | | +| elasticsearch.maxUnavailable | int | `0` | | +| elasticsearch.replicas | int | `1` | | +| elasticsearch.separate | bool | `false` | | +| elasticsearch.singleNode | bool | `true` | | +| esEndpoint | string | `"http://gen3-elasticsearch-master:9200"` | Elasticsearch endpoint. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -65,10 +73,10 @@ A Helm chart for gen3 Metadata Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"master"}` | Docker image information. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"feat_es-7"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/metadata-service"` | Docker repository. | -| image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `"feat_es-7"` | Overrides the image tag whose default is the chart appVersion. | | initContainerName | string | `"metadata-db-migrate"` | Name of the init container. | | initResources | map | `{"limits":{"cpu":0.8,"memory":"512Mi"}}` | Resource limits for the init container. | | initResources.limits | map | `{"cpu":0.8,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | @@ -104,7 +112,7 @@ A Helm chart for gen3 Metadata Service | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | -| useAggMds | bool | `nil` | Set to true to aggregate metadata from multiple other Metadata Service instances. | +| useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ---------------------------------------------- diff --git a/helm/metadata/templates/agg-mds-sync.yaml b/helm/metadata/templates/agg-mds-sync.yaml new file mode 100644 index 00000000..08754b40 --- /dev/null +++ b/helm/metadata/templates/agg-mds-sync.yaml @@ -0,0 +1,160 @@ +{{- if .Values.useAggMds }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: agg-mds-config +data: + aggregate_config.json: | + {{ .Values.aggMdsConfig | default "{}" | nindent 4 }} +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: metadata-aggregate-sync +spec: + schedule: "0 0 1 1 */5" + jobTemplate: + spec: + template: + metadata: + labels: + app: gen3job + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: karpenter.sh/capacity-type + operator: In + values: + - on-demand + - weight: 99 + preference: + matchExpressions: + - key: eks.amazonaws.com/capacityType + operator: In + values: + - ONDEMAND + volumes: + - name: config-volume + configMap: + name: agg-mds-config + - name: shared-data + emptyDir: {} + initContainers: + - name: wait-for-es + image: alpine/curl + env: + - name: GEN3_ES_ENDPOINT + value: {{ .Values.esEndpoint | default "http://gen3-elasticsearch-master:9200" }} + imagePullPolicy: IfNotPresent + command: ["/bin/sh"] + args: + - "-c" + - | + echo "Waiting for Elasticsearch to be ready..." + until curl -s -XGET $GEN3_ES_ENDPOINT; do + echo "Elasticsearch is not ready yet..." + sleep 5 + done + echo "Elasticsearch is ready!" + - name: wait-for-metadata + image: alpine/curl + env: + - name: GEN3_ES_ENDPOINT + value: {{ .Values.esEndpoint | default "http://gen3-elasticsearch-master:9200" }} + imagePullPolicy: IfNotPresent + command: ["/bin/sh"] + args: + - "-c" + - | + echo "Waiting for metadata service to be ready" + until curl -s -XGET http://metadata-service; do + echo "Metadata service is not ready yet..." + sleep 5 + done + containers: + - name: metadata-sync + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + volumeMounts: + # - name: config-volume-g3auto + # readOnly: true + # mountPath: /src/.env + # subPath: metadata.env + - name: config-volume + readOnly: true + mountPath: /aggregate_config.json + subPath: aggregate_config.json + # - name: config-manifest + # readOnly: true + # mountPath: /metadata.json + # subPath: json + - name: shared-data + mountPath: /mnt/shared + env: + - name: GEN3_DEBUG + value: "False" + - name: GEN3_ES_ENDPOINT + value: {{ .Values.esEndpoint | default "http://gen3-elasticsearch-master:9200" }} + - name: USE_AGG_MDS + value: {{ (.Values.useAggMds | quote | default "True") }} + - name: AGG_MDS_NAMESPACE + value: {{ .Values.aggMdsNamespace | default .Release.Name }} + imagePullPolicy: Always + command: ["/bin/sh"] + args: + - "-c" + - | + cat /aggregate_config.json + /env/bin/python /src/src/mds/populate.py --config /aggregate_config.json + if [ $? -ne 0 ]; then + echo "WARNING: non zero exit code: $?" + echo "WARNING: non zero exit code: $?" > /mnt/shared/status + else + echo "Success" > /mnt/shared/status + fi + - name: slack-alert + env: + - name: slackWebHook + valueFrom: + configMapKeyRef: + name: global + key: slack_webhook + optional: true + - name: gen3Env + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + optional: true + image: quay.io/cdis/awshelper:master + volumeMounts: + - name: shared-data + mountPath: /mnt/shared + command: ["/bin/bash"] + args: + - "-c" + - | + if [[ ! "$slackWebHook" =~ ^http ]]; then + echo "Slack webhook not set" + exit 0 + fi + while [ ! -f /mnt/shared/status ]; do + echo "Waiting for status file..." + sleep 5 + done + if ! [[ $(cat /mnt/shared/status) =~ "Success" ]]; then + success="SUCCESS" + color="2EB67D" + else + success="FAILED" + color="FF0000" + fi + echo "Sending ${success} message to slack..." + payload="{\"attachments\": [{\"fallback\": \"JOB ${success}: metadata-aggregate-sync cronjob on ${gen3Env}\",\"color\": \"#${color}\",\"title\": \"JOB ${success}: metadata-aggregate-sync cronjob on ${gen3Env}\",\"text\": \"Pod name: ${HOSTNAME}\",\"ts\": \"$(date +%s)\"}]}" + echo "Payload=${payload}" + curl -X POST --data-urlencode "payload=${payload}" "${slackWebHook}" + restartPolicy: Never +{{- end}} \ No newline at end of file diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index ba6c0378..d0723397 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -91,7 +91,7 @@ spec: optional: false {{- with .Values.useAggMds }} - name: USE_AGG_MDS - value: {{ . }} + value: {{ . | quote }} {{- end }} {{- with .Values.aggMdsNamespace}} - name: AGG_MDS_NAMESPACE diff --git a/helm/metadata/templates/tests/test-connection.yaml b/helm/metadata/templates/tests/test-connection.yaml index 007dd312..4bafd3c8 100644 --- a/helm/metadata/templates/tests/test-connection.yaml +++ b/helm/metadata/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "metadata.fullname" . }}:{{ .Values.service.port }}'] + args: ['metadata-service:80/_status'] restartPolicy: Never diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index baaa5cb6..876853a6 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -140,17 +140,87 @@ image: # -- (string) Docker pull policy. pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "master" + tag: "feat_es-7" debug: false # Environment Variables # -- (string) Elasticsearch endpoint. -esEndpoint: elasticsearch:9200 +esEndpoint: http://gen3-elasticsearch-master:9200 # -- (bool) Set to true to aggregate metadata from multiple other Metadata Service instances. -useAggMds: +useAggMds: "True" # -- (string) Namespae to use if AggMds is enabled. -aggMdsNamespace: +aggMdsNamespace: default + + +aggMdsConfig: | + { + "configuration": { + "schema": { + "_subjects_count": { + "type": "integer" + }, + "__manifest": { + "description": "an array of filename (usually DRS ids and its size", + "type": "array", + "properties": { + "file_name": { + "type": "string" + }, + "file_size": { + "type": "integer" + } + } + }, + "tags": { + "type": "array" + }, + "_unique_id": {}, + "study_description": {}, + "study_id": {}, + "study_url": {}, + "project_id": {}, + "short_name": { + "default": "not_set" + }, + "year": { + "default": "not_set" + }, + "full_name": {}, + "commons_url": {}, + "commons": {} + }, + "settings": { + "cache_drs": true + } + }, + "adapter_commons": { + "Gen3": { + "mds_url": "https://gen3.datacommons.io/", + "commons_url": "gen3.datacommons.io/", + "adapter": "gen3", + "config": { + "guid_type": "discovery_metadata", + "study_field": "gen3_discovery" + }, + "keep_original_fields": false, + "field_mappings": { + "tags": "path:tags", + "_unique_id": "path:_unique_id", + "study_description": "path:summary", + "full_name": "path:study_title", + "short_name": "path:short_name", + "year": "path:year", + "accession_number": "path:accession_number", + "commons": "Gen3 Data Commons", + "study_url": { + "path": "link", + "default": "unknown" + } + } + } + } + } # -- (list) Volumes to mount to the container. volumeMounts: @@ -248,3 +318,13 @@ datadogLogsInjection: true datadogProfilingEnabled: true # -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. datadogTraceSampleRate: 1 + +elasticsearch: + separate: false + clusterName: gen3-elasticsearch + maxUnavailable: 0 + singleNode: true + replicas: 1 + esConfig: + elasticsearch.yml: | + # Here we can add elasticsearch config diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index cfdfe6e3..6fea8732 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 838e811c..e7c8244d 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/peregrine/templates/tests/test-connection.yaml b/helm/peregrine/templates/tests/test-connection.yaml index 91f03791..56bcf4b5 100644 --- a/helm/peregrine/templates/tests/test-connection.yaml +++ b/helm/peregrine/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "peregrine.fullname" . }}-test-connection" + name: peregrine-test-connection labels: {{- include "peregrine.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "peregrine.fullname" . }}:{{ .Values.service.port }}'] + args: ['peregrine-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 831c01ac..c871f126 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 5c4bcdb9..72b5f9bc 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/pidgin/templates/tests/test-connection.yaml b/helm/pidgin/templates/tests/test-connection.yaml index 0f00775d..0fc4b8f4 100644 --- a/helm/pidgin/templates/tests/test-connection.yaml +++ b/helm/pidgin/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "pidgin.fullname" . }}:{{ .Values.service.port }}'] + args: ['pidgin-service:80/_status'] restartPolicy: Never diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 61f4b9ca..1a992152 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index dbc2e503..11381d2b 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values @@ -33,11 +33,11 @@ A Helm chart for gen3 data-portal | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | +| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | | gitops.createdby | string | `"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg=="` | - createdby.png - base64 | | gitops.css | string | `"/* gitops default css */\n"` | - multiline string - gitops.css | | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | -| gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"case_id\"],\n \"accessibleValidationField\": \"case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | +| gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","minAvialable":1,"netPolicy":true,"pdb":false,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","tierAccessLevel":"libre","tierAccessLimit":1000}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/portal/templates/tests/test-connection.yaml b/helm/portal/templates/tests/test-connection.yaml index e23afb6e..2a138e30 100644 --- a/helm/portal/templates/tests/test-connection.yaml +++ b/helm/portal/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "portal.fullname" . }}:{{ .Values.service.port }}'] + args: ['portal-service:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index fa1e8467..09105170 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -360,7 +360,7 @@ gitops: "chartType": "count", "title": "Projects" }, - "case_id": { + "_case_id": { "chartType": "count", "title": "Cases" }, @@ -401,11 +401,11 @@ gitops: "manifestMapping": { "resourceIndexType": "file", "resourceIdField": "object_id", - "referenceIdFieldInResourceIndex": "case_id", + "referenceIdFieldInResourceIndex": "_case_id", "referenceIdFieldInDataIndex": "node_id" }, - "accessibleFieldCheckList": ["case_id"], - "accessibleValidationField": "case_id" + "accessibleFieldCheckList": ["_case_id"], + "accessibleValidationField": "_case_id" } }, "fileExplorerConfig": { @@ -449,12 +449,12 @@ gitops: "nodeCountTitle": "Files", "manifestMapping": { "resourceIndexType": "case", - "resourceIdField": "case_id", + "resourceIdField": "_case_id", "referenceIdFieldInResourceIndex": "object_id", "referenceIdFieldInDataIndex": "object_id" }, - "accessibleFieldCheckList": ["case_id"], - "accessibleValidationField": "case_id", + "accessibleFieldCheckList": ["_case_id"], + "accessibleValidationField": "_case_id", "downloadAccessor": "object_id" } } diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 4e59fb2a..552ae3bc 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 5e7666f8..612a3faa 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/requestor/templates/tests/test-connection.yaml b/helm/requestor/templates/tests/test-connection.yaml index 8d9970ec..244fd6ed 100644 --- a/helm/requestor/templates/tests/test-connection.yaml +++ b/helm/requestor/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "requestor.fullname" . }}:{{ .Values.service.port }}'] + args: ['requestor-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 1cbf1b32..09320900 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 51ad7a6e..ff1b01e7 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/revproxy/templates/tests/test-connection.yaml b/helm/revproxy/templates/tests/test-connection.yaml index c73c44bd..9266de3f 100644 --- a/helm/revproxy/templates/tests/test-connection.yaml +++ b/helm/revproxy/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "revproxy.fullname" . }}-test-connection" + name: "revproxy-test-connection" labels: {{- include "revproxy.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "revproxy.fullname" . }}:{{ .Values.service.port }}'] + args: ['revproxy-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index cb5745a2..5156d475 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index e2a57245..2b0a6806 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sheepdog/templates/tests/test-connection.yaml b/helm/sheepdog/templates/tests/test-connection.yaml index e508fe6e..dc94a171 100644 --- a/helm/sheepdog/templates/tests/test-connection.yaml +++ b/helm/sheepdog/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "sheepdog.fullname" . }}:{{ .Values.service.port }}'] + args: ['sheepdog-service:{{ .Values.service.port }}/_status?timeout=2'] restartPolicy: Never diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index c98d3d17..95b847ab 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 9daf13f3..8ccb3ee7 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/sower/templates/tests/test-connection.yaml b/helm/sower/templates/tests/test-connection.yaml index d817824a..6890bcd7 100644 --- a/helm/sower/templates/tests/test-connection.yaml +++ b/helm/sower/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "sower.fullname" . }}-test-connection" + name: "sower-test-connection" labels: {{- include "sower.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "sower.fullname" . }}-service:{{ .Values.service.port }}'] + args: ['sower-service:{{ .Values.service.port }}/_status'] restartPolicy: Never diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index c5613110..4f97d26b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 46e84cfb..e09ea9f2 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index a1c29c60..c572f64a 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index 7644f5fc..f320739e 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.8 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/wts/templates/tests/test-connection.yaml b/helm/wts/templates/tests/test-connection.yaml index 7f3f42c3..250d8c47 100644 --- a/helm/wts/templates/tests/test-connection.yaml +++ b/helm/wts/templates/tests/test-connection.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "wts.fullname" . }}-test-connection" + name: "wts-test-connection" labels: {{- include "wts.labels" . | nindent 4 }} annotations: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "wts.fullname" . }}:{{ .Values.service.port }}'] + args: ['workspace-token-service:80/_status'] restartPolicy: Never diff --git a/helm/wts/templates/wts-oidc.yaml b/helm/wts/templates/wts-oidc.yaml index d14c6e79..769a3c47 100644 --- a/helm/wts/templates/wts-oidc.yaml +++ b/helm/wts/templates/wts-oidc.yaml @@ -100,10 +100,11 @@ spec: args: - "-c" - | + echo "waiting for /shared/client_id" while [ ! -e /shared/client_id ] do - echo "waiting for /shared/client_id" - sleep 30 + echo "..." + sleep 5 done echo "Updating k8s secret wts-oidc-client" CLIENT_ID=$(cat /shared/client_id | base64) From d51b8fdbbed970e0ab1acd98b1406e342d1390a6 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 19 Jan 2024 15:20:30 -0700 Subject: [PATCH 090/279] fixing dependency chart versions --- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/gen3/Chart.yaml | 42 ++++++++++++++++----------------- helm/gen3/README.md | 42 ++++++++++++++++----------------- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 46 files changed, 86 insertions(+), 86 deletions(-) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index f308da7c..a1f18334 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index a89c854d..22427743 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index d3ad7ea9..d845739c 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 9dd4f29e..8e8290e9 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 02aa3e5f..de360706 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6602a663..6fc88cd8 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 7ce95ca9..efbd8361 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 05c698d2..146545ba 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index b4dbc5cc..7a28cc19 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 5c73d993..00c6915f 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index ed95a1ae..44f89e8e 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index a693ecae..b1fd0611 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 38969626..b31017d6 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 6a49d0b7..28f7f590 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index a0d42d8a..ed6d1d7e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index 513b92ab..7fca9d38 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9cb89637..864b445e 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,90 +5,90 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: 0.1.9 + version: 0.1.10 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.9 + version: 0.1.10 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.5 + version: 0.1.6 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.10 + version: 0.1.11 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.7 + version: 0.1.8 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: etl version: 0.1.0 repository: file://../etl condition: etl.enabled - name: fence - version: 0.1.14 + version: 0.1.15 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.9 + version: 0.1.10 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.7 + version: 0.1.8 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.11 + version: 0.1.12 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.11 + version: 0.1.12 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.9 + version: 0.1.10 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.10 + version: 0.1.11 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: 0.1.8 + version: 0.1.9 repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.8 + version: 0.1.9 repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.9 + version: 0.1.10 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.12 + version: 0.1.13 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.11 + version: 0.1.12 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.7 + version: 0.1.8 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.7 + version: 0.1.8 condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.11 + version: 0.1.12 repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 4994910a..65c6aae7 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,28 +18,28 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.9 | -| file://../arborist | arborist | 0.1.9 | -| file://../argo-wrapper | argo-wrapper | 0.1.5 | -| file://../audit | audit | 0.1.10 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.7 | -| file://../common | common | 0.1.8 | +| file://../ambassador | ambassador | 0.1.10 | +| file://../arborist | arborist | 0.1.10 | +| file://../argo-wrapper | argo-wrapper | 0.1.6 | +| file://../audit | audit | 0.1.11 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.8 | +| file://../common | common | 0.1.9 | | file://../etl | etl | 0.1.0 | -| file://../fence | fence | 0.1.14 | -| file://../guppy | guppy | 0.1.9 | -| file://../hatchery | hatchery | 0.1.7 | -| file://../indexd | indexd | 0.1.11 | -| file://../manifestservice | manifestservice | 0.1.11 | -| file://../metadata | metadata | 0.1.9 | -| file://../peregrine | peregrine | 0.1.10 | -| file://../pidgin | pidgin | 0.1.8 | -| file://../portal | portal | 0.1.8 | -| file://../requestor | requestor | 0.1.9 | -| file://../revproxy | revproxy | 0.1.12 | -| file://../sheepdog | sheepdog | 0.1.11 | -| file://../sower | sower | 0.1.7 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.7 | -| file://../wts | wts | 0.1.11 | +| file://../fence | fence | 0.1.15 | +| file://../guppy | guppy | 0.1.10 | +| file://../hatchery | hatchery | 0.1.8 | +| file://../indexd | indexd | 0.1.12 | +| file://../manifestservice | manifestservice | 0.1.12 | +| file://../metadata | metadata | 0.1.10 | +| file://../peregrine | peregrine | 0.1.11 | +| file://../pidgin | pidgin | 0.1.9 | +| file://../portal | portal | 0.1.9 | +| file://../requestor | requestor | 0.1.10 | +| file://../revproxy | revproxy | 0.1.13 | +| file://../sheepdog | sheepdog | 0.1.12 | +| file://../sower | sower | 0.1.8 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.8 | +| file://../wts | wts | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 5cdc18d1..8da72671 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f7ca57e9..54611f98 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 74cb04a6..466cb09b 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 7aa4d411..583c3ac7 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 2ab50739..41608207 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 96ed887b..e73bd8c6 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 5607b4b1..8557818e 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 3d1c8945..8141522d 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index d7d9cc07..0e130ab4 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 92661362..9bae11bf 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.17.1 | diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 53fe5bdb..eaf74f03 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "2023.01" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 5cf156ce..57832ebe 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 6384772b..f80d38b0 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 761b0843..1a34c4d7 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index cee55529..4f90c0ff 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index 229dfbc9..542d4bc2 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index ab376b88..e3b94a13 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 12b69310..62a2dc5e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 7bea1043..efa3c3bc 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 47b34539..ddb426a3 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 512fd8f8..46a7945d 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 981c3904..8d0cc194 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 9436fd4d..78f30033 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 3b736880..1217b1c3 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index c28556c3..34b92d4a 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 44ddeee3..12c85819 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index c63b720b..c84c4d76 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.8 + version: 0.1.9 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index 80644d63..c951a2d2 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.8 | +| file://../common | common | 0.1.9 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From a31e1255df78ca479b3a7b8b12c17546cafe1659 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 19 Jan 2024 15:25:56 -0700 Subject: [PATCH 091/279] deleting extra "dbRestore" from guppy values.yaml --- .secrets.baseline | 4 ++-- helm/guppy/README.md | 1 - helm/guppy/values.yaml | 2 -- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a0accd7b..e4f23d1d 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-19T22:08:15Z", + "generated_at": "2024-01-19T22:25:52Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -339,7 +339,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 61, "type": "Secret Keyword" } ], diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 54611f98..f04bf9ca 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -37,7 +37,6 @@ A Helm chart for gen3 Guppy Service | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dbRestore | bool | `false` | Whether or not to restore elasticsearch indices from a snapshot in s3 | -| dbRestore | bool | `false` | Whether or not to restore elasticsearch indices from a snapshot in s3 | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | | esEndpoint | string | `"gen3-elasticsearch-master:9200"` | Elasticsearch endpoint. | diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 4ec1138c..054e4734 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -73,8 +73,6 @@ autoscaling: # -- (int) The target CPU utilization percentage for autoscaling targetCPUUtilizationPercentage: 80 -# -- (bool) Whether or not to restore elasticsearch indices from a snapshot in s3 -dbRestore: false # -- (map) Secret information to access the db restore job S3 bucket. secrets: # -- (str) AWS access key ID. Overrides global key. From 503155eab5fcc1cfee3156dcb2cc22d80761b82d Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 5 Feb 2024 14:33:51 -0700 Subject: [PATCH 092/279] Update external_secrets.md --- docs/external_secrets.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 0852135d..c8dcd5f7 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -1,6 +1,6 @@ # External Secrets Operator - "External Secrets Operator" is a tool that was created by the Kubernetes community to manage external secrets in a Kubernetes cluster. It allows you to fetch and sync external secret values from various external secret management systems into Kubernetes secrets. One of the external secret management systems it can connect to is AWS Secrets Manager. Secrets Manager allows for the secure storing of your secrets as well as the ability to periodically and automatically rotate your secrets. + "External Secrets Operator" is a tool that was created by the Kubernetes community to manage external secrets in a Kubernetes cluster. It allows you to fetch and sync external secret values from various external secret management systems into Kubernetes secrets. One of the external secret management systems it can connect to is AWS Secrets Manager. AWS Secrets Manager allows for the secure storing of your secrets as well as the ability to periodically and automatically rotate your secrets. This document will guide you through setting up the essential resources to access your secrets in AWS Secrets Manager and download the External Secrets Operator Helm chart. This way, you can effectively utilize your stored secrets with Helm. @@ -8,7 +8,7 @@ This document will guide you through setting up the essential resources to acces You can use the following Bash script to apply the External Secrets Operator to your cluster and create the necessary AWS resources. Fill in the variables below to get started: ***Notice: -The Gen3 Helm chart has various jobs and uses for an Iam user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same Iam user for External Secrets and jobs like ["Fence Usersync"](fence_usersync_job.md) or our "AWS ES Proxy Service", you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user. In case you opt for a global IAM user, please comment out the "create_iam_policy" and "create_iam_user" functions at the end of the script.*** +The Gen3 Helm chart has various jobs and uses for an IAM user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same IAM user for External Secrets and jobs like ["Fence Usersync"](fence_usersync_job.md) or our "AWS ES Proxy Service", you can follow [THIS](global_IAM_helm_user.md) guide that details how to setup a Helm global user. In case you opt for a global IAM user, please comment out the "create_iam_policy" and "create_iam_user" functions at the end of the script.*** ``` #!/bin/bash @@ -31,7 +31,7 @@ helm_install() create_iam_policy() { - echo "# ------------------ create iam policy for secrets manager --------------------------#" + echo "# ------------------ create iam policy for aws secrets manager --------------------------#" POLICY_ARN=$(aws iam create-policy --policy-name $iam_policy --policy-document '{ "Version": "2012-10-17", "Statement": [ @@ -76,17 +76,17 @@ create_iam_policy create_iam_user ``` -***Please note that Terraform for the creation and population of Gen3 Secrets in Secrets Manager is in development currently. This Terraform will also create the Iam user and policies necessary to access these secrets.*** +***Please note that Terraform for the creation and population of Gen3 Secrets in AWS Secrets Manager is in development currently. This Terraform will also create the Iam user and policies necessary to access these secrets.*** ## Enabling External Secrets in Helm charts To enable External Secrets to be used in a helm chart, you can set the `.Values.global.externalSecrets.deploy` field to "true" for an individual chart or globally by enabling this value in the Gen3 umbrella Helm chart. -If you would like to only use External Secrets for specific charts, please ensure you set `.Values.global.externalSecrets.separate` to "true" in the appropriate charts to ensure a Secret Store can be created to authenticate with Secrets Manager. +If you would like to only use External Secrets for specific charts, please ensure you set `.Values.global.externalSecrets.separate` to "true" in the appropriate charts to ensure a Secret Store can be created to authenticate with AWS Secrets Manager. -## Helm Iam User -If you are using a separate Iam user for Secrets Manager please follow the below instructions: +## Helm IAM User +If you are using a separate IAM user for AWS Secrets Manager please follow the below instructions: -This script Bash script at the beginning of this document should have created a secret titled "NameofIAMuser-user-secret" in your cluster. You will need to retrieve these values to input into your Helm chart for the Cluster Secret Store to authenticate with Secrets Manager. +This script Bash script at the beginning of this document should have created a secret titled "NameofIAMuser-user-secret" in your cluster. You will need to retrieve these values to input into your Helm chart for the Cluster Secret Store to authenticate with AWS Secrets Manager. Access Key: @@ -100,7 +100,7 @@ Secret Access Key kubectl get secret "your secret name" -o jsonpath="{.data.secret-access-key}" | base64 --decode ``` -You can paste the Iam access key and secret access key in the `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields in the values.yaml file for the chart(s) you would like to use external secrets for. +You can paste the IAM access key and secret access key in the `.Values.secrets.awsAccessKeyId`/`.Values.secrets.awsSecretAccessKey` fields in the values.yaml file for the chart(s) you would like to use external secrets for. If you are deploying external secrets with the Gen3 umbrella chart, you can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. @@ -120,28 +120,28 @@ External Secrets relies on three main resources to function properly. (The below # Name of the External Secret resource name: audit-g3auto spec: - #How often to Sync with Secrets Manager + #How often to Sync with AWS Secrets Manager refreshInterval: 5m secretStoreRef: # The name of the Cluster Secret Store to use. name: {{include "cluster-secret-store" .}} kind: ClusterSecretStore target: - # What Kubernetes secret to create from the secret pulled from Secrets Manager. + # What Kubernetes secret to create from the secret pulled from AWS Secrets Manager. name: audit-g3auto creationPolicy: Owner data: # the key inside the new Kubernetes secret - secretKey: audit-service-config.yaml remoteRef: - #name of secret in secrets manager + #name of secret in AWS Secrets Manager key: {{include "audit-g3auto" .}} ``` -The External Secrets resource will usually fail with "SecretSyncedError" when it cannot find the secret name that is supplied in Secrets Manager. If this happens, the secret may still exist in Kubernetes, but it will not be overwritten by the secret value in Secrets Manager. This is helpful to know if you want to enabled the use of Secrets Manager for some, but not all the secrets in a specific Helm chart. +The External Secrets resource will usually fail with "SecretSyncedError" when it cannot find the secret name that is supplied in AWS Secrets Manager. If this happens, the secret may still exist in Kubernetes, but it will not be overwritten by the secret value in AWS Secrets Manager. This is helpful to know if you want to enabled the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. ## Customizing the AWS Secrets Manager Secrets Name. -When pulling a secret from secrets manager, you want to ensure that the External Secret resource is referencing the proper name of the secret in Secrets Manager. +When pulling a secret from AWS Secrets Manager, you want to ensure that the External Secret resource is referencing the proper name of the secret in AWS Secrets Manager. You can customize the name of the secret to pull from in the `.Values.externalSecrets` section of a Chart. You can see the name for the confiugrable secrets in a chart by looking in this section as well. -Any string you put in this section will override the name of the secret that is pulled from Secrets Manager NOT the name of the Kubernetes secret that is created from the External Secret resource. +Any string you put in this section will override the name of the secret that is pulled from AWS Secrets Manager NOT the name of the Kubernetes secret that is created from the External Secret resource. From d0029767917432a9ac8774211d258b0320722d56 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 5 Feb 2024 15:36:42 -0700 Subject: [PATCH 093/279] Update PRODUCTION.md to include information about secret and configmap configuration --- docs/PRODUCTION.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/PRODUCTION.md b/docs/PRODUCTION.md index 01b85073..ed28c72b 100644 --- a/docs/PRODUCTION.md +++ b/docs/PRODUCTION.md @@ -13,3 +13,11 @@ The postgres and helm charts are included as conditionals in the Gen3 [umbrella repository: "https://charts.bitnami.com/bitnami" condition: global.dev ``` + +### Kubernetes Configmap and Secret Configuration +For the seamless operation of our services, we utilize Kubernetes secrets. To streamline the integration and management of these secrets, we highly recommend deploying External Secret Manager alongside any existing secret management systems you may already have in place. For a comprehensive guide and best practices on implementing External Secrets within our ecosystem, please consult our dedicated External Secrets Documentation available [here](https://github.com/uc-cdis/gen3-helm/blob/feat/GPE-1032/docs/external_secrets.md). + +Our services also utilize non-secret configuration variables provided via Kubernetes ConfigMaps. For streamlined management, we advise keeping your values.yaml and configuration files files in source control and utilizing ArgoCD for automatic updates and efficient management of your Gen3 Helm chart. + +Each service is designed to seamlessly integrate and manage the combination of Kubernetes secrets and ConfigMaps, ensuring the encapsulated information is effectively injected into the underlying application. + From df99089f366ce0df3322d829bead37063e82cd7d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 5 Feb 2024 15:53:21 -0700 Subject: [PATCH 094/279] adding in cluster recommendations for Linux users --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5a63cef1..d56d16ec 100644 --- a/README.md +++ b/README.md @@ -117,8 +117,11 @@ NOTE: Gen3 helm charts are currently not used in production by CTDS, but we are For local development you must be connected to a kubernetes cluster. As referenced above in the section `Kubernetes cluster` we recommend using [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your local machine, especially on M1 Mac's. You also get ingress and other benefits out of the box. +For MacOS users, [Minikube](https://minikube.sigs.k8s.io/docs/start/) equipped with the ingress addon serves as a viable alternative to Rancher Desktop. On Linux, we've observed that using [Kind](https://kind.sigs.k8s.io/) with an NGINX ingress installed often provides a more seamless experience compared to both Rancher Desktop and Minikube. Essentially, Helm requires access to a Kubernetes cluster with ingress capabilities, facilitating the loading of the portal in your browser for an optimal development workflow. + > **Warning** > If you are using Rancher Desktop you need to increase the vm.max_map_count as outlined [here](https://docs.rancherdesktop.io/how-to-guides/increasing-open-file-limit/) +> If you are using Minikube you will need to enabled the ingress addon as outlined [here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/) 1. Clone the repository 2. Navigate to the `gen3-helm/helm/gen3` directory and run `helm dependency update` From 547219746ab1978c8e2e839e64ed7ca6b1a99ab2 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Fri, 23 Feb 2024 13:54:13 -0700 Subject: [PATCH 095/279] Update docs/global_iam_helm_user.md Co-authored-by: Alexander VanTol --- docs/global_iam_helm_user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/global_iam_helm_user.md b/docs/global_iam_helm_user.md index e8f68507..70a56376 100644 --- a/docs/global_iam_helm_user.md +++ b/docs/global_iam_helm_user.md @@ -1,4 +1,4 @@ -# AWS Iam Global User +# AWS IAM Global User For Helm code resusability, we have added the functionality to use one iam user for various jobs/services. From c84b65379631cbe73cbd1460010a01590a3f6629 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 27 Feb 2024 12:53:38 -0700 Subject: [PATCH 096/279] changing the Cluster Secret Stores to Secret Stores to we can have multiple helm charts running in one cluster --- .secrets.baseline | 4 ++-- docs/external_secrets.md | 4 ++-- helm/audit/templates/external-secret.yaml | 4 ++-- .../aws-es-proxy/templates/external-secrets.yaml | 4 ++-- helm/common/templates/_external_secrets.tpl | 12 +++++------- helm/fence/templates/external-secret.yaml | 16 ++++++++-------- helm/gen3/README.md | 5 ++--- helm/gen3/templates/cluster-secret-store.yaml | 4 +--- helm/gen3/values.yaml | 2 -- helm/indexd/templates/external-secrets.yaml | 4 ++-- .../templates/external-secret.yaml | 4 ++-- 11 files changed, 28 insertions(+), 35 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index e4f23d1d..a207dc07 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-19T22:25:52Z", + "generated_at": "2024-02-27T19:51:16Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 221, + "line_number": 219, "type": "Secret Keyword" } ], diff --git a/docs/external_secrets.md b/docs/external_secrets.md index c8dcd5f7..c780dcfb 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -86,7 +86,7 @@ If you would like to only use External Secrets for specific charts, please ensur ## Helm IAM User If you are using a separate IAM user for AWS Secrets Manager please follow the below instructions: -This script Bash script at the beginning of this document should have created a secret titled "NameofIAMuser-user-secret" in your cluster. You will need to retrieve these values to input into your Helm chart for the Cluster Secret Store to authenticate with AWS Secrets Manager. +This script Bash script at the beginning of this document should have created a secret titled "NameofIAMuser-user-secret" in your cluster. You will need to retrieve these values to input into your Helm chart for the Secret Store to authenticate with AWS Secrets Manager. Access Key: @@ -125,7 +125,7 @@ External Secrets relies on three main resources to function properly. (The below secretStoreRef: # The name of the Cluster Secret Store to use. name: {{include "cluster-secret-store" .}} - kind: ClusterSecretStore + kind: SecretStore target: # What Kubernetes secret to create from the secret pulled from AWS Secrets Manager. name: audit-g3auto diff --git a/helm/audit/templates/external-secret.yaml b/helm/audit/templates/external-secret.yaml index f8b3df61..d925feaa 100644 --- a/helm/audit/templates/external-secret.yaml +++ b/helm/audit/templates/external-secret.yaml @@ -6,8 +6,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: audit-g3auto creationPolicy: Owner diff --git a/helm/aws-es-proxy/templates/external-secrets.yaml b/helm/aws-es-proxy/templates/external-secrets.yaml index 07d2d4ba..16517911 100644 --- a/helm/aws-es-proxy/templates/external-secrets.yaml +++ b/helm/aws-es-proxy/templates/external-secrets.yaml @@ -6,8 +6,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: aws-es-proxy-aws-config creationPolicy: Owner diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index 10a77cb8..f4d7629b 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -24,8 +24,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: {{ $.Chart.Name }}-dbcreds creationPolicy: Owner @@ -43,7 +43,7 @@ spec: */}} {{ define "common.secretstore" -}} apiVersion: external-secrets.io/v1beta1 -kind: ClusterSecretStore +kind: SecretStore metadata: name: {{.Chart.Name}}-secret-store spec: @@ -56,17 +56,15 @@ spec: accessKeyIDSecretRef: name: {{.Chart.Name}}-aws-config key: access-key - namespace: default secretAccessKeySecretRef: name: {{.Chart.Name}}-aws-config key: secret-access-key - namespace: default {{- end }} {{/* - # Name of the clusterSecretStore + # Name of the SecretStore # We want to allow override here, in case a chart is being deployed without the umbrella chart, # or any other needs to deploy a separate secret store per service. */}} @@ -74,7 +72,7 @@ spec: {{/* Cluster Secret Store for External Secrets */}} -{{- define "common.clusterSecretStore" -}} +{{- define "common.SecretStore" -}} {{- if .Values.global.externalSecrets.separate }} {{- .Chart.Name }}-secret-store {{- else }} diff --git a/helm/fence/templates/external-secret.yaml b/helm/fence/templates/external-secret.yaml index 6a6e661f..27e5ebc3 100644 --- a/helm/fence/templates/external-secret.yaml +++ b/helm/fence/templates/external-secret.yaml @@ -6,8 +6,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: fence-jwt-keys creationPolicy: Owner @@ -24,8 +24,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: fence-google-app-creds-secret creationPolicy: Owner @@ -42,8 +42,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: fence-google-storage-creds-secret creationPolicy: Owner @@ -60,8 +60,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: fence-config creationPolicy: Owner diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 65c6aae7..da2afedb 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -96,14 +96,13 @@ Helm chart to deploy Gen3 Data Commons | gitops.json | string | `nil` | multiline string - gitops.json | | gitops.logo | string | `nil` | - logo in base64 | | gitops.sponsors | string | `nil` | | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null,"localSecretNamespace":null}}` | AWS configuration | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null,"localSecretNamespace":null}` | Local secret setting if using a pre-exising secret. | +| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | | global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | | global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | -| global.aws.useLocalSecret.localSecretNamespace | string | `nil` | Namespace of the local secret. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml index 6251d0fb..5035e4d0 100644 --- a/helm/gen3/templates/cluster-secret-store.yaml +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -2,7 +2,7 @@ {{ include "common.secretstore" . }} {{- else if .Values.global.aws.useLocalSecret.enabled }} apiVersion: external-secrets.io/v1beta1 -kind: ClusterSecretStore +kind: SecretStore metadata: name: {{.Chart.Name}}-secret-store spec: @@ -15,9 +15,7 @@ spec: accessKeyIDSecretRef: name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: access-key - namespace: {{ .Values.global.aws.useLocalSecret.localSecretNamespace }} secretAccessKeySecretRef: name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: secret-access-key - namespace: {{ .Values.global.aws.useLocalSecret.localSecretNamespace }} {{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index e3e79684..0037d3ea 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -18,8 +18,6 @@ global: enabled: false # -- (string) Name of the local secret. localSecretName: - # -- (string) Namespace of the local secret. - localSecretNamespace: # -- (bool) Deploys postgres/elasticsearch for dev dev: true postgres: diff --git a/helm/indexd/templates/external-secrets.yaml b/helm/indexd/templates/external-secrets.yaml index 95485e5b..b8cb2a38 100644 --- a/helm/indexd/templates/external-secrets.yaml +++ b/helm/indexd/templates/external-secrets.yaml @@ -8,8 +8,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: indexd-service-creds creationPolicy: Owner diff --git a/helm/manifestservice/templates/external-secret.yaml b/helm/manifestservice/templates/external-secret.yaml index af54469f..7d94f5c9 100644 --- a/helm/manifestservice/templates/external-secret.yaml +++ b/helm/manifestservice/templates/external-secret.yaml @@ -6,8 +6,8 @@ metadata: spec: refreshInterval: 5m secretStoreRef: - name: {{include "common.clusterSecretStore" .}} - kind: ClusterSecretStore + name: {{include "common.SecretStore" .}} + kind: SecretStore target: name: manifestservice-g3auto creationPolicy: Owner From b14af763726710d5131d3f1ac6c6fe70e5aa31fc Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 1 Mar 2024 13:12:09 -0700 Subject: [PATCH 097/279] updating the documentation to more clearly define how to enable external secrets for separate charts or globally --- docs/external_secrets.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index c780dcfb..f019fb86 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -79,9 +79,19 @@ create_iam_user ***Please note that Terraform for the creation and population of Gen3 Secrets in AWS Secrets Manager is in development currently. This Terraform will also create the Iam user and policies necessary to access these secrets.*** ## Enabling External Secrets in Helm charts -To enable External Secrets to be used in a helm chart, you can set the `.Values.global.externalSecrets.deploy` field to "true" for an individual chart or globally by enabling this value in the Gen3 umbrella Helm chart. +Our Helm architecture includes a comprehensive [umbrella](https://github.com/uc-cdis/gen3-helm/tree/master/helm/gen) chart designed to streamline the deployment of external secrets across both the umbrella chart itself and its associated subcharts. By configuring the .Values.global.externalSecrets.deploy setting within this umbrella chart, users can effortlessly initiate the deployment of all related external secret resources. This includes the external secret resources within the subcharts and the secret store required for their management. -If you would like to only use External Secrets for specific charts, please ensure you set `.Values.global.externalSecrets.separate` to "true" in the appropriate charts to ensure a Secret Store can be created to authenticate with AWS Secrets Manager. +#### Global Deployment of External Secrets +Upon deployment of the umbrella chart, the .Values.global.externalSecrets.deploy setting automatically provisions external secret resources for every subchart. This occurs regardless of the individual external secrets deployment settings within subcharts, even if they are explicitly set to false. This feature ensures a unified approach to secret management across all components of the architecture. + +#### Selective Secret Management +For users requiring a more selective application of external secrets — targeting specific secrets while excluding others — the system is designed to accommodate such scenarios with ease. External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a SecretSyncedError, signaling the absence of the targeted resource within the Secrets Manager. This is helpful for users want to enabled the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. + +#### Independent Subchart Deployment +In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the .Values.global.externalSecrets.deploy directive within the values.yaml file for each specific service. Additionally, to facilitate the creation of a Secret Store capable of authenticating with AWS Secrets Manager, the .Values.global.externalSecrets.separateSecretStore should be set to true in the relevant charts. This configuration is essential for establishing proper authentication mechanisms for secret retrieval. + +#### Configuring Separate Secret Stores +The .Values.global.externalSecrets.separateSecretStore setting can also be applied within the context of the umbrella chart deployment. Utilizing this setting allows for the creation of distinct Secret Stores dedicated to individual services. This approach is particularly beneficial for environments where it is preferable to limit access to Secrets Manager, ensuring that services only have access to the secrets explicitly required for their operation. ## Helm IAM User If you are using a separate IAM user for AWS Secrets Manager please follow the below instructions: @@ -138,8 +148,6 @@ External Secrets relies on three main resources to function properly. (The below key: {{include "audit-g3auto" .}} ``` -The External Secrets resource will usually fail with "SecretSyncedError" when it cannot find the secret name that is supplied in AWS Secrets Manager. If this happens, the secret may still exist in Kubernetes, but it will not be overwritten by the secret value in AWS Secrets Manager. This is helpful to know if you want to enabled the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. - ## Customizing the AWS Secrets Manager Secrets Name. When pulling a secret from AWS Secrets Manager, you want to ensure that the External Secret resource is referencing the proper name of the secret in AWS Secrets Manager. You can customize the name of the secret to pull from in the `.Values.externalSecrets` section of a Chart. You can see the name for the confiugrable secrets in a chart by looking in this section as well. From cba5b51d96e3b8d474ee35ac196a81bd2149c05b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 1 Mar 2024 14:59:04 -0700 Subject: [PATCH 098/279] changing flag "separate" to "separateSecretStore" to be more clear. Also, renaming "cluster-secret-store.yaml" to "secret-store.yaml" due to recent change --- helm/arborist/README.md | 4 ++-- helm/arborist/templates/cluster-secret-store.yaml | 3 --- helm/arborist/templates/secret-store.yaml | 3 +++ helm/arborist/values.yaml | 4 ++-- helm/audit/README.md | 4 ++-- helm/audit/templates/cluster-secret-store.yaml | 3 --- helm/audit/templates/secret-store.yaml | 3 +++ helm/audit/values.yaml | 4 ++-- helm/aws-es-proxy/README.md | 2 +- helm/aws-es-proxy/templates/secret-store.yaml | 3 +++ helm/aws-es-proxy/values.yaml | 4 ++-- helm/common/templates/_external_secrets.tpl | 2 +- helm/fence/README.md | 4 ++-- helm/fence/templates/cluster-secret-store.yaml | 3 --- helm/fence/templates/secret-store.yaml | 3 +++ helm/fence/values.yaml | 4 ++-- helm/indexd/README.md | 4 ++-- helm/indexd/templates/cluster-secret-store.yaml | 3 --- helm/indexd/templates/secret-store.yaml | 3 +++ helm/indexd/values.yaml | 4 ++-- helm/manifestservice/README.md | 4 ++-- helm/manifestservice/templates/cluster-secret-store.yaml | 3 --- helm/manifestservice/templates/secret-store.yaml | 3 +++ helm/manifestservice/values.yaml | 4 ++-- helm/metadata/README.md | 4 ++-- helm/metadata/templates/cluster-secret-store.yaml | 3 --- helm/metadata/templates/secret-store.yaml | 3 +++ helm/metadata/values.yaml | 4 ++-- helm/peregrine/README.md | 4 ++-- helm/peregrine/templates/cluster-secret-store.yaml | 3 --- helm/peregrine/templates/secret-store.yaml | 3 +++ helm/peregrine/values.yaml | 4 ++-- helm/requestor/README.md | 4 ++-- helm/requestor/templates/cluster-secret-store.yaml | 3 --- helm/requestor/templates/secret-store.yaml | 3 +++ helm/requestor/values.yaml | 4 ++-- helm/sheepdog/README.md | 4 ++-- helm/sheepdog/templates/cluster-secret-store.yaml | 3 --- helm/sheepdog/templates/secret-store.yaml | 3 +++ helm/sheepdog/values.yaml | 4 ++-- helm/wts/README.md | 4 ++-- helm/wts/templates/cluster-secret-store.yaml | 3 --- helm/wts/templates/secret-store.yaml | 3 +++ helm/wts/values.yaml | 4 ++-- 44 files changed, 77 insertions(+), 74 deletions(-) delete mode 100644 helm/arborist/templates/cluster-secret-store.yaml create mode 100644 helm/arborist/templates/secret-store.yaml delete mode 100644 helm/audit/templates/cluster-secret-store.yaml create mode 100644 helm/audit/templates/secret-store.yaml create mode 100644 helm/aws-es-proxy/templates/secret-store.yaml delete mode 100644 helm/fence/templates/cluster-secret-store.yaml create mode 100644 helm/fence/templates/secret-store.yaml delete mode 100644 helm/indexd/templates/cluster-secret-store.yaml create mode 100644 helm/indexd/templates/secret-store.yaml delete mode 100644 helm/manifestservice/templates/cluster-secret-store.yaml create mode 100644 helm/manifestservice/templates/secret-store.yaml delete mode 100644 helm/metadata/templates/cluster-secret-store.yaml create mode 100644 helm/metadata/templates/secret-store.yaml delete mode 100644 helm/peregrine/templates/cluster-secret-store.yaml create mode 100644 helm/peregrine/templates/secret-store.yaml delete mode 100644 helm/requestor/templates/cluster-secret-store.yaml create mode 100644 helm/requestor/templates/secret-store.yaml delete mode 100644 helm/sheepdog/templates/cluster-secret-store.yaml create mode 100644 helm/sheepdog/templates/secret-store.yaml delete mode 100644 helm/wts/templates/cluster-secret-store.yaml create mode 100644 helm/wts/templates/secret-store.yaml diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 8e8290e9..c00df2fb 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -40,9 +40,9 @@ A Helm chart for gen3 arborist | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/arborist/templates/cluster-secret-store.yaml b/helm/arborist/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/arborist/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/arborist/templates/secret-store.yaml b/helm/arborist/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/arborist/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index fd9091f4..c472742f 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -63,8 +63,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/audit/README.md b/helm/audit/README.md index 146545ba..03ff4421 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -49,9 +49,9 @@ A Helm chart for Kubernetes | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/audit/templates/cluster-secret-store.yaml b/helm/audit/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/audit/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/audit/templates/secret-store.yaml b/helm/audit/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/audit/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index fe372d8a..fe38164c 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -62,8 +62,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 00c6915f..03d37b8d 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -35,7 +35,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | diff --git a/helm/aws-es-proxy/templates/secret-store.yaml b/helm/aws-es-proxy/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/aws-es-proxy/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 6f896e48..11c1c200 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -24,8 +24,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index f4d7629b..dc9f865b 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -73,7 +73,7 @@ spec: Cluster Secret Store for External Secrets */}} {{- define "common.SecretStore" -}} -{{- if .Values.global.externalSecrets.separate }} +{{- if .Values.global.externalSecrets.separateSecretStore }} {{- .Chart.Name }}-secret-store {{- else }} {{- default "gen3-secret-store"}} diff --git a/helm/fence/README.md b/helm/fence/README.md index 7fca9d38..d4a3ef33 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -109,9 +109,9 @@ A Helm chart for gen3 Fence | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/fence/templates/cluster-secret-store.yaml b/helm/fence/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/fence/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/secret-store.yaml b/helm/fence/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/fence/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index ec8defd8..2e611279 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -75,8 +75,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/indexd/README.md b/helm/indexd/README.md index e73bd8c6..4f07b6ab 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -39,9 +39,9 @@ A Helm chart for gen3 indexd | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/indexd/templates/cluster-secret-store.yaml b/helm/indexd/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/indexd/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/indexd/templates/secret-store.yaml b/helm/indexd/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/indexd/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 39f424fc..6d2bd52f 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -65,8 +65,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 8141522d..7f120f2d 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -41,9 +41,9 @@ A Helm chart for Kubernetes | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":""}` | Docker image information. | diff --git a/helm/manifestservice/templates/cluster-secret-store.yaml b/helm/manifestservice/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/manifestservice/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/templates/secret-store.yaml b/helm/manifestservice/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/manifestservice/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 58a0989c..f4c1a2bd 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -25,8 +25,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 9bae11bf..d823f844 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -57,9 +57,9 @@ A Helm chart for gen3 Metadata Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/metadata/templates/cluster-secret-store.yaml b/helm/metadata/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/metadata/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/secret-store.yaml b/helm/metadata/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/metadata/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 82772ef7..84b26e0a 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -63,8 +63,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 57832ebe..8c83b684 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -40,9 +40,9 @@ A Helm chart for gen3 Peregrine service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/peregrine/templates/cluster-secret-store.yaml b/helm/peregrine/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/peregrine/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/peregrine/templates/secret-store.yaml b/helm/peregrine/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/peregrine/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 58553889..2cec6c4a 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -60,8 +60,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 62a2dc5e..9b4dddec 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -48,9 +48,9 @@ A Helm chart for gen3 Requestor Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/requestor/templates/cluster-secret-store.yaml b/helm/requestor/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/requestor/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/requestor/templates/secret-store.yaml b/helm/requestor/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/requestor/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index b172815f..1a060975 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -77,8 +77,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 8d0cc194..cd0c77fd 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -49,9 +49,9 @@ A Helm chart for gen3 Sheepdog Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/sheepdog/templates/cluster-secret-store.yaml b/helm/sheepdog/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/sheepdog/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/templates/secret-store.yaml b/helm/sheepdog/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/sheepdog/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index d95cddeb..420d8ebf 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -63,8 +63,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/wts/README.md b/helm/wts/README.md index c951a2d2..b54a6358 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -38,9 +38,9 @@ A Helm chart for gen3 workspace token service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.externalSecrets | map | `{"deploy":false,"separate":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. | -| global.externalSecrets.separate | string | `false` | Will deploy a External Secret Store if deploying this sevice seperately. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/wts/templates/cluster-secret-store.yaml b/helm/wts/templates/cluster-secret-store.yaml deleted file mode 100644 index 8c1c7717..00000000 --- a/helm/wts/templates/cluster-secret-store.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.global.externalSecrets.separate }} -{{ include "common.secretstore" . }} -{{- end }} \ No newline at end of file diff --git a/helm/wts/templates/secret-store.yaml b/helm/wts/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/wts/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index 2a440cee..d4e10223 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -63,8 +63,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. deploy: false - # -- (string) Will deploy a External Secret Store if deploying this sevice seperately. - separate: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (map) External Secrets settings. externalSecrets: From 4a349673abecb4137b5b5592d4fe3469c709e7d1 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 1 Mar 2024 15:05:10 -0700 Subject: [PATCH 099/279] pointing doc to master --- docs/PRODUCTION.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PRODUCTION.md b/docs/PRODUCTION.md index ed28c72b..49c5394c 100644 --- a/docs/PRODUCTION.md +++ b/docs/PRODUCTION.md @@ -15,7 +15,7 @@ The postgres and helm charts are included as conditionals in the Gen3 [umbrella ``` ### Kubernetes Configmap and Secret Configuration -For the seamless operation of our services, we utilize Kubernetes secrets. To streamline the integration and management of these secrets, we highly recommend deploying External Secret Manager alongside any existing secret management systems you may already have in place. For a comprehensive guide and best practices on implementing External Secrets within our ecosystem, please consult our dedicated External Secrets Documentation available [here](https://github.com/uc-cdis/gen3-helm/blob/feat/GPE-1032/docs/external_secrets.md). +For the seamless operation of our services, we utilize Kubernetes secrets. To streamline the integration and management of these secrets, we highly recommend deploying External Secret Manager alongside any existing secret management systems you may already have in place. For a comprehensive guide and best practices on implementing External Secrets within our ecosystem, please consult our dedicated External Secrets Documentation available [here](https://github.com/uc-cdis/gen3-helm/blob/master/docs/external_secrets.md). Our services also utilize non-secret configuration variables provided via Kubernetes ConfigMaps. For streamlined management, we advise keeping your values.yaml and configuration files files in source control and utilizing ArgoCD for automatic updates and efficient management of your Gen3 Helm chart. From 339ef9c0b7de76d8988c91e3f53328ebb3057d70 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:40:33 -0700 Subject: [PATCH 100/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index f019fb86..19981fe0 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -79,7 +79,7 @@ create_iam_user ***Please note that Terraform for the creation and population of Gen3 Secrets in AWS Secrets Manager is in development currently. This Terraform will also create the Iam user and policies necessary to access these secrets.*** ## Enabling External Secrets in Helm charts -Our Helm architecture includes a comprehensive [umbrella](https://github.com/uc-cdis/gen3-helm/tree/master/helm/gen) chart designed to streamline the deployment of external secrets across both the umbrella chart itself and its associated subcharts. By configuring the .Values.global.externalSecrets.deploy setting within this umbrella chart, users can effortlessly initiate the deployment of all related external secret resources. This includes the external secret resources within the subcharts and the secret store required for their management. +Our Helm architecture includes a comprehensive [umbrella](https://github.com/uc-cdis/gen3-helm/tree/master/helm/gen) chart designed to streamline the deployment of external secrets across both the umbrella chart itself and its associated subcharts. By configuring the `.Values.global.externalSecrets.deploy` setting within this umbrella chart, users can effortlessly initiate the deployment of all related external secret resources. This includes the external secret resources within the subcharts and the secret store required for their management. #### Global Deployment of External Secrets Upon deployment of the umbrella chart, the .Values.global.externalSecrets.deploy setting automatically provisions external secret resources for every subchart. This occurs regardless of the individual external secrets deployment settings within subcharts, even if they are explicitly set to false. This feature ensures a unified approach to secret management across all components of the architecture. From efc7dbb6194a13afb0c71bc4af170142f42dab75 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:41:06 -0700 Subject: [PATCH 101/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 19981fe0..b43e8929 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -85,7 +85,9 @@ Our Helm architecture includes a comprehensive [umbrella](https://github.com/uc- Upon deployment of the umbrella chart, the .Values.global.externalSecrets.deploy setting automatically provisions external secret resources for every subchart. This occurs regardless of the individual external secrets deployment settings within subcharts, even if they are explicitly set to false. This feature ensures a unified approach to secret management across all components of the architecture. #### Selective Secret Management -For users requiring a more selective application of external secrets — targeting specific secrets while excluding others — the system is designed to accommodate such scenarios with ease. External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a SecretSyncedError, signaling the absence of the targeted resource within the Secrets Manager. This is helpful for users want to enabled the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. +For users requiring a more selective application of external secrets — targeting specific secrets while excluding others — the system is designed to accommodate such scenarios with ease. + +External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a `SecretSyncedError`, signaling the absence of the targeted resource within the Secrets Manager. This error is acceptable and helpful for users who want to enable the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. #### Independent Subchart Deployment In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the .Values.global.externalSecrets.deploy directive within the values.yaml file for each specific service. Additionally, to facilitate the creation of a Secret Store capable of authenticating with AWS Secrets Manager, the .Values.global.externalSecrets.separateSecretStore should be set to true in the relevant charts. This configuration is essential for establishing proper authentication mechanisms for secret retrieval. From bcc1c5d1ae55af37f4ecaa4cfc6c3f1793f60a89 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:41:17 -0700 Subject: [PATCH 102/279] Update docs/fence_usersync_job.md Co-authored-by: Alexander VanTol --- docs/fence_usersync_job.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index dc8d6ea8..6c8f7d74 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -15,7 +15,7 @@ User lists can be synced from three sources: # S3 user.yaml Setup {#s3-setup} Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. -You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the iam credentials for a user that has read access to the specified S3 bucket in the `.Values.secrets.awsAccessKeyId` and `.Values.secrets.awsSecretAccessKey` fields. +You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the IAM credentials for a user that has read access to the specified S3 bucket in the `.Values.secrets.awsAccessKeyId` and `.Values.secrets.awsSecretAccessKey` fields. You can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. From 3c54bba04f46d83869efda24e1da958f61183e1c Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:42:01 -0700 Subject: [PATCH 103/279] Update docs/fence_usersync_job.md Co-authored-by: Alexander VanTol --- docs/fence_usersync_job.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index 6c8f7d74..214ebebc 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -20,7 +20,7 @@ You can pull this file from an S3 bucket that is set in the `.Values.usersync.us You can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. ***Notice: -The Gen3 Helm chart has various jobs and uses for an Iam user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same Iam user for Fence Usersync, External Secrets, etc.- you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user.*** +The Gen3 Helm chart has various jobs and uses for an IAM user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same IAM user for Fence Usersync, External Secrets, etc.- you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user.*** As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. From 792a06163420549038be5776f808a628ed19df32 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:42:09 -0700 Subject: [PATCH 104/279] Update docs/global_iam_helm_user.md Co-authored-by: Alexander VanTol --- docs/global_iam_helm_user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/global_iam_helm_user.md b/docs/global_iam_helm_user.md index 70a56376..e2a35d9c 100644 --- a/docs/global_iam_helm_user.md +++ b/docs/global_iam_helm_user.md @@ -1,6 +1,6 @@ # AWS IAM Global User -For Helm code resusability, we have added the functionality to use one iam user for various jobs/services. +For Helm code reusability, we have added the functionality to use one IAM user for various jobs/services. We are currently in the process of integrating this user into our Terraform code. In the meantime, you can manually create a global user by referring to this guide. From 4f69cf335694ea26ce957fc5a50d2eb8deee2aa5 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:43:12 -0700 Subject: [PATCH 105/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index b43e8929..3c0102e0 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -107,7 +107,7 @@ kubectl get secret "your secret name" -o jsonpath="{.data.access-key}" | base64 ``` -Secret Access Key +Secret Access Key: ``` kubectl get secret "your secret name" -o jsonpath="{.data.secret-access-key}" | base64 --decode ``` From de399c0d2401cc34660cb7b7e0180221fc882f5c Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:43:23 -0700 Subject: [PATCH 106/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 3c0102e0..8b1605ab 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -82,7 +82,7 @@ create_iam_user Our Helm architecture includes a comprehensive [umbrella](https://github.com/uc-cdis/gen3-helm/tree/master/helm/gen) chart designed to streamline the deployment of external secrets across both the umbrella chart itself and its associated subcharts. By configuring the `.Values.global.externalSecrets.deploy` setting within this umbrella chart, users can effortlessly initiate the deployment of all related external secret resources. This includes the external secret resources within the subcharts and the secret store required for their management. #### Global Deployment of External Secrets -Upon deployment of the umbrella chart, the .Values.global.externalSecrets.deploy setting automatically provisions external secret resources for every subchart. This occurs regardless of the individual external secrets deployment settings within subcharts, even if they are explicitly set to false. This feature ensures a unified approach to secret management across all components of the architecture. +Upon deployment of the umbrella chart, the `.Values.global.externalSecrets.deploy` setting automatically provisions external secret resources for every subchart. This occurs regardless of the individual external secrets deployment settings within subcharts, even if they are explicitly set to `false`. This feature ensures a unified approach to secret management across all components of the architecture. #### Selective Secret Management For users requiring a more selective application of external secrets — targeting specific secrets while excluding others — the system is designed to accommodate such scenarios with ease. From 89d3686ff2da86bd76325821d040ea0feb69c0dd Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 4 Mar 2024 11:33:15 -0700 Subject: [PATCH 107/279] adding default values to the external secrets install script --- docs/external_secrets.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 8b1605ab..4f2c506d 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -14,9 +14,9 @@ The Gen3 Helm chart has various jobs and uses for an IAM user. To enhance code r #!/bin/bash AWS_ACCOUNT="" -region="" -iam_policy="" -iam_user="" +region="us-east-1" +iam_policy="external_secrets_policy" +iam_user="external_secrets_user" helm_install() { From 6367637063c2b17fb49ee4478f1037eadbae7241 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 11:33:33 -0700 Subject: [PATCH 108/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 4f2c506d..d6ef0ec3 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -90,7 +90,9 @@ For users requiring a more selective application of external secrets — targeti External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a `SecretSyncedError`, signaling the absence of the targeted resource within the Secrets Manager. This error is acceptable and helpful for users who want to enable the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. #### Independent Subchart Deployment -In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the .Values.global.externalSecrets.deploy directive within the values.yaml file for each specific service. Additionally, to facilitate the creation of a Secret Store capable of authenticating with AWS Secrets Manager, the .Values.global.externalSecrets.separateSecretStore should be set to true in the relevant charts. This configuration is essential for establishing proper authentication mechanisms for secret retrieval. +In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the `.Values.global.externalSecrets.deploy` directive within the `values.yaml` file for each specific service. + +Additionally, to facilitate the creation of a Secret Store capable of authenticating with AWS Secrets Manager, the `.Values.global.externalSecrets.separateSecretStore` should be set to true in the relevant charts. This configuration is essential for establishing proper authentication mechanisms for secret retrieval. #### Configuring Separate Secret Stores The .Values.global.externalSecrets.separateSecretStore setting can also be applied within the context of the umbrella chart deployment. Utilizing this setting allows for the creation of distinct Secret Stores dedicated to individual services. This approach is particularly beneficial for environments where it is preferable to limit access to Secrets Manager, ensuring that services only have access to the secrets explicitly required for their operation. From 013e420a6d2e0e540665e21d9317574529917378 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 4 Mar 2024 11:33:46 -0700 Subject: [PATCH 109/279] Update docs/external_secrets.md Co-authored-by: Alexander VanTol --- docs/external_secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index d6ef0ec3..96a30909 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -95,7 +95,7 @@ In scenarios where subcharts are deployed independently, outside the scope of th Additionally, to facilitate the creation of a Secret Store capable of authenticating with AWS Secrets Manager, the `.Values.global.externalSecrets.separateSecretStore` should be set to true in the relevant charts. This configuration is essential for establishing proper authentication mechanisms for secret retrieval. #### Configuring Separate Secret Stores -The .Values.global.externalSecrets.separateSecretStore setting can also be applied within the context of the umbrella chart deployment. Utilizing this setting allows for the creation of distinct Secret Stores dedicated to individual services. This approach is particularly beneficial for environments where it is preferable to limit access to Secrets Manager, ensuring that services only have access to the secrets explicitly required for their operation. +The `.Values.global.externalSecrets.separateSecretStore` setting can also be applied within the context of the umbrella chart deployment. Utilizing this setting allows for the creation of distinct Secret Stores dedicated to individual services. This approach is particularly beneficial for environments where it is preferable to limit access to Secrets Manager, ensuring that services only have access to the secrets explicitly required for their operation. ## Helm IAM User If you are using a separate IAM user for AWS Secrets Manager please follow the below instructions: From a49d333ae7a4fb708a5d9d523e9e9021dfce8ded Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 4 Mar 2024 11:40:22 -0700 Subject: [PATCH 110/279] adding links to examples of resouces for the "How External Secrets Works" section of the md file --- docs/external_secrets.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/external_secrets.md b/docs/external_secrets.md index 96a30909..a93353c1 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -122,9 +122,9 @@ Please note that only some Helm charts are compatible with External Secrets curr ## How External Secrets Works. External Secrets relies on three main resources to function properly. (The below have links to examples of each resource) -1. Aws-config- Contains Access and Secret Access keys used by the Cluster Secret Store to authenticate with AWS Secrets Manager -2. Cluster Secret Store- Resource to Authenticate with AWS Secrets Manager -3. External Secret- References the Secret Store and is used as a "map" to tell External Secrets Operator what secret to grab from External Secrets and the name of the Kubernetes Secret to create locally. +1. [Aws-config](https://github.com/uc-cdis/gen3-helm/blob/master/helm/common/templates/_aws_config.tpl)- Contains Access and Secret Access keys used by the Cluster Secret Store to authenticate with AWS Secrets Manager +2. [Secret Store](https://github.com/uc-cdis/gen3-helm/blob/master/helm/common/templates/_external_secrets.tpl#L41-L62)- Resource to Authenticate with AWS Secrets Manager +3. [External Secret](https://github.com/uc-cdis/gen3-helm/blob/master/helm/common/templates/_external_secrets.tpl#L15-L38)- References the Secret Store and is used as a "map" to tell External Secrets Operator what secret to grab from External Secrets and the name of the Kubernetes Secret to create locally. Anatomy of an ExternalSecret: ``` @@ -137,7 +137,7 @@ External Secrets relies on three main resources to function properly. (The below #How often to Sync with AWS Secrets Manager refreshInterval: 5m secretStoreRef: - # The name of the Cluster Secret Store to use. + # The name of the Secret Store to use. name: {{include "cluster-secret-store" .}} kind: SecretStore target: From bafcd7ffad4da5884d86a99c7925e3d1b6034eda Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 4 Mar 2024 11:44:04 -0700 Subject: [PATCH 111/279] adding commands to the README to install nginx ingress --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index d56d16ec..364a65d7 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,14 @@ For local development you must be connected to a kubernetes cluster. As referenc For MacOS users, [Minikube](https://minikube.sigs.k8s.io/docs/start/) equipped with the ingress addon serves as a viable alternative to Rancher Desktop. On Linux, we've observed that using [Kind](https://kind.sigs.k8s.io/) with an NGINX ingress installed often provides a more seamless experience compared to both Rancher Desktop and Minikube. Essentially, Helm requires access to a Kubernetes cluster with ingress capabilities, facilitating the loading of the portal in your browser for an optimal development workflow. +To install the NGINX ingress: +``` + helm repo add nginx-stable https://helm.nginx.com/stable + helm repo update + kubectl create ns nginx-ingress + helm install nginx-ingress nginx-stable/nginx-ingress --namespace nginx-ingress +``` + > **Warning** > If you are using Rancher Desktop you need to increase the vm.max_map_count as outlined [here](https://docs.rancherdesktop.io/how-to-guides/increasing-open-file-limit/) > If you are using Minikube you will need to enabled the ingress addon as outlined [here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/) From 98c677f93d84e7ee8a4b0a0835c8922b41756d3a Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 4 Mar 2024 11:53:24 -0700 Subject: [PATCH 112/279] adding in External Secrets Lucid chart --- docs/PRODUCTION.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/PRODUCTION.md b/docs/PRODUCTION.md index 49c5394c..4a6aead0 100644 --- a/docs/PRODUCTION.md +++ b/docs/PRODUCTION.md @@ -21,3 +21,5 @@ Our services also utilize non-secret configuration variables provided via Kubern Each service is designed to seamlessly integrate and manage the combination of Kubernetes secrets and ConfigMaps, ensuring the encapsulated information is effectively injected into the underlying application. +Please see the diagram provided [here](https://lucid.app/lucidchart/f0e9baf8-9179-4be0-ae65-182ed891df22/edit?invitationId=inv_83c83c6a-0f1d-4236-a13e-3131c1fc851f&page=TDBgA8eMNr7J#) that details how External Secrets operates. We also mention the use of Argo CD as our choice option for Helm deployments. + From 1842177999414ad40aac45194d551dc03e0a43cf Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Tue, 5 Mar 2024 13:56:28 -0600 Subject: [PATCH 113/279] Add extraImages configuration --- .secrets.baseline | 12 ++++---- helm/portal/README.md | 1 + helm/portal/templates/deployment.yaml | 32 +++++++++++++++++++- helm/portal/templates/extra-images-conf.yaml | 11 +++++++ helm/portal/values.yaml | 6 ++++ 5 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 helm/portal/templates/extra-images-conf.yaml diff --git a/.secrets.baseline b/.secrets.baseline index a207dc07..733360b9 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-02-27T19:51:16Z", + "generated_at": "2024-03-05T19:56:23Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -496,21 +496,21 @@ "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_secret": false, "is_verified": false, - "line_number": 37, + "line_number": 38, "type": "Base64 High Entropy String" }, { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_secret": false, "is_verified": false, - "line_number": 41, + "line_number": 42, "type": "Base64 High Entropy String" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 60, + "line_number": 61, "type": "Secret Keyword" } ], @@ -518,13 +518,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 472, + "line_number": 478, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 475, + "line_number": 481, "type": "Base64 High Entropy String" } ], diff --git a/helm/portal/README.md b/helm/portal/README.md index 542d4bc2..39c789ff 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -32,6 +32,7 @@ A Helm chart for gen3 data-portal | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| extraImages | map | `nil` | Extra images to be mounted in the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | | gitops.createdby | string | `"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg=="` | - createdby.png - base64 | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 395fbcf5..74d3fa03 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -41,7 +41,33 @@ spec: secretName: "portal-sponsor-config" - name: privacy-policy configMap: - name: "privacy-policy" + name: "privacy-policy" + optional: true + {{- if .Values.extraImages }} + - name: extra-images-config + configMap: + name: portal-extra-images + - name: extra-images + emptyDir: {} + initContainers: + - name: init + # image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "quay.io/prometheus/busybox:latest" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: extra-images-config + mountPath: /data-portal/custom/config.txt + subPath: config.txt + - name: extra-images + mountPath: /data-portal/custom/images + command: + - sh + - -c + - | + cd /data-portal/custom/images/; + cat /data-portal/custom/config.txt; + xargs -a /data-portal/custom/config.txt -I {} wget {} + {{- end }} containers: - name: portal image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -171,6 +197,10 @@ spec: #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| # - name: BASENAME volumeMounts: + {{- if .Values.extraImages }} + - name: extra-images + mountPath: /data-portal/custom/images + {{- end }} - name: "config-volume" mountPath: "/data-portal/data/config/gitops.json" subPath: "gitops.json" diff --git a/helm/portal/templates/extra-images-conf.yaml b/helm/portal/templates/extra-images-conf.yaml new file mode 100644 index 00000000..a72d703a --- /dev/null +++ b/helm/portal/templates/extra-images-conf.yaml @@ -0,0 +1,11 @@ +{{- with .Values.extraImages }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal-extra-images +data: + config.txt: + {{- range . }} + {{ .url }} + {{ end }} + {{- end }} \ No newline at end of file diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 2da2d144..c45a5b02 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -201,6 +201,12 @@ datadogProfilingEnabled: true # -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. datadogTraceSampleRate: 1 + +# -- (map) Extra images to be mounted in the deployment. +extraImages: + # - url: https://raw.githubusercontent.com/uc-cdis/gen3-helm/master/docs/images/gen3-blue-dark.png + + # -- (map) GitOps configuration for portal gitops: # -- (string) multiline string - gitops.json From 6b4c7f6a0830a07b1540d6672b7af2a38dee053c Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 5 Mar 2024 14:04:57 -0700 Subject: [PATCH 114/279] adding in embedded lucidchart image. changing logic so db creds can get created even if external secrets is enabled. --- docs/PRODUCTION.md | 3 ++- docs/images/lucidChart.png | Bin 0 -> 154619 bytes helm/arborist/templates/db-init.yaml | 2 -- helm/audit/templates/db-init.yaml | 2 -- helm/common/templates/_db_setup_job.tpl | 2 -- helm/fence/templates/db-init.yaml | 2 -- helm/fence/templates/fence-config.yaml | 4 +--- helm/indexd/templates/db-init.yaml | 2 -- helm/indexd/templates/indexd-secret.yaml | 4 +--- helm/peregrine/templates/db-init.yaml | 2 -- helm/requestor/templates/db-init.yaml | 2 -- helm/sheepdog/README.md | 4 ++-- helm/sheepdog/values.yaml | 2 +- helm/wts/templates/db-init.yaml | 2 -- 14 files changed, 7 insertions(+), 26 deletions(-) create mode 100644 docs/images/lucidChart.png diff --git a/docs/PRODUCTION.md b/docs/PRODUCTION.md index 4a6aead0..c15bd388 100644 --- a/docs/PRODUCTION.md +++ b/docs/PRODUCTION.md @@ -21,5 +21,6 @@ Our services also utilize non-secret configuration variables provided via Kubern Each service is designed to seamlessly integrate and manage the combination of Kubernetes secrets and ConfigMaps, ensuring the encapsulated information is effectively injected into the underlying application. -Please see the diagram provided [here](https://lucid.app/lucidchart/f0e9baf8-9179-4be0-ae65-182ed891df22/edit?invitationId=inv_83c83c6a-0f1d-4236-a13e-3131c1fc851f&page=TDBgA8eMNr7J#) that details how External Secrets operates. We also mention the use of Argo CD as our choice option for Helm deployments. +Please see the diagram provided that details how External Secrets operates. We also mention the use of Argo CD as our choice option for Helm deployments. +![External Secrets Diagram](./images/lucidChart.png "Helm Secrets Manager") diff --git a/docs/images/lucidChart.png b/docs/images/lucidChart.png new file mode 100644 index 0000000000000000000000000000000000000000..dbb986c463f55364cfabd46d595ec957890c7741 GIT binary patch literal 154619 zcmZU)1ymf(x&?|eSa5d;7Tn$43GVLh65Ktwd$0s|26vaiU4jIHyAJaB&pr3t^WK}a zdQEjzef4#H)m>e+d+%r!C215y0z?Q12ozZv2~`LPXbcDls0aYuN6wZ+^%n>TNF5t- zaTQr{aWWNGCrcZ93kV3>B#*>;d9klp!#x=wEOc9IfUR?sb=}W$l}foN6*65F2T-L= zA!y=8wt0DpOhQ~wM?6quVQu9AO+tc0vYA7YiK^Aje{uc?^kF_J>9!z|P@(i9FLMQi zT!cm0?riVewOsEFGVaFZxRw<*i7fTuXvoE?!IT}Xt6}_vL4tB*qc5{~H~fX{4$!OO zYI$3u+rFmXIzR;;pPNwxpHittPyZV3Do9ou{X%AX-H(jd?8aujF);?+2;-qKB%i7~ ziJzVLTX(4Z&=+vKsNn?&Ki1}#8mbwI&1WsyZ9(!h>8_y6OEBkVObmHPsBOX~2^DBi5Q0+On34iVzh4uX&4V_1?SAmBg#KSl>aq7dqTOQA6eq5n4x74c6+Q8jT{*^hrU zGgk`>M>lIHce+ME#z#|2HtO2$+KLK%W=;-FCgx727EIm_&i|M|2zc{-Bpoc=O~||* z>>b_syag%#RfF#%{ZBSC1=+u0B)<^MGD zzwJm^xS6@yIJ?_8IgX6{%>Ud?e@P5|7|G1{7=vSD-!<`=6~gW#90VYfcZaTCWKg4K~n?) zAp#*QA*${Td720Br!kUsZ$uuwW9iOqavskz(JlYTrFoHnNIE zqqMu_+v+lK`~8Sm;-U*z_EPY@ExWQZ76$6`=fTcrgH1P37Q59n`{87#KZa(_rr$Ue zEDRJBWN?s(2pJg~8UO(EuTwV>vYphwMB|Y^{;LQJ4N5+vwr+$ZaPD}y(rzl7qa`d1 z1J=D%#X+R-kt{Jk$uc&Bp>>Z&X(gfiAxh(yYTM(6K6+0InGDv|C&VeFe>Xk>9juts zy2c#v3J)Gb?KZnRUThO^%DcHqwu#0Dh?1@tSt$(<#ar&v3EKULL|`7b7z|V z-94ZHTJMB6_

cFY)z>y@&w=I2c4g@CiI>lg|w;*UbeQHO{R_{8wrHcM+u-ig;$J$E+ENy;)^OILA7E~t+cffa zC2{My-sEV}y6LBO>$O6g4Pek|?;lpq#d6qKVWq6DgNgPB->)B3>p47}cX^(!xX|mc zjeXImsJdTh%I2(qFXC8}KkRn7-j`i(^s24fJXEUDuJ6>SQ6H1bU@Gn14s)wzxj{bO z?6RsoTWOp4M8snqSMX;dqmf{-Qm45>VL|wwO4Z2hp^fGU{Fj-!nzgc^klb)1slGAGM(S!au2Fm{r;dXPebi$uDI)G5+nzXIZ(0o2?$T?hQ>D96ZR^a=K)?3V@^i1{sFR9GT z+t=-`C^lAF4`&wfY6J#odwR6ocwS$d7Tmfg*=D^imP$p!OXA{?!KS~f+is0+1JeS3qJAc4Sn4Mm=E@vK@Xsi8<3qX`Y<=@Y&1e(kj z1v1Zztv%`#gAPww!ZZfO0Qrs|^5yo5V$dy;*(1<%aO5&rl51Udt!Xk0J53JOa)(WM zPR*tGig9Cji9f+S-)?_$7@SnuWlT$6ab0&QDs%>ZJ0Xd8oF(OUbULEwj>V zaM#Jt1XXBMn0FLR97(r__4bo($ZvUr1$|F8QSEa!_GDtChk^QSY}0XF7AIVKJtoC| zX1Hq&*z{*x{7#Ka)w)96lLjIQLL@}z1X!OzJ+~Fr`px6E z%N2jZqC8HP*F(Z%?YpW*w;$I+m(=NGZ{)PeEvMh+w$yv3o?N?$(;b|{b{jlH6+?gC6_w>%`%Mk6uM6wYM#fUg ztK|O3dH((lxjABQx7ZNgY@ffW5!*iFj_oB@iD2R)1{gF#zXnf?wLb2EFFe69yTbZB z5vYW^SUH-X*TT{}SpX;dKxLs;#s>4EF)8saam||J#flhFK~tm*hUTk1nzgbiJ^SMY z{3RL3L`4Gb2GvqIY$-S9zu9jFI`jwri^uA1_-8J6eV5N>^)WF>?b-)paVBmSuiE4f zBw^w37aj8ioc6|zhm(zg0#|WiS*0!ZPvdSFpK+KBEkRw66=6|64UV}S`fB_h_D*+$ zKWV6`dAZ9ak6SGW=+ot*4p;jTXF9A}Ux1|o%Y7bR<9`t45ymUOpRKQE&T{Kwx4Ap4 zHf)l#U(^UJV#Z??5G;oMnXRN+PD#mC!RvUfnM-etY!|7ft)i81GK=GN#8rn2 z^&vtsJBZ71+csC;7QH#q1Jo z5Piq^59d#!CANoGx0p-C>)2d&(-|$+SE@Ojb~T(;Mj&Ui5H|IL5}`Kq;3^*w{^ZADcAIm#T%#*(Md=Z6zJ-}|#h;&F)GUs?%{ zu2gGfnJIrfwX-*mujS9z+KQVKC;H!B;q7-9j#_jbb&v3mrUgq{$M*;@a^X*)E zt@ch8bNNCb_Tq3^JRyHZ}Dmq4%y|M>{9tOoO#u4J}*Zn z#ohCPg21v1J`dZ~m9O0SzoPi>cPpLbq6F|6mw$>14k&`a$(V%fPCL7QUAStJ_|?1k zn&X9}=Q}OW_zv0gX)87FY!}Ua?9TNCF6AF?ukDZw?&V3y{m>KOz*mHp>R8 z;dl$UWZo{fit$SF4*ztve#~pfFd?dGkNJwNJe6}$b7V=R-Rcx<@@i19Z&-vm-RWnUp5Z9*R?Q~{kf2>DuAkwh5o{Dums#d>ktt&;qE3I_q zcb0T${=DE*`)-f2HF1d8`A>LnG1y;@H#Z$iKkJ9W?kN~XUz7U3{0d8X@>Cs% z)yKQ&bf{v*Ny9uxi%AJ7B|oVjHBcnp+w479%YwEkD|t z&^G82cUVM?-&ZEc=`q(9mwN;nW(Q!FQ;PdM4Uz(ZO3xqyqQcT z-)2QDih^`=n8nl#5Vl*g2sD)5N-VYRMHKWs_Y-ugB$kR>KU;5c**jb~Vz)^yhPyk~ zsf}eId$NnX2go+#T;1fM2jO%v03 z;z>g!5H?TMK%K_YLku2g8)I$gov&NcriMcz#2U`FzsyhOeiaKkgNUcMUqTavT)Hn< zO09jhZ0G#{zWM44&wQemr~a!fT;Qx*=!e3p34r(7;9FxQvpG7tkMoN+kuipF!G0X+ z$#+pW>+;%`@@P?c==`QwVa9XO1@>fZh(Enyrao@ZjvLaCC*j@rP9#VWpCxJrloDHV z1NBgt&6< zNK3!(Y{4rzsUbElmim;ER@uNGrniv-61d2mCXCRx0`U}NdlhcKo? z1UwM8uFZqG%vo4iTyG)csM5*x{r$?ao?JDuD60Ll=1R{XZSqM2cWuhChtnd+)L>qY z*!9*8S`!up4bZXU{P_2J&@&DF_lQ}i+ezD=efrx&6WPQZc|+muW7+&tgMDt@!HmUc z3L#;Jwo>)M4HTRFip3Jg=0A znKLtKEBVwqof=irfZJbTTQ(TuToV|H=SptREkqc%4j ze{_W**rXl{@$O?)l$Aw*yXAdjpygN_=C5pFUTQaAkrv-}Bt^LL{-rhNF!YVb^E51f z0Oq0dlEP@QyqsJnu`c8)_GI^Xs1cgAjLp&gbY`nfd}x@u4XW*hzDSf(XUSwta9q`W z@cT)ZLAOV#*=c>$LZ#j^>qT2`z?vgWTiXo|&&D|2&u_->l?LnbX`!(4zAsvyOd(O#v;L;EIGM5`b-Q-Cn}KDOZ-^;`BibxpKyvluh`A{Ymd=z zw$~8lj3-RA2xM?4g$ghvER!g+Uk;m|cNlGIA%ma_p_3Afhzvy_A`Bea!b+h@fhF*4 zit!(uDGC;@Kw9SCL;X2(EvizJas)Yl{ErY`nBliS9wSlx?#&tZE%6&a zlh*HT!yKjSBw)*8!J z69rPT6uA(+4}EU?yugAd7A0xY@{6G#Kj>8DEXMa3bpcS zUevz;2|riLmritVczw6#Mka*uNIb#M6E}T^ely!&K2|>K5Tpf&H?Z}2(hok~++$-m?TK-;Je=^r( z8owN;)u!Dp+sS?eG-%My^t(y7w^r@>`Z_D3@59akw|v|J8_mo@wcdLB2*AD5u2Qpl zTJ1L%h+VV>n~LaCf%0!R8Jr{dzLK3WL4z1`qt=O(b(2cT?n?+a2;p#t&u!o?H17vQ zu;X*w>L>oDwLw^C5X)0-=Y0!Ibb>*k$IMM^GuGr~u~CD0*4grF8ZJA(pY`CEVM!kv zlkCIsaajdX_O6sI(;@cP3WjKQt0@>qMN@Zxl-1T0@8BxBFx9;a^vn z)CkKk9jdQ~(cVeQLOI3-0r%naGY@C;^17ExjvFF$18&@k9uz^vZB7ey-NKy9PGM1S zD960PF#1u_J3=aP3sqmmk--pl%S;z8P}=IwxFN=)_|T@|fNeCGd#-Q7+QN|X7+0>h z++ze==w>$udKYbn9o`r~yo}fH!CAI6jrA)&2=f{+3-RDNq!0p{G z_~{2zUk++YnGXOZ7YQo-i_B#|D~nmhxr+t&p<__`x8W*Y(@xzOR>vw|(Tt?L%>7xF z>O~1ygT;=F&B!{kvKU!Hxa*7eZ)=Kp3NwPKC?&N`-smyN2kZM3qL!r>Lf4#DS-rSV z7w>-K2yDO|mYu{Ws@gD*a4@i4*-1xpi4V?Jv#e56*e1rKk_lSQ&wqZEd(jbYb2$)k1fq9Xx_iH1PB_#hT1Iq2x1pJshtLT&{>d$8$EV|H`hiaHIP4#D z+THqTfNl>jjv0v7y-r;TZ1f%fR-Tk968oKT9w%Tn^b@(&FaY4>)0s0k3oG3UTtbR; zLt{s;u`7o<4Xp+ukUc{#%o2pDT3dLh3D`CICsoc!ISLER(%-HhXzZI|=7=%AERA#0 z3S~jY9hkN~Z%}a;2?+>ec-Jev?u}Vdb)LESx9d8}l>D8H$BFqh3{S$y#U$-zvunTA z6kX+R^F7$2*^ncZeQ0I~5n~~elfHJL!h+pO5`62%3bK8WKv0VHaDW+U|K^AWMX*qN zvVoaXQetkVJBvms(R*r8yn>jDw0L{EYpKrGRsz%E!h{p#)$9d2R|4V*oBY6}aCYcp zo0qIHG$-^m(u^rD@SQ~p74p%G5|$kB~ppoj~9c3ieT1%G5a4%5=bjD3;!$o$AJG zgmD8wGC5cu)T;;k8^R!jrL;HO*~Qr$Y_MPSx&3|%xJ zoYL)owXKcsT~>6wSgEVn1>g47FP(q<1A20zW%0(XtJ@Gbpgug;W~0;5oCv+|m#^gw z&T%mb$%hR?UPkSQAo@ zgfZ4W-1>G#-vB|)7iXias~gcYrA|UVJom1W8U>PXOQ>tHJZLp7{wsq=Ag9@ODwR&$V|EefS2q)&;@?wm0s zd8;4tEb5w#1(lDd<-MIEpYCo(4*t59ln5zFy2Nl0>J2Bn_6ebob3boJkEy6__5_?%`wd5jLIKF$kV0wJrU?KSQ!dEmcSEVi+UNd}dC?AuKC432kpL7`@H?3As6ce>T@7 zck)dgldVQ3mk|8p2Z|F{zz@vNfKGj;A_&otjF>T)5b{Ez1Ggw-v9q-nm%DznB8@S6 zVquq!HYpcU7Jg#RqCMuEm=?7fUF-f0k2_Q;>U0)g_Bv7Pkvb`sCvin8nP#naNf-ob z#wH@`#=Hx^1OLJ^QSq&O$9JI3rlIMI!UQO<33i)=30uZjmyUyqpad>M4`35;FDgFi3^n(8y} zk>9F^ccE~=S1WKN{Su*5*IvvYjv5SkH@mVw;bJTr09JrIY1G)@1u?bP>+qCg|1p(i z!?s3OE?3?)RZ7Y!jqpo8btnfb&1Vc5OvjPDJ7h2Z=lFm>ua`K~(>H@|o*D&PpRDjy z@W}CecJ;>PW=@vNGt6Fmn6eRQKAs}3?Sh59ERk-P*HGD8(J?LeGxI&6*9`=W56H#? zv!};XX&dkkToO?zSv2Qer<6kMcYuW>omei;hjWM*OH6mg%Myc@Xg&Si=nVU{&D3bpgD0y zUn&F`sL4Mug$DVl3=cBci&Y4li-wJ>uupl}MZbz{s{=F~xYN{)GSsBbU?i$Lqi6Ap z@em8%u-7Hr?I}_W688s!>WqCd%VbA1*Ha((!nIxmd7BFF8C(5Mh5wb*st0CG@VHZ456ZpF`Cl;&+2#mG7iM z6WgX~*u7-B%s)@I!#FSBvfW3tcr$ar*x2*yk#eN2bkxT+p(Z~^#Z|`>+oF5U!z-qX zdALl?2)MLh{^NvY%hC>L{JeDO!bcl>4!pBu1*KIb4+E3~{a+C1j4XjJ;}>R=`>%I6 ztNiD$F(+0V#*wmgu&F8I09RI|<$9o#T_@H@a5>wRQ2me3YH=JPkMu z6WBJ`@yG8^7ya^lYUwp=X8G^C)wHX&>-sb#Jy{N_zqdwSLuV>-kWAEz$fL2X(_MTakHQ~rZm6f(W2 zzt`d_^UA3|Aijz9*6ypiZR~DnsKfAoCX}X31SCus|1R&x3`_-iIMm6dK|JH*NM16Q zIm{XY@V&I3ErR8D)HusavCwdN6onlnn;`Ns2;odO63E*6LEbHz{4s>*%RNx4)`neL zgWSO6R(Zyn+Td?Amw}MzzGj=2up(Htyri5*RbL{w2`k)G53i9i{%@d_TF1qpx-lV zo9&n)vZ?Dv?MXi}#beEkC&`Y%QBUm1@<_lB4 zSaxcK2E86V0za@^geVg5J(tBM1`H(5de7uQb3{|Pmb-;rDsm&=n8y1%>s^FEaYWk|&F2D*J0Qd=YF+vW2&6D^ruk^)!N3h%p_q>U> z>)PCOs)zwdb3;=)dKt{+>Y*!jHn-58#T>G zZx}3$$H|*$s!LHoDU)^i+A#t(pC)7wHK%6I@q~phjhbridXexj_uKqO;0T6j(gl=g zS-%r$^h4}q5hh9esLp3JWve6FL5$2n6~mh3U~=q~2Z#Xma-%y5mwid&Q=}fl%%aep z5gdni=eiXMx$_IB^i$fE#16bWd=>yYb?pVebXm16HlIl<#_1eYlyZ?AQu;>|25v?D z+O1*a^(W9w>L2*GBorQXUC-66_th-YFEE7)xsNAhY$)RoOw+ge$=X`>+HK@S>t&OO89c{C zse))odlvb6_c7w+4PE6^09ZMcLo!8 z$Q7y3{x@!?onu+oVDlaE7bF)|E%&2S4CX?WUJIQ5yZih4;tj44z!m~6Cc5P>)Nr)E zw|Y18hJ#^%#i!(~nl3PCS zlv*Z0C>Yh;@?rbw4&N_|=>tw9`Ib z*KaS3^ZI3~IOph=^f|XH6a#IWlc=#31MRzVFYrxO9lr(cu6$E2Ax=>8OdYb~PN#TC z^igJo_tV>8if?2I<4vN^n1?*OnZycs1GclQ^yU`EOH@J?H@PhygELqg(Ivh|LUPQ<~|89Zwla*nW@!>l>{dzferh=NC=O=iMAK zd+L7Xs09xEhT@X#%gL;Dsl2AYpPqA5gkWTHFh}k1nFN&Ao0$$`pBE?#?J*s~!UUu` zuT9DbcXUs}S_%g6Vsw~Y3<*cl+)ZLy4K%+9g*E;Rnz$jtc6P1e(_;{0e!^mhJd_f; z`RX|0wyul;%f@Lk+lvU>sPqG3i&MzDQkF|(@)M5CZf;#_;i6QcaWz2{_+^Q^Cwp&@ z)YqZ5+4ImGar2D_2YR^Vvrbp{RuhO=u zLc7K!ZVf-ZIc(@tZyKf--Q0dniU+P2ojy<0>u5a1iTbH$I>_+)#)%n)-p&n;Mk>7p zb;Q47doj-_jWAz^HRdNy>*h3NSszfC2UI+VYyC@LdM~fl=6A!g?JnufE2b{8gKKDp6*1G#H3 zHOA@Ks=wVyPx2=!j{>ePUnsvWKQ(zm%l258+pz7m9X+gU1z1#J%O6H~kww=>w_Ydp zt)C!)A~oE(3$3qyjX;=8KtN^qAH<6pN>V&AYIcp~h|+|ejt!zPD@v(1%S%=t#zxZx zwa>vK$1qj9AHDz*Q4tR-o_NOi{1Amh_A2EL0p-Q8_}q+*#V$Zi)XR!S5vv_l*ah7< z{DLZ!`rw0|bqG|?xk^DeP>5>5;0RxuM*T4;X^%}AR)!`vaG3CP0))1DlD1@cIdr3- zUd)9PJ$~q4)7&}r-?|dEAcm=h6iwN!hB7{czss#j%kW38V$9)g{k3S>e*3GcK8V`C z$4`+pV{b`a@mw)KlZXt@wBaxE@iucdoa=m9_1sLx!oJ#Cn>H{6_7;^q7MPMouf@+z zA7Uh&QP(T+91bOLg21f`DF%}~fVcN;Flf8hiP`FSgb_Y4uu5WjQ8vX&Ny6x0sepy! zIAR_Uj9G0g;8Kl3$ldNuSu0Az6$+sRuq$}DiWgpfzt^?QH_6||G5!1M7DGq`5?G># z()N#00*O5GJ>Fl4oeK5Dt4#BuOjmzpHqU`Gxd zL<<0e?@8T3yxnhTYf`FLsx(*Fj|K$}uF`e=-}?Nw-S#|h9C zzK#6p>%tpuY$XQFdMza<+`}?>9fVH6tv1$%iaWa){53Lq)|zl_Mtue`M{LV;D`bhN zJ~sK^cVS~{d3DkXN(`EV#!3A?<4s3$kyV)uWs0ZZ?YA;F-XbG!Tu+;Ld{YclMsb*` zWRp*(j9A0cv@MQXk=ne8^)vMLb=|}Cmin+hFVe`-UW5a?vN0CJ!Zjdnkg*|yyiex_ zm0Dat{~1zv4C?J>^;Ov6^%Jh4%j#wna}aomN=X@iUO?u%+Jh}NM zc#z8002J%g3)phyH+_53U2jf5(I~4!cjFmRWT3eu*9JwGU)LLTU#f0WUa;U`!|X+w zsxfQDC6iyrzM~fnIs7Hy z4cO@qlE)IdL({c*2`h@SQrqVPpd04=`EgxG~6!GAd45_JVg%6){nIm1IRBwEj(wOD@YoHJ7YlpD)5!W z&&}0DZsrDmg2M+n%iNiitPS#M)1>q2t0gNx00~P+a$4duX73;5YFry}AFJ6f;?_k7 zcoH(?ONUCZdi^pO3kqbN<)YAFX?%|!=KGu>;;d_&$^@G|yKBw}ogKckKk0+ukR|Xu zh?OEedoKOyT{r5N6heRI5PNXqMw3g-3G-n(m4G!g z=mh#<>qwv4kCR0nh}VCMX&x_Wx78{6y-%vwvebKeZ(hQ#!I_xBy97l^;mc0t*i{bj zXUV<<4M!0xwFyiJ6cbt10Q9uoLM;o8w(zCi$eK9Bdsav_J;L@DMgtCm?x{Xj`6%Cr zn^!XodPu*?DH^g%0l~wVl@gtVt(IShTI$_t;UyJGgro%ef{)ad;K*}O9l!WEekvo{ z($8(IELe!Hq4|-nM{Q9@f`c4R)57C# z-^r_f2!slKf`g4u@Qs}wXzL6r5spA}#yjzD9h)9}77_@pDp%*6ze}*%1YyR7(h8~I z>`N$GcpUH=_Ba+RsF)L)Uy&k$ zPe-gJ+vCC;=)wqVpyALGsgJ>Ir9^%2Y?!*jBM|0qijSKz%u|HZ_Q!VCWCMR)@gt``ick)({A_y!+aV9pFJ66yjCU{`c%90yDk>)-7{233V;G=ksUsYoP6hzIeoi)5J* zxj&1V`dHvTNX#yiboJ!esnKvnkbNxafSH0~$iNzEnvkQn=Z6%g8_ZB@p%(3yHQV1r zMU(1>Vjo{84|HN1nV^x6CUuP33wbp$X*6i*f?PmiW(tS~IG@6P_38_XQ3tA~g`k5@ z1@2z=#yLV300; z+;py9qKQ11JNG=+B7s)KWYD;8!`AI5CqBKWAm0vyblD|G2rZ6qhK*q;Z57fs{dyiE z2lAlgeUw4UO9l2-cEdWQfwR^)*FRS&mW+@bJ3yozPv{gyTj_C139`#1k~ux|>3b!^ zqGlUQ0O&|gw#)R7T-S;6M00hUnWqjJnwJts2I^K|g4sSghfBQ}gakT^N%9gguj@*4 z0w?D1#N5!z*BX0Xs~xcwF>t$9G%dAUU3i-Voh0n!S=Q)XeOT^LyYOxy*Qi#mRhkua z1|^F{xE+g`Nh@q@I`E!+=Is^KGtq3D3RUv`k59l!7izA?4Z9ABwpUpNp2QX;4CJn! z@p(N23Q?hYH8i-*%zUfwxsQ(lKvZ=i>KpZLOq5-Hh!yL;mx{$rS~m@l5C+y8u3zCG zm~L-$Pr5d-)`qbiI+wwQxuLC%Mnobpon_HOVz%<SV$JU*ZyQvOkL`+;r+{ncj&!F3K?k{^7a->*^fJX-XXvyy@lnrdN zZ|{!}P9qC=tAkLY_nlfT-6o{8&OYVCq+v+;J=g^6K$@`IH!W#>!F9SBzs2Ll8bb_N z<14F8G7R-ZLtehtBR{Nc8YT0oRm00`GaeA*GB54K!H?33JHx63OJIzXHGMqm+neyb z?O7)~?Hk@m;Rof@cG`X)XHl*6syy<88Q)0pK^KD|D9QyeLLw8y9fnB8=C)+vvZZT- zjeFouP)jtl>usCoXNE|mZ`Sp)t7mnI@%jdmI`qXpmlk*q+E%=@X;Ywybc*ae6rAz1 zlCzFbRQ1NmBmMf~(nY7o)!`Wmi7jkJO_V9uwB{$k8g!q=BJt)e{Mc^Rj+>D^gBu5y z!Whv)e8;OTl&iM$vYYiETpjqm7%rn9z2-nFTT5_}7pXhTn z>MrLbgo6_Ho842asdhsgTUFQj$$!jpaoDw=Ujby*rPz5t`j+g@bk6WkP*S`Yb`ZTz zGIR7_`czSVDsU($)e~7q;?MNOL7X|t6^x63 zDD-ZLgI%RLzt$V;<+V5G!o@Z7IPV3CntrU`dn(uXH0i$T0OD3K@#Hrix+x0+o}+s< zp4oLKsY#a$TnrEgJozNc3}D7SAY7uG*KTTYj(dP3i=9HlK$CM0F2JAoihxhmt^tF0 z38l`e|6mV66cRU56uRcBP&R!LNU^U{Zsa?^Bf_K%+Hg za4J=5bXTJe#GfmNAu&BNBj>K$=M4@%BM(kZt97OP-?UUj zLsBb}*!|ZOrvKnu%ubRo8_JIeb~T<$jA0Wa&EGL6IhSZuj~alq z`EY14F(|5tNs=E7MO~c`0zSA*v#eTSh?^UZ-6u;T$|J-YjT9PXFAzGC(2vXAuDv`G zGV*jT;ip?SrYqRKx4}A;*>)LTbkN~UAM`$K(gDMqH;zIMtC}RG<21`*l~G6o5<$hc zC~5Jw>+&9<^L+SW-Q8prch*n7Yd?S(RqOdLErAg-K{HJ*X1K_2ts@1_A%I`5Zel@T znj!v|Pd9GnMRKKwY2it?t+&B6q_I1J9~@B;Lo`|r(GYmgNkvKnLdqIE7HFMX(HLqu zIGZL_UUcOC-T*BfB;t`YD6P1GapRC*1Q~D~{tAWleM$?$VhW|@k5!bJIu{x8eQg-b z#pQns)7zj)b#d0s$Xho6)VNwu9Qk&G_LRc4u!5>1t< zba`zdP0WE0d96=V^G%khn}N!=c!ZBs0}z~=1y$N<6+yKFN^W5%ILHLZO3*s!mk3g3 zP?Wvgm;!5URHiL1JAI3No=rqK-y&QT)a6H5WCJp#)Br6eJzq_ccu+o#;<_T#)AzcrBxJFRkkA!lF8 zApD(qB;kbtw@ZyX{-ZB0H2u%A+adyb)~x7k+NVf;h<#{%aPo>Yi;-w(dIkKf=cIA$ zkk?b$WjtpGmaulDs`p>Q8rE!aV;zD~&OnscP^;FOFgrXhj*%;eKg8YO`+CI7b6SV1FSwN>bs}d8_$SsowdT2D6i$1Hk z^*%YCs1t$`nTMRa#-LiSSrtC7jhtxIf`gL{W+QG*Dj8;@q)m$XXl zSRBQ)EgpFY%PIVgJG=tp=X&$1<&~#x;n%NNvM5%o0n(_}p}#MrP)^1?coqdmv@>+a zk7Wc^Vp2`H<$nJC@!*vQlfKtrtC>L&8}=yxU0aLgob+L5DJZcp^zLJB5n7;~i$b;i z1-_IRw^pq-{kqwrh%`5L+^apa(PgCQ$J+WxB`hc3dmlzNG=h1q`T=$r9wJU;v!UEF ziJ)3JQS=LfojdhyX^5~ZkrO!J%7zX)cg zC=11jbY}6EyEYBxJY2VG92yeN3_Y_x6YQ>QEnEz=f=&Go!=(M*57i^?hs=EI*K*fA zTy3rV2yaxWTc43^-veKJj8>&d1COZ%m&AQkLQwo6_ChU5r;Iy?>S(v5MRzcdQ2^dB zuHVjiJ@-dhTb~8`c9TFtBQO{_P$s6{_Kz!nPvOIW_n*>uA3C)e z2S&NOL)e7QR64|m)C|vq(#fH2+E`3J?ZjDi(!>I{;S~hT<1SOIXIJpj$j3(JAH`z~Ayhbp3>G)q zz$*+4lLkyK&rVp3{M{$94rr+GP>2vOueOY&&n6Xqdt>L42Q2!|&Q|7Wz8i!t@q`sC zs117`fZ#u}$sv^B52a%(3CaT|+9))X_GduIr+*ye3PU|U3VUzoG4bQ+fLg3~IG4`J zl=cvZrid8m!|3n_SNUF@kmYp^t5Ez)xv9?wfDzrDJF1+S3lixj7gD9HXAP2gWYo0tF? zlBG0a{QnV&svx5q!#-sg`l`85=AE^hdIyHP$X9__J)Z5WWgAyK?Ib-~f0izR2srBA zZBCT(s-?GTTnitK(4INc8H-SRv1FC__>)ov~6z9^#Zbn*aD4f(q8KTWVh%L?sgVs~PB2l@>=> zE}_XTw2sn{{glgm*kMZ5T)|iQs{qx4aU_=~;=tcb;hT`Dk@G8X z>m}Ut^bx`97p5-b%imeEuV;@9f9M_N52`&M|DspcV3&YzkI^0GGWagM4}41HGZsvP zz*VZHi0#{0m4?-FO+PVYW`@hS-zWATM8R$hVBg1G@^4OdsI$3X}0e$>b0(2 zr&ZFrZZ#QIx`E$*5LYgj*kU`*SM1@}T=*F!mD(?F38t%4%-Y(7f51(;Ksyov?~g4R zsYaT!@yK*udRf}k$#QkEMt`H`^TA^ieq*!lD^qoIvbD$YLJLzKUmgDpRm4Bc2O8yk zSLU(gQhNK%=eri^fYd4(?RIzkN}a}b&UxEH#=GAd73#Cq?Y_|_gxQ4udf5KCk;KG* zL)(-KKR>dUmIzw^BPn%QZ_(@UbU2+}A13%^XXNwB==)mzaGGP}JM(;hegyN~Yn#;S zALT=bQ_s*^lZ{P*A6MUp?85f_J`LWrGhx;3V6}2COgW!zv$Qk(=zImx@tpgNJMgg)@1<+5B%`J0{e%u2QA4b}zHfN*!D?HtJAq#ZlYVbJ z*oAg(^toE(c6h({0<`<^a;buqGb4j$n5;7j}Zzg4OKXmfENMb)8rfpg1w5)KDrjb4dd@!~%g%b_|y_lMGw!a#R zCNj1`;XrkG38=@PATig^BQ-6VCtJ>!>@p~-EWKsy^DsX?-JUeAzdi2B`hE4~8N%^8`Os5t9*N_VI!-e!Puk1cW__o1ixG%MUprQM2#T}SXE>-;Vcl2iwuls5_t;2*)qlOr)^SOZBApynkD!f2I z=d}>pC)EmF(thuz0+upc%X!V(>gw9yRZ*RUUb~U>#%Ke zSFW&r89<-lB;I;^IUbmMJLE%R;n{6`&F4mK1Xw0W- z%1n>7W*uVj(X^)mI?B=$JU#DDkGtavPPPT?gu<_0>YddIYv%{_lmZgL4U|~VQ$M`eL%8rv!TNt$e z?7D!5T3#E~Pk>&pB14DrTf0eQnAA|`tJ>l{Y(lS>ja?(+_Dbts5}?2)TpY-XYIN;I zhz4Z9MorY6xF5Z;;}uW)W)L(W&WGL_D|vTt1l44v`PM)%w5*oOGc@a=fF;@yuydOv z?dte(O);C7AB9a_I}gmas%Y8|BVlhNJ0jL{ieSa4I%EmZ5=s%yml)yoO85AYy3NLI zd^vu!%(G#kPiL)Hw3vxL;rdC7$ROjoYA-cQ9>G>;wYE|yoo>KoLjG0HW4FH1s=bV< zFvYfK1frvZ9B)hCl)DnWfyZHi)hlkczg=##Q7=>mE2BQLCxZy;P(1v$~g3v!Zw9YJTzR1=D5Jt z*~zqZTu=B-r}RZ!xCMs~7Q3X3=PP(r@6t3YDk(~ku_RL6&)ZuwPz3Nd=5yV@q?5y= z{KkErvnekMNT2@W?ZJ5jYvYVahGI}3Q04O}AqigUV^Ha89H~wQW}(D3h6`j%5DLHv zAdyLimM)UoopzEOcNNcWjKU|U=qT{qyc@EORkr_~3iy_)821=s{~C0;!=lYPpLY^# zwRi>N^Pyfeb2}gAR}*eQauaq3ph*GyOd~)D5MHU>ky5V~bpP?Glv767su|D<{mZ=o z;*hAinLn)1JP*fLiwwa>3dbbwO~d+0ZrkN|CIU_UfTr}bX1n%c&D2Q-8;ZE(US5JULA=^kpAP=Y4&4mD^>6vX&wrWd*mC39qFovyK?@3l(N0-<>qaGG89Ywj@whY& zAtxv2_@XMuvonMnn;mh9S4Q%MMl}eq4{HLpQF@_v-}@>)kycZ)_dsY5uBA4^BS>*AO%x72%10hT%qif;Pxv#PYEm~Z-n&JZlAYL0tB zzW+i2P?~UHQ1B)j)#RAnOl8N#Cm9jQUY~)!IB!v5++4k}L%gH;CFNF;+y`rwv1N5; zeL4eC9`x`1KR2|se>&tEX@2}v3JD%v>t`dWY?MBKi8(WWOpC< zcyqXzq9~rssHW;A>~b^=7|wq}5m0bY3W{^!8KC;}h4>sU-?Tr(F=M6Ua3rPHW@dqUJM2##ZMD^k{n!rPLo>I?rfU1lnpCCHbeqs6B6-r`IIDN0^w{V zAKyrfFvu%8D^Qw$O?=4P3GH2}wgxO-xa@{LUmd^V&CJB_Vk@+(6C6l?)x9g9V}@EbJI3uR)%2=_U7&0`OOa#Y{^ zT$r#@mC2d)23e3$a4ozJUGcjp2wJNK%Ze*9-VT@EUQ9JfJ9XJ3iHi^uI87a=Dv zg9a9kToar1wBux}m}_HXY8a4LH%|Z%gAtFwB&s1i3}zA7p=Q4M?x}Y#@fLi~`${SC(T-1gj`g1fyhePk z18rN6VG79WeK~CXy)Pd?*qu?fTkIXTn0L7jT&a@;507dmNGADy#@3MtL60O~z`!LE zS?rQxXV0jMu&GE%S4~>X$lf~6ypQls1LbJGNwbilv&Nq1Lj9ja9T)|jeS#kv3sp*$ z>Q#FIR%A{1H-WbO^SjmHk)%lr?6Vd_M~ic^QapT-q*xRfuAD+-8ayOAtl6M)Hqb%la$RQ2FO%k&#NiarqDG>&+8?qByEXaziOx zN%@5~PuE#%xMv{b^rp5``}%yo)`jw^Nyib;uxU1DVcpSS3wF#7~Ha^C|1vQjNG2 z9XZZNY%MH+HaMTYhp$TPE=-QZJ&fIE$tpp454_FnUTO^x?4$&fG+25JhQ=itP43mO z5ykSu(5drrZ~CT|L9fhE7kONC)U>l(Ef}vW(y&3%7Ki9^Ka;DKsUIxWI;dF8a>hHW zF8p_R@OKeS>ZLt3u0Qchwoqo+axQ(tVXJv$g6^P`0u9$rNgjl={g~*LP{MHHo-t8c zA`d~e^qL?4xf7A_B{1}xcf;p%?ow&q{2%0=GaLT%O?a2~a7-;@>1@^01te*J{1~*RrMMeu8|~>tzE58~v&*RX-sSZ;^meaZk(PB| zsGH!|MN&0JIuUtnZ{&Eatj;~4<9e7W#c^jDkSDhKRa#I0-`AqSwt~lMP~Y?V?bYHc z--^7zcHs8JsvVw^ZX3s{$gq_XY^P0 zUwE_7#zx&OHA?<-fl$}AuGhyh>AXGV&;fSh$rXh%O4`{khOpH!uMfzn4j2QJH$x2`FUKEKUmCPiJVi`UM|d!fvv&mu)|89O}iW*jBWjV^`J?OegWDqy!~>vRT*;wCiC@_&vlh|&Ydn6C0LlDiMFdsuxTcC z0n!p`ltUMFY^TNxfTg{D-g{Zq>xLWUuF#?)GbrnLE%$X@Eb=N43W8J(->pHyM|G6- z5=&>J&xIc&kI2%;ha{Bic5nS7yOQVKUzo;fLB(d6U&HSV_*D^QQA&vKY#tl@@1ws= zP54|w+(^lBIqg*a`K8-4_wC!+FV*rIE<|khLB=&PD8|ngXjuxn0*7w#vAC(u0=K8D zXNDwpC#Ops4r?y3qUv5v16($3i{;q{&W@1C`-|DB#~7JaSv9dH4s37X7yqJ!hueO4&otBVn9^01y@sPtG(4$ z392wKqBQK@#!&TXHP4r$e3$7A*24`|d|Z@naI1#1n20yK8qfexyTRrr2HK(rKx?9E z|KKK$bwgj3FbU&y*h%HX0K7l{i6!h5Q25n1(B;eu9dnQJ4|uU3R|yGg3!{{BU+>H2 zh35(=m=QLsh*1rC=SL0~Of`wQ+JE!KoB^WsX-XG4W6zkx$fn8bc%q$h+M<+*V}bK9 zWUTS>jJ{91JY+4$^zrDbJxe&;4Gx9;haH}NEkmOf5 z@m;C(0O7>JU6u)?zj|xej98YJ#p*7;gY){DjT-l@y6t^08vMu0q3|lR#2Lv|=cM?? z1a1~}Qxc%#(@80R!Jj<|f~|Wx-(@+{w1&Uy6E{r7pYWHt(c{q2u zVJ}3vI-Rbc*(1g@W3@guuB+jwg|Tf(?Nc|T){5_c2ni3X%88QB)h-*gKU7x5ZoWD`rDn>v4bK?u+2ti-OAvE7B8I$l``6WZ8gKPT#;4*mLt|;> zl%sSlgTf*Iw_(@|ZWO&;@a&m(a5|SevUle)JM>n4!mgwpd|GRDq zDLEDMy@GGFV6#ul7wn5N+rL>XXXg0nT7Ap&+_^fZUZLaW`AOv&>QuPwqoSywh!3iz z6Dqbt!;RSGkw;Euu0MYcz${HP_uE|?(i)3g*Zu*8@@a5#C;S*0I&t~OcNBT^X827H zWiYpCK2N^AM)?&wmHF1{2f0>aC z_MocK7#tt(ob^7lzCaAN&1q>mQw55E><0{tmnYYD1$mWFk4UEXG@)+ZA_=rVs)%$1 z;N7?!@o44HwN&-T|$WYjpsLV{C#_<_EdrY(BVmsyg zAz4r#-c}+j2Lr0*x&;56w8nUi2~2d;!~QVW*03^(s}b3}73O!bF2@++#4yHOXfjXm zKA#$xF3WG01_!Ff0vdUm)a1HkD$C|wbHDIQ`+$PxZAHL*2m)>~PtkG0gQsUS@J(Pd$a}X6Q^>TrOVnEQq6nMc-6(sI>v^p`N`4yu{9|R{7+Zn*5Xg;i7 z62AbA;|yK~E6-2@>7+l7Of3rzg|5N>AO$hH@0Mq?6CFg#eP?y zqwTP}K%*3oB}rzf&one5d*(HyYH>N($5J-nK`6t=Gw$oG4>vglnh*x`Nl`@q;sQY+ z2cb^Jd!Tiv(A@Jkt5w2g9{vdeyblv>PAFZ0PV+A5{>xOK4O+Zm#Pj~(F@L*> zVp)7Z(mjX{(v1M9=?gH(jcLms0t6^0)K}eZvPNd9!4!FJ$d75_?4oo+xr!C_7K?%< z{UJ;GyTKJid?I1H`yBl=DP=oh+1;!fo3+lRe>I(Jp%lrj|1*97#mGDOf* zFFJTH(4fH_sp^~lBHKc~IaED1eU1X&c{qE6MupTQVjY%1w0Ert={XQD7kt~w_xi^q ziIW_CX<>?;x^Ef6hFso|d~mCGI59spGU_R;oYD&VAAH_>YD(a*_x36`-gj`yWdp1E z$IY%A5M(gGbPiW&w#_vUyB;pA*|a_sYD`^Sg`b3na|BGkX0(GB*K*M#e_?cTf74d#nBUPxth!#}4{G!|8uC z+{kEt6fy?Roy~y%&s$Q2K+jkE(HrOVe;tW`hvU@yrHX`dYcu_~^Z4&u2c#&|9lG!T zwgHYJE-o9L=}kjV--6Hf-!|+2`S$Vez&DS7m;0(21pJv~0}?IvQUFEyRk;ee;*bMuM!n~>CU2jBARIq83&PjE2*#ObO-+x6rT^sWcpC*Wg2 z;KU0pMDmEvSSaAA2Hk4WO!jOv8f`7L`cB%l*WU$&Wp8F5eEI6xuD&&0(dztRFCtmI zRr%=9Mw@PJdXM_w0pul|tz4qWcE1G1F}HAb$jfnx%mo1s8T|e<;1=a=!H8qo4M?hu zsRw2oGg&#bxKt6_hOk(yx3%-a!qwOAmiFy^o+hSg0T*r7+h-31DX0Lc#RluVCqs4= z65Q8aWE-^yq!T0L;FJIM)puyY0bZ=PrnmRgb&Z7zO;!Wn@&EmxAcH!81c%cER@A$U z?1@#jU2yS*!NG_n4@KD1cp~(MRPq>l8B$x%Gc3Pe*Pi}Pf(R8wX7xS0kuDVybkZwB zss6Sz=3=&)yI)=Pzx#X^&6cY?EmB!*)0&^T4aR>b83Vck$SAww4nLGZoz$;iy+yCn z)NyWqzt~*6KKEaYrCXgf$*oYnroMTzu>OI?C}CeeaIt>9n7GDA6_rIN!2%I?Z)5!% z@@DI!P-!)MM?79<)Y^S{`nd|pz6`r52Edz9U;>1B{cwI!(SaPWD5jAK>M&m_T}OR= z8jd$IIL7HM=A|l|ENbCVjZWlING{P&<<30~f30yg~n z+@j0xaRwO88NuO3M{}5?H=kE?WwA-HutskL%l|ta2f_S-fcpFC$x?x%6PFdB;-COV zV^gYGs3j%}I0rnsX^Z+nKQ+Ug|A)f`xj%RzKMz=3=}HU>%=B;4;?zk3Q0!GF1^+D$ z4yu7@REzarDx#adAnyCBw9nzwz{Bid0++LcSt4H{P9neC(v>V9F!1%P8x$ZkGQl@| z;e-3UZu?U|PP^VBdSLN~kA4UJ!Ag%|aM-UN+rfITum4+40{FAF=4F%P;|*^PXBol{ zg?_$kYEiKAxoCxR_!UHms--n7?-vNmb8wq}pYe0GyVq`!jQ=*n7Yr(Lc3rc5Dw3U_ z5Z_?2l)ZPVw*D(!A6(A4Sb{#_ePOkJpqW3eMUv}G6E~CTx;CQ90L;w)gY*WHQeq~v z4OW-^^SFRtyukAPl@=VfNZ6Df6AlD|`vCTtMhC_n%IE3q)ohu-le_R2NCT6ER==|K z2yB_p{xzb{H2}jA*vsn_*pX`4%C)c} zJ!vY~QR&e7>P;gbypw*Zv3rCr2E(|Btz^)c+Y>MfSIxttTAnpAsu2e`z##8+Pi8GN zC(L|uR&S<~>kefk{CAvgJfphpz1XuEY#Fy6MQZ^VSghpKRJYfp;4hH~;DB8(ED0nvyJMbLjqHm_S|fF@c7h`CKV}Xf=*%xkDr-!x3LeB zku3WB*-&o6-qWDAVb0(N&GmaKz+D1C{3Ha&k$5nMxkK1YjkBMgHsO(!8mYSe?&NxG z{OyO*G%v+IBXe~S&@{=G%T1beG5qTi(7q@uDP5CKhVOX6vNvC0rwYso`8pK!MxQ`$ zV&bj4jz@PCq6pP_Z97X8m}=qYzu0`Wgs*!O)&Mf|onsDP!LA(p2JBuWZ_J3SSWMus z5*jfl?Ti!|Pk+Yy(vhDm2&h!;ia8CNPJFITxHFs|Fa%nil>goV2J}U+hbsaOhgm>L z@lEW813*mw6ql;~ejU~sq8}R@Chvz5yN?43@-y}Z9R7*&S!Cx^_U)*gvXTp(1^!3I z8N*>#waETLPt#<6M6vQn4&Wgazl?dLhK3|mE3`FAi{&0Jcgwt*9aJl<%xM8=GzvFE zmKe**0eM)brGsh9)f}@xSQF^!R6Ff?qs?^@z&T=o!X3d*NRr341{tgp^ zmD1@LiYDF=ZxT4?&n_kc%ah!VP_1_`0WfwomX0Qt=Hbx zrX$oa)%~ocj?-YXY@pR}Qn%`P$Kju2^g>F$De=#ev%>`p z^`B13BVLtXmDTf6!bTTU^iaIx4uih1P{5#>exUqBvjp>LxoMLdPn{`1*ve=S#o6j) zX+fvY5UWi2rCpIZ zw*a!G@qoTl^`A?uWk2dn|NK%OR%QEV1%gBNe^;(7IUnub;-pS>9|gm=epWqo<;B^f zp(clvUuG*W1Nscus^(w0^xpT8_D&p{W_1`cs@PlYV(Hp%b6W|=mRxl@EL;;RvB5)1 zx{6&kk6m(Qua$2D!!A~OR-o{Aph9;6t@ZNlPt|e@Ov|+CP7jx}vio4iBls92`v(S6 zDN)HDkJBC={FKPq!m(wm@s!Bp^QpY#>FmsU%T;NtAMt&=$vxh{_CXC&t&phad%Gc2 zRa5Orrca}7KfENUWhfbsv^+jB8lbw65Jp+?z4qg|y-$d+m1=l*Wnj0?HrhAp?f`J5 z+(B0bGkrR62~5C(6HdR^IHEJvXRDidwoR+rbi{JsQ)xZ1e5RXdi8U(%6OhSyB-Mxf z2~}ui#Y1Ot2$CIp_J-lcLrOy5Y^f>dDb~QE?~wKOl@h&v%Zk3WM(W9LwP39)=OqOL zoXhpJM(piA_2v92Mjg;UFqAZe_GjYzSLcZ>6#*1+-`BghC0pNzbyGg#L@FjA{#DSQ z42ifx_XjbX4<*rPlq8ByS!lo@Md%C=dobA;z4WYCd1v`xHL^4E)nYYrIUazdDs;zW z3r!2Wollg$Wuq@Q{Ct=tadUc#)?qX0Pnl~Lva}?D7tVGRBI4js=vITj`_bXn+;%nP zhPToo2Q$sfjw5v7*Xd4rURjhizl7EZBHsFqO7}>qyZmOM)nHiQ&E^x2cd9FyE|nefMCc3`BKWUeS>IXggQF#KQfBf6qEl%L8sz z2)LOZpA;AMPoRRr1Rx$k#3Y2Ab+Ysbc#BU5l z69xm2O_NWoOgi%s8gO__#{rOh9NZZ+1zrgg`P>`=v9_pMLB(vVTK*jP@VQf_OgmMP z^>X_Nz@|6AO#H{8_yFOYZbAm13K-+#W#5XT zjJD^Y!HD4s{l74EC)gd~nQBi1Zv?Bn%c3QtPEO0dFQK)V^fdz-WEFyam$w)9B`z{q zw2?cUC?Z(DKjAjmz6qo=nG|YGGKBURya#mhFfhhpVC2z;?TYNsMd{JeUXc2 zrKmYoKx^LxQ1)vAlH98Ynw*x5_sK3>9ONy6<&R)Ka+SVB{}a3Xaxy@?W&T8tJE@tm zYg{B&-2HFX>2Ff_+Ub5#+KwQ$!@>Fz)tg_pYfX&W86f{25DN4#7dUVbM?E7pgClLt zZA(qkj993zn1@f4g^t>OD0wGYgeWXcuFn>CnpOnGN(wR+t>Sj#kC z)6+AEma=!WoKR|oB)4>-e?cJr4=IH}e|qt*%JbEok>z$8gPCp3HW z4{T5<{W>v6GY*Z6->?%ep{la@#bU1P8|yBbN`+Ok;T~My@Si8lvntCw-sNV`%9GW` z3E50elO!6|Du8XSev~XzUZ&d0i=D<{+D=P=I&2{(XM!K&EU5?U+_BZI_(_Zw@jZ+6 z1HHAOUD866F+hNp8qCcd_vo7tPV4M!nPJd^BYm45-HGh1dP4R!Brs{0g3aDyMi5N| z64<65pG8&aM3a-c2uDu1b{Bn{g=nD=hRVgO7m=?$EYyjj!sx5U`IMVG^&Rm!1qe^Hn)6>%@ZklPTm%McTo3SSe zDzL-{gTPM2kW#R-L*_d1=a*_j@|aSYW)clH9bLIjV;7t4qD{FbOPn*MR4mb7-@|K; zIazcAU9*Er72q%g@YcQPDR*juVPNml0=dnje@?K_ZXnX8V3*~aS@(y-dY7itwddS| z3+m6@`C8rhKEYdZ`F?Xc3H_q;D=2k7{}OXtnQYISV+uPq`#s zwbDiAF1*bYgrJy3@YQY7yH*rZU~m9qIi5iPLQKq6csIU|uwZ_b$ZhqhvXC^c<4 zPAZuOXZ((CaAeXGS#p)I_0^_pu8)v9lq_{1X+pn*^@d?0L(WDJ$j=EDhH`qwu>H&N zLiM)GmT=l|!AFig^h8Hq39uCM`hFqzW^0wiR#lx{}S}CN`7TuiNweV_Mep6{~1&(Swq8f0FtH(Ww4gT!4&v&-HOP<$e8$s-B|Q z0c7}Y!Qr3A?R55^7o3O$FE<}!^!B^3w%6=c@}paB1WRdD_ek|;H)p`ky7Kpc>Y!HVP2>T;{Kb_^>Bmz z?-+hA4P9%%8_Q|`zCQVbFIB^?VyJd(B<_#PQPxpsF@>;9KB&!P-WNhf(pJ`-PkiXO zHB0@G)k@wxXmWhOREswuWTo+sk{&9#e( zKBf(Vf;f&@#IlIe9fE%M8MlhdG(~ z4h`Hk6_yB`y11wqbF#+~Q7JuP$_RL~*iX%Ha7Uz)28J*=;30m*`tLPLkxw&>Wixf# ziOL|CdNWGXLg_y+n0ZwCPZ#m|IgiaqEIP=;Ka9SW*w^n zlMF#Nf$<4~q`6%kues~A^_HbskeA7k%nC#UH3CwY;AJuT5i=D$_8ZN7`OauaA9jb6 zXE;&!*!eVQ6|qFNDE_&2;1>85i1kZkM1p_gv#+C^vyjC1^U$QgrLl9)q?)Dd9O|C@ z_?u`;X#$ai3$jVDp;02iWlg+|D`!;+@7s=!b+|>iKjYbbeuz}WY~zxCA1FJdb_$+% zpOPZ83oBI1e`U1V>B_ZerO5KSUZywLxXx5OZasS;RT=UUe<6!_fTRNscNz=Jc9^K6 zq%@4v`}!yC9Fv2~v4JTn++6mX^bU5-9lNadGw&Tz8Fg{cD+am1uMp+9ar~v>It_So zCZ^K+-y&BOHD0@#8dYuuv%fTC7OGD7tG7R6+@NCADCqol)0it;&t+*?&HIc;bExV0 z1%%)qz_0((PhaCHNB7E;ITyY7$5J`vuMA1Pjxip~Sy@tLsCKJCf)}qz%jdyAAJ%=;dt{+yv7#DNqnouC^nLZM5VVYxex7K`R`i9)CkFJhBTasnC*JKH&$i_MBEWnz^37g_V zJ>624f-AtPPlf5zU=+xdep@Ofb0ilQ8f& z*l3T?ww-iBI*kf{S?n-Y&vSF}8E2`V3JNBbSOI|{Ugkm;0Y4^tjh19BEdk)v1 zrrmUy?9_0WK31L6-__8N2S(IL@CmiiSpxW6;@c%z9t`nK3_P_y>CAD# zeLOx=yms=*Ti*$#>`{Eqma7Al7II?J{XGxp*J5Ui zze~RR5|vuI{Zjii!9%cC#OCSry#Hx$rd4bff5cq+D^&2^aQ`M^5F@$}Fpb-^y}>F4F}=Y& zuZh`BJ~NOqdTe2wlrPocd@|0erxqD9efC6(n@Ft^D1T%Vxq<0Gi8mmggaRuU4)}v# zXL~Q1Mw<&nu0OuIW&K4SlPu_E5i%Xzi{tR-&!~ z8*D8^XBJr0NlSGOMPGL7r22n+!8JLDM@pXKVmDbPd(LyMefb-ssx`M({T)7DG$uuA zFmOz1G<6W2z;t&rZ-51@OVdx6r$w^p)_U~@v0RG{y#{?uuTC57mV78@kkl>pWHyu; z9`TOE+Vrel_#-<7EscPX;l;EHS}VK2K4KY~wg@21qF8NhvH)$N#~agg3SKp_+pf(r z%$1ewuhL4U3W_`&RK5jlCnwn`{4_pkktr4^CT8S$3#zDP2Zl5gh#NKg%l5*>_H>8d znU!cztqlIxyi9M4+$*IuucwY*RdT|=(31`=v#m0Ls8~9k1A091ak|i1>g1ykX)f5Q zjPib^ZW|4u*Jq6+S6nnXJ`RP#Jhro?8w7WZevywWlp3U)FqW*mkN1ur;d=i5prkCG zx`<(4Pr`FkeN1vJaVN8F3iixy)Nb|?!RKhni2i8h$V@NOe*34$UapOzbgnEVSbRQr zbB44f-Gs>)uO~dl10H~{|5nPB{YfJPg9(>j4+_GR z?&+Eb^!@eET}AlVJ^@OTHz}zcX}4n-9ya4Ifi5Z$t7Qg<4^v^kcg`DiQ|>b%R-RV= zgxNujuux=V$!5XsHG0EEK*){!m~|ZHL<199YZY(NNU#e!E*&(vmig)r-p>ih!2(Ay zC=1z~Kjg&~Z8R4V-`t)ocYY|Q9-@Xe8HnZyGtQU?A55}j8>A5COJlW0m{=pSer`Zj zh`GUQJn)F_gWjWOqC61|Z1iyM=_Onfd|zgmKn{W%pD}Djp?-CJbYK+Z+-qRM>i>=d zwJmhwy6aOp8F&TGq<-M#M$?Vr zE7&EIlNX5}F4j)BSz^N?A)$$iLS3JgAIOIh7aOnq-n2S>&4(z^Zgvo-ceYl6!X=(5 zhB91lZ}S{x%C~-adKyv7@|H{!W(k=>$*CM{DBs2X#9q>r(sG}4z>k<9FHmjA4Ehj*DqkmV*!G6`lm8W;rg6!0jK{qb^X{{sZj32^Zu|zRjSx|`8)*zw2 zvoj)$=+k`Yh8fixp%>>^+v1=B#Ld&%{mY{}WM*re5HuVYr)^M|-E*%5M=av zV;hItXO7h%1r@Quzt^{|gq;dopNT$KtecA`iWuk7MLVX8SfIq~f;M?IAdZ!ynM5px zYE)`?zF|iI7(nG-5e*%v+kw@+etS3w2-Egkjr;fA?ml%HRf-c_)|g~wL}^;?&S!k$ zAj%Hj8Igl04E7_T1!kA*mR0)v{qD<%B`9!NSquoU;J`HNe)`Z0F%Y4NxKLpcGitX? z^B@e!hz({E2*?p@DN3Lg25<= zkCy2G*4&)Jpo7MTF+20cg?-b-4XU*2LoD(d9+RleYD;)-Kb@_HGmG72;^d^J17d#& zX}yK&K;Z9l+t4##Zp_R<6bv0Cr^0x~EYk^{*gwU0FhazhZ);Nzp9?Dy1R<^?KVAh> zQ^@hW##Ty?{8f-d(SI}|Wr<#CGiBtQBn;}BWLo|~$m^hdM0gkyl8fW%S7=+PGyDsC zqd!G~FE-8|;^^~_C_7}Mh=RuR*Z#1s)qE0?-=2osvHi_Dxtyjqu?BE+QPM_z6BB%2 zPB$WW?M9`-hIN5ZEomtzotjXm%6p}o#9ow&z}qaNFwCKEbP<04qS@2{&Qie0ZX%%? z@e1F++t=am6ZL{05PQjMqZGqS_R6zZaE4Zl+Fyi+Q3RREGVWz1yJ*}RF52(xe^#MJ zSUGk@pP1w%Ol2WRrQny-E|8Y&M{wK8ZFK>qD|wek4h}YjXKc5|csCmD4LoK{w_X}) zM|YVaAj0Zl;DSftvGP}Yr@xtdT>mW$EEwrUp|S!UZV=3&iwvB#zr}emdp976`G0}M zy=Rwz@af7esIhb{bFvEMgvR+8W#DuyCmH`0MX+ii4Xx3Y5aUA2X87BwC%&}YTK8j+ zXE+60v6@$zkRp+)^wJ|m`S z5gaJ9(Cz0_2Vw`eSu~ujP@BBSYsJans10erK?G*RSV_S{fPEo@gD~L=0m2X}aD$xs zqywX#!t(v@-yaF8X%(?q5gH9Xd=e=7i^IJT5DO$S*0k)U@mFpwAY>L#N$ubJTeN$A zht?xrQ1K3N-qb9g{X=!te`-#HAXlFh!kVy;WxR-rwgfti7cF4<;bvpO+NNqrNajQJ z476+7+gdUE4ZIF<#A339Wrmqq$rb=gKi3DPgRS>xM+5Q@5gU5A+Uvq;6g1cA5j+y- zpqg7c19R5e?vGA>_4Yixe!Mv#e|tGsdO$wJ#NGCB!gMxdZoL&hTjR+$jVbee;}9Xc zwtXRpPlpODbRKJox&*ZSsQIY&9(qpSA#h1C*v`tr2aoE0)Y@l7i3s0=dnjhBA}XL# zf_H5*N7x^^s5%ApPwX%jj+iDC0mq6aB@wW-cqU>+R0=g(*NDYgANG$Su$B#qvvMcQ zsUm-G?C$L3NcP6!1^*_F!TZ-mSSWjzgr6-=cS?ul#>~|!pbWy=;G<%2C#eg31!Ezn z^T7f^)O<@5GhDDh=U^X$U2f4vP9M0Hq)E`o!=z)-6pY8#aN>p1nMUBF^OQjYL}6wGQPOwzPm;b=U?`RJGWgH>b-DRJ?t!sFPA2Cs(?PT|&w zeWW^h>^sRZVK6BM5KodSOj<7wS!a@D``G9SNK`sDkM&15rheaXrq}&@UnC%`cpe?A ziZd``1-g-C*$=i8d}1y7VX)cjr8A)Rrc1h1QLrJ5&>D`^N4a7bM2 zT($WKk{i2@NG9O1gfx;CV?}EQ8#r3cgMSR}^%HyhRhVJ#jr_@WsSNUbB{Pt?S;B(E z#IU=^$YeF7yoUZ;Ony#7Al+vc2G4A}L%+|oYcn*|P2B-Tz|k;|-Ep-(TIq93dhmS>i^c9&o}K6D zV9w<f3v|}61$V0$}#C*z{=m&`71 z!j(+V`572}sG!Qw&_KG5DT+r{*nZtd{x6;f6X`!7L%cm)5;Wyim5}iNY=c0F*o9zD zW+^JEgFaZi#GQV0%F+<~Q5@E*?Ra(J7t<(EQ}@+9yJU~K0E9)vp#*!ao|1(`J>fH4DzhGkfnH54Zi;eixgEY)Y=K}iWvdFz_qGDs zxj}+_y;%_uH5?BI8d`!u*one!p!+hds;xX}wqBN*O129>heq|cyyaLT!tGb-#QIF@KQp#auZZ;413+#-xZBwBXITvx1)#0FmVWu*ld!VQ@>uR}y% zKf6Yu`LD7l`0$eyC5~pIjSgq$(Z?c;rnQh>e~3`!65E;Kq`Xy_8S{6J{n;8Yt%ocOrxb2+#Mky_YICbW!<* za~*ag^z9v(rK_8mvjrhxhmBpR)y7ruHil>kzhjVz4U>qB5{@dR#KG;-=lgwMY*W+A zJer=?zM+uTI5!?5c~T*Y)&XOLn@^xWpnzLq%%)na%;*rM$7!|;GB+_^ama_`9OmkN zu?>)*rECu4U{Yi;8t=9$#c%jHH#Ov7nc>I8TRg`u-xfS z_f8G8OW0}Jl^Zvq3xR9UUU3I~?T~*jFCrKY!tTxw33NnQq3lUipp-gE+z5gDUe=6- z0GBWP^0{@A({e~~_oKi541(`@7ncK)Gjep*xc{ii@x}?gbR?(eX)eOynPL2<#~f2t zGgfc|bRJ@+1BA$8$)0@E4-IY&q{Nn2CbD0-lRrM)fA^_cNbi>2u?pDx7<^7JQK>y1 zgNI8yB<@L)Ck-+As%WT?wHZ@K4@XK)$Lkujrs~4L&iww10wo&{kb|on=F5r|)IWvG zL|hO~TsHGY3EBE@X9&30C_04fb1nri2IH2gr5mlp1M{1fv9vjqkZ+!A)8LRxTmt2- zsM1n&Ho7%lh!!Zxf!6(fEy56etylDj;mho`E3en;DFVU60Z)u8u_XVAPn zx0@XtS{b>;h-vCde#|#x4o&yE%|M3#^`oK=tnZKK7Fy7Ed1Ft_R+~s0!nN$oPh2j7 zSd3Z_e=FR8a!rDAr7FEv^-bm5x!mg9+CMkK1cJl%&(IML=7Q!*`=5%fOeP#Yl-Rg%}))5cn-03+(b$5ivyaaNI|taWHgKQbGwok<%5+f|-;G^$c3) z$rpe6&|gZwY_#)Ok06W`FnQ4un%)+nfWUTfl^B63pRzIi;%qM?%qU(x60i@1E`!nd zp2oXN{|{B)7#&yC{@d8LohE5)+cw(RPGj44lg75u*tTsOjh%b?-uHj;DQnG|S#vTo z`|SPvh@cMG=956KbbRa5F7I0AnhC4HmTdQVry)5uJZ$t%s z5iR^zlMOQ!RSm2CO}?HRGcj9=@0;i2#nP^$!-GbdCdrS>$M=W4ZG5?Zi&3BL!-jLV z&CK=4D*P#GC72(bSUblF!V2TWrXv_d+T~fk%?rn=VL@RC3ZX|B=K|CV;a@TrN?iXh`*X724jVxJ{Uc8PHp{cih~#LJ#3gwt?mkkCNZtA9ld&BhFZnICQhSgG1$rbAsL6HWgI0_c zk;Esu&2=3%MAQ8Ts}|elEYXz7&*1kK|6{!p<55O)Ge5=v{d=YTRbzUZnHuNcM9N&1 zpBYTD%>vCB>phd8=5Y4}L-$q*{xVyxAwOp8RJ0j>Ibe;t1Q9(&^X$je;}K-Rf<-Kw zO{pM{e??FGfWvs3D#_S7eP}AVUz=XZ{GU}9Ey$}3Pe6ijD}@aLa!lO^Z7NqFe<{X* zSA>~x=T{o3CZe5Lp6TuI!W(?}TVvX@2=iqouC;|!nX}U0SY9$Y%EVMMDeBDJ%mDfc z9+ZjdbfZZCCsTG!a!Yq+cmXLy;*^;i{VJ|<&2XB8OMT8bVl_@bzy8~C%g_B~CYUmO z@{}3t=xWGgavl8r-(N4!Lw?{N+BmX;dlC2_bv=~PObEPPmS2`q5=q8yef+&r?$S+t zJNDcX$9i6=b31{xnLUPLXQ@kajyxs(2WEQ`O)&tOH|4YKS}N}M$yghazOSKOdDQz# z&qsQ`#bfG~T3_oA>E~BL7kT5ab5ueladaL&67}9N3m{5wUdpSR&k~0l z9;!LE;^&H04(xni8foRl?2Tr+>q|3ue1$$fuA1Vx zm-X0fR%nj?@_>OO@#VMqYvzW~>a{>dS*HlbDXNDc;nAWI;vC`gFHQNrAMxq9zV%ZR zwCQDM9UGvX$=lp)#t)81t=w*#uOj^UbCZU+z}cP~g~J9KA4T5^2%g{2OAYZ*b~+JX zj@Fb>Af=s}=r83rH;q=WdPRW!vA1tE#uz%u4SZIgv49Nemoh{{R&Jw}CDhq!qh)~f zT?Q+nU5*kg%{97mob7VEoO}jvWt5nYkI!s_6xj&@K`_)G5s0)enAtkVcV4nYKY7(NQ)$W4wrfDZS>LO;1dSKN3&}^qHg- zB!9nX2L6FL8vj55z(zGP3fVr=bVXY1pwzjsGy`@st4&tnR_BXUvr7N0qz)Va_Nf*3 zn^<=_U#5V0MOAw~8X@oHa)8`?QR;)*+eBt?Jfurdr%NA`q+0s;Xg0InB-NA64t~`z z!eMvoCOFFeL4+}+lAY@GWpD(aPTS``IVI^gEj@`)k$gIYgv0?pLU_yt*#S_-+|B#g zh7gX%i2am4%45=#M?tJi1!uHpvYuEjX}Ig-eif*YgzO&zzOqcOBMm0hCxne-SwV`)J17fUH)N?H(Tv>J6j zeV2>yL>N7H&F^`bXY-|Vj6Rs7cUq3~amzLK<>Q%MlH$?WMUUG*h~1W9cf%;g)Fsid zH7P1n`8YDXoLd0g+QYe13Y%%|rVHZ5XyaKh@9@@j$=mOsL7g$vhQh@J0WcXf+5(6C7Bo{2z1W{U%kXn=7 zIDh#o3!u|2j&=vSYM%xNk1*|%&n1fG#@9Jah_exU^f1DJTg@zHdd~lZfho;f6a8aD zQ7-g#^sYP%ddUZ%v#!T46z%ZmYL<=tcizRu)WeB9zV53vR0OW3|D#K-z*ieB=zukn z_|#9{L?UFli+k)0{Kn9@JRdS-gJwNpP{tQ4wL4U+bY(P59?3IExkltfvDycwwze{} zntgo}@VT8db=^KJPO?_cYqjPEbNKlY?R+vGt6q5O z?7b(xgWAL))U|a{X=`rtNEyA&Ysfth%N66a+ksWM4 zD{JraNhj##4qY0@+y;xE8F_{<*Zss_!Yv;x+JCb-Z6|vxiQ*~pG4hIZ->DP;F7xq9 ztqIDF;;)pcm7A|BLQ!3fH=0Ohw={XxI1h-_@aMrb{>|YBAMJiuJdDNXBk?pun-4RG znbMj%rgvLjm>0f)4a3dgaTRK^$K@gt`MWvo?|t2EU5tYGpvD>T0e0RkYpEQOo!vFA zRRg|96eop7B&-k+eR(#AM&iV-m);fjjxlK%<4i$Y@kdWaV*^UuhYJ!jMg%9U$h~~gCINnWo_lE>YijLK)d8jC2Z!wGQuSB+ zFy1H}Ce>6AwCoxMjHSZ~(z|{R>s1=55vcv*uD6b&UB-=&teZ7Lon=0h(dPJ_XO%7% z(8vu{c`~u^_~=v}&%1+`zYwCTj;P!=tBp2+VHYlLe^m@nlY00Z89eG)=dm!{a2Z(@ zeg38kkS5=jDRXYM2NN<)`Y*&#fx#Z7U5eC9$v|*AYVK`Ar)*rGTkKT~hfX!fr0jbP zIzJ;Qckl*7f_rX=ivPhB52y5H63G|ZLBQMAQr62~db3q-__v!jJgv=qLV?HRMB37z zcYGVZukd5Va!{?$r&qDKq}*?m59SD`{x*(PsY@sNczZtV*~Db+y$O9y^01vM?eL`o zet6aC;oO}oILQx;I&?vh6C!qFSxF>5-BStULD8++luWKWzODwIUb{UU7tV zQP^Bmv9(WRFojHhxZO}+OcYN0L~;G$?fJHKB)ME;KikfG+qx>dG*!j6cbY#Ran0pi zeTs~z=6tJL^_#f*jm#mPHhp^2#kezPkv|`d^fJM=wcToiQq>y9Lquj6E7RleQllhR zHxm&>s9Tc*ZuCk#94*}+MZLeVLB;&PWa3qj5qn#mZ@N+KN+?GDgdFs;%0zr6Zhzkl zRfb9$Uyor^H+di3C3Iz6I@!EA{@k_hhfLbmoy$I#RwzYQ6cXUuYIV8Xf1Z2KoT@}D z$<_R0m`t;*G1s@F%|)Ltf#4|i6a%?kV5MUxGUC_;{S;pqFyns*DRXW*K;?I z7JHETpoVKlJTPJX)*v5!CW037`h8hF3HWof&TR4H^Z69}tup@Pj46@X+j6NT1@d%2FfY_X+owUEktBNxZ@n4sfEKOy{#)AjV40} zA>a~-JfDQTeSWTpJDE<&%oIs%!GQks92H}AcKj8O5k3&-w}$Sn1Hz?MiQGN>0MHZ+ix{ArSk;cx z4MT7U!084q`=0EU=>Hgh72FoIuL@<4sk!RnFq0(G zKS}81=Dt_ybX7@z80?2IlmCDl^%1!v)P!UhmB^My@vtpP)3eJ&xDS3FFurO4JqE`5AOa-5Y1o77Vm;lH^|dH zx^Q{t3Mtn^w!4=6)rVRVn~@#CJPdB?-CYMh9r=8k33=r zf81MnOEkFk6(CIF9taLintWPH~kw zO0;6DK`YtK4DU*Tn=ylmdI^9V=fn=t(p6Y`^pX29rN#cE-7p3Ag2IWSoo>8vh zs8IE2n}Zhc#6vx*nV=t!ltqq>@)e{cK_9hAftR)-xF1{+gk3a>jS?|u zhY+)R)n_G8s#Yh^@8#8CHfMxNazKVepYmKdb$)q`4<(!y=3xF&GopkOl-h@^{>WQo ztJ!a7pg6r$u@=x8Lhc=w34SOGWw?VMSvK{>Xpuw}sgy=7Ab=d+LQY%0b@>d3gY|m@ zqB91_wR|)oJF-&rOWEDr7tMN~$VH{N_#jxuIe2V>oSlS3)(Rp@Pk%1BTBC<^F~3el zY>;Vx+Ej|S4gw?>D|v~CcB>P_r;EI_E2FZ~69;DfS6v>Z+f@QT<~}C#C#KPUufuc> z+a0^bgZuW&c#aOY72LPVA>otLB5z^I`!@8ucvkXX)w)P7m74Q{cL~TfL)U~gkj}LI zO*(i>nwxPUy*V;|O!46PlzH|d*la@5V(!P&N>tbc?Ho;8A%dNxg3KWUG8$#V6TPMq zl6$S7pOpOBymFELzhC;z@TDl9u8yidJ!IVU9%Y*jI?`Ax{@Gd@n|ePA$lvfRD z)?fyv!CoK#1u^Yz-D}O$s$yZ2IST9rU<;o@5`;0X3jZK>V+R zVSvJzmwGzn`5fq=#fMx}(6AniWY09s)(rhF=Q%r|-u z6zvD=rg|m*4Yfn<{e*ux^Wg3En@H4jA^~!wsE5$)XW~8NU^;C_`&$9&M8N7<7%za# zp<198=aM(7?fFYHw;A4u3yB5V>tUIg$E~r9B}JeuhgvYGO8;myFH%BUxeFRczQdqwGc1di}%xx@fO_e{59KEATAg##nQ(dIY|eX$7<0gPAXQQEZ4>(JTlzicxhWH@9}YNLuyCQD37hXUx;N zjk03W16mOY`~jj1ylB2enD|pjEcrqKApL*s+2+iuaC| zm_0Dk1;Z(`c@NN&qUe6?Oau)HK)}KWyKy^$8HaGXA7g$XKtXOC5c2!dQ|X6iFmpmc9t$&giAY ziWFF6nT#Cm_OlB80cD5R{P>7c&E6)ho4OV(8eVEnMkHXVDvPZDP>*!bSkUElg)AoP}X3B#-Dl-+pvC4D0w)Ym1TQ*n$C*y znt{%1^?L3C_q(On7_%WW?qS^C9n3BUC7j&TkcIdj$(8%|E|%z#9{|5n_4@bYgq8qBVD4Vd+y9w;@ z#m_gfcJd#G?Mowso6dmQ#>)D@1<^uS-Kfg`{JL2*e z2;`wUH%RoGSYv6{28a?zS2~-nA~uCzE-I}g#`GSOTS;O?O?BlT{yt%DM?@0fj7T>{ zD`G%6UlSp!_!^U~Ty1!ScyZmdf}GTV;Jl{(gxBHo4vBu#SB709*(Ou$(i}r_8m=J6 zhjjHWr&iR*#9*tp+#A~Assm*e$H`C>r&gf~q7=@yQZ!IPe9#-*z;lceSgyLbJLY|y zFGLo_CiBMQ6htjzreD$ixPxvM@55YpY%8olI=75(fF8^M8_h`ra^=IQrDbayun}^C zHa&EMu3J69*#7*e+TtK4Wje_TudZNcmj$*gEwaszoXWB0xQD4swp=)FsyAulAv5>V zv4J-QfT=v1^VMU6f-jEEB~!@FGFOR~&#Q+O76zXD}lr^$J-&E=dd`s~3z)_zBJ z@k3kl+dh-dkav|yb5zD$F@vN7X;#a`kCDY_t#g?wA#Ou?f}X3>m*nQ9dmQzRgH%rY z)Z3q2CUu81L}NccuQ^>BN0C}$zs-KP)NtlP{Y8g~!?em)bUQg7`1NaRmd+&e)K*^z zyc1@dfRw_S;(Y7B6%krOqeuBaqRohds8omkIC_y>o9|7tz4Pjd5hIp8y{sW>CnUD$ zgoq|N3HYJ$-A*V)RE*=&g}+1kF{qeAk%&|VSnjQ9B66+Dii6=%-#s3Kls(i+FH7QR z{SAetLblJMh=&wqtxWf6AU!EV=AzQPpxOjJ~J6>Ru zs8cx3qV?X?Q|4Hl5KdUVoKL595y(RHPk7NMW5pq~#9E0%Q%DRv zj=bdnEMuN)-Nv?nZ6b0tNo*3Jb^`^m($bN6I&Tsl;_2+)&P&-?S@Dg?s=eWi2tJcW z-3!sbaNa~Tldt9AQp|4)l2*W9!l9kx#Hj_+>21Yv&54( z1qWz8xFhdlp2$}Om=K$hq<-y*{Gr$}lzGwVNCn8R$`iF)-SPRdI#i*nf#u(MkYNFT zIaL&D9XtH_mIQ_?`@EFU&fy{f58GvVR+z!V9!d#Ro`s& z4#f=C>vRw!BcgpOnqGbaG{o~)RZVLS5Sv7p@4CJAR8hv9%x?O6N98^V>~YHZ;?7Md zJzH2Tj~neKJcsR>k?RQ>5l~vC9=+32!ez@uA8)SXY}zO9*aO(y%|yydb>Dg~g)U@j zCH#s&t#EmRL&UTSKA8yo*x<*5U6j)`oBHNqU^^bkqD ziGSU0^&Ia6W{7_NGXd+ky7&tRR1ec1OYftO41Mz>TUPg51%df`-7oml zB`7uzSLGqhP3v>XLJWXpmOe|KI=bDIQ-_!ypNUK5^3?q^^ZRz#@aVXNew8lO85Jtd z&KsN!S#`N|KhZrvcjjNF9~)JdnV@|!iSYOKL`K|6GPbbijXOndSw-0kbFi{D-?vvA zxs*JVT^q^iZQ^_t8cSHqg)#`S!Q@wO!q-0m4tEOZ8TRyE&tx>hrEqlYs)M z%)PBJ5kyf063aDVCz>Ccn23c{vWF4YS-P~2*lw+4t`9!5#+pyByN(K0J5T*; zs{18?F{5nPI3&oCLi+G)TdN1`XVqx(x4^DOk5w~69$2)M>2MTSOrG1T_h2)kp|0$g zIy`4M+F{d7h;aB_AuAaq0R$vvA?BsEaO-Pqx%8mEYlT_Ek5hdnqck)t@zkQlF4qQ3 zQ(X}!20~et0;LCZ@gdExwPduaWU=<1Xi7*Bh7biwGha9ZRhb^pTEYS@D%V_gw!Cm! zVp?wXkH-+cyK zpF@sj*+?Q*kw$9j`!8IGA=dmVMo z7lmHq640`95FaCI5;A0F`*p6?JZGBNJY3i|3lGD!$hc*;=Jb?g8LnsNDMsS^Y(TKg z0@~Z#oWiko`%%x9aavvm#C=8L*H+^d8Xa|*nN%L~IhA&ldxBCb=IX$9--i|ACN7o1 zO^-)!la5v+fgg(J$k*qjXI$f-S^8qs*CXBqcd0D}%iSHh+8h_{(v*HNdM(5v5m4#Aiyj?E4oy?Jy`z>hMWf!9Phlxk;w+XzJ%6d3}rgmvJau%Y&@K}lD9RKr| z9oH~0Nl<>W@TEuL*NmA>9ot?yl6ASfd)zm4>T{qwFw?TyqE|(LpTRG)1jq`g{*+|U zLP{#GVA4nTCkWBXkg-^01C-S-BTE;U}-BD2Jf+V95`kkejK0}^YYkT#) zSVtX&yMU!#99uu#5~6Lqy9za&dw=+DXb$9YF?12X37_x1rLoSMT8 zNTDM^1Zb_^+dh;src&f0=ae(mxM?fKTh8TlE9&EJfGSDuwpfPO67 zIp&D}5DPT@c3AJU0_zSbF7Nb6zy0!v<$}itDH1HUZmsNe>O|x5a~z~`OK~7Xe8_fs z$040QQ&G}PxdO#}vw{iw%jMhJft2^&KyiKM4_~T7FD_w-%LaelnDc zW3l^pgzbF3(MYCA-$*x`$chayO=NA=X|Auy#{n(G`*#C-yq`*`--;%+QZ{B6dTBtrFBX`d|-n2zJ3W~Uqc8~v3R%6-P%6K8DX5?QJPzg*Sx-YJ`zpptpxCj7j<44jUp-0F#%nhNyw-dU-q=XH zy>W1^lM43H)pR+RMun26#oCI*33;0gbikuY*!RmKAb*@ob%(BYKtGxYL|I9e8eVd6 z)$#=+oMiChHX4XBWd_xudA*!l^-w`X&RgXc1?hC%s>JyDpCYFI9c>>`%D36I48F>oLnn}k2m(pG?V<4j;+7euL-f;y%b{&Ab3-EdcN=P z1YgHH#elT*wVOx|pPxhAKNRbb^&fveSbO|!DVAOge_mcmCD}2;>Mt^aMrQ+c$3Yz_ znOLr6S>ziCK{(5cV;_SyyluAOd1zj$Uv4sbtq_;L#3;P}r%k!eTcgH;0k!sfzA4{g z6UmdDe#{I^BT?d9>QzpMg)-xbAW<|#)(ou*w=c9qfs8eQby8-!p@6j?)~bAgsr7>aa?K*gF@LLr3Ln=y3PaEAAKDkcW- zqgN(w^mc+kr6xt)ahbMF56G(=ds=<6)+ z#YLro>?tD}2O{lod=!lTZ^Mg0_&oWDH)T9js zl_yuR?u?T3dwKxqBgV0BcaeY3v4J8Ut)A=*>Bg1(oxxAdU}b&YO5HXkGDf~uXCY%s z=m}(nV|ytHZMFhf%|S~O9$&pzdu(r|GH|G~2IZ;DlyAgD!*cTZB$;#6JWV#%EhO7k z&^2aLpYPjjCate?TOXAn{c{SuhgNe9fG%r*5V#FTyi+uw0ctiP|21fipx{MihPT?i z;(fzaifD0Fh(uLv%^F?=m_^l^79uiawSYi<*_9{XpWAt)$`buFSYgCb03Efbu?}W*3euH7ak~oBtSj!ds;|O^#jf& zngXr+B+QBQR$riC$U-{G6Qt9v>QUQv3l0io86*uBJ*t6}=A}Y{6Ee_m^NrDMuW4vq zJk%&9g$H!vi`{xNMfhuCyloO_p>LOGLQ_u8ER~XffL^^gTeQlt=!IfXm6ILiky1s+c-Y7+{R!{aHcm#8(`brV*?TJ{}Ht#1PQRp@v6D z|D#3yDKE|x0PIo38F&j(;7KHw&z1r%X(*Knb zW{NAv>kE7vBP6pQwEZ3;Y`{p8M;cpthVS%594ay(Yode<>R2?hu34q#lpRW%) z7HjkHAlU#I43pg@T4)q-<#P>_M519&-v*?jiRcs0DT@B~`?#HawNS7!kjUzl?8cvGBNyDcSZ7i$)2KXE|7e6>?OT!ilYDbf zZ!2>!%^KIMN;CSMsy6ahRggxle^BVsoOoCYecOkvZ9RQp08&g}NMHB{XfG(l;IFfXhmR!{xt#mKKl zWKAc(p+>eee%*FACHCAu`!;#}{vCc!y8rfVbEBmG z!dw6zgh)tV@v{>(wj?hckn`*#fodt7zu`=YGl74Yfe(ME5C*r7NCtC7<9ilMZ3t0m z6rfhdRxNp=J-kott;IZteo0oq1u;-8``y}a4(_WmQY3selF&a-jEfQ_3ok`;WQ+;J-&>P(MuIbhEt-HlO*J75BteZrKGb))>sOKdqj}@E>&d`L(=mCQ$)zL z5dq7BpiHyUWWak3?FFF@yU*wVru#vtxJ{7u9n*3N4oH(E;VemT683j>YLa(&p2gVl z0ib)-MXd}z*PSc`m`Q)%M<6e2`g@GLWTGK@02>yF;+;hh!ub-MxcFCFnjSTpF*6lY zSS$SHnM^i(+MA*op;A9b6K@G_pS)QZGKuMEF z2tKcyYV3uLWPkpj;3fP1X^<)d#;q|%hq1N*8gOFlCpC^Rz?4!8-QGxQWAn`?G;x^$Sf0y1uz zfDtG}Vz$9TMQ$y|$%3Yfuz1b=;p{FqAsTS-ZZJH0uvfD}W7*&AG8~mrct4V9NKo5c z8D5BtCBZe_Ll7rbLu$mBxoxh(BPICXnB?M1qvtVP7HnY@s>y)KS5dJ|W|HJ0xReg) zgM;*(*45F0K+g|^dRVw(I-Z<3C^b_mh)_+2b}A%X=CG32GoGYIm*&9OalGbyJlO!V z_`1^3HEHktH!%cs!FyM+)KE;0@7s|EA}lLB4DFGJ9sOfe6uc997pM`V6zVlBJbb@P zl?_`VBrbnG9tX2+tHSSB#f;&g`rVs@@)8ry3L`bKT9#lI!wxZm0&I$6{G^V*uWW_k zY^YLDh%JYSILXihyeo9POecPdT!(#eSx;gz8u@W;?YPvm>qRp=bnBFeY&hqpn|SaF zLP8i6cj|QWvQOo;4qZqSr^nWl^JEgEdj=VhWK}J9{bKmodN+%k5IDx zRB3d>%<1SajUs$#phlzvB6NJ>2L}qp#B|c)w`Ku7QE6rs_PL#coY#=oMX^lnNK?5& z9Lw2bKvm;uLa)*|AQlDePGVjl=hs@$*MkeqO3l{G&02^#+l^L7F^aSb<;uf&@!zuf ztzHWyYoCtmsZsIpLfdbCrG1^m!;KC&%61p#(5|-)jCp)t(hL6j$hVG+=ES8^tl7+C zy3cs;;QO|sx&pv$G)<}>Q=|t47NSA_xabM3VuS0&HX`ZqOTJT++$9RaQF1uP*lbRc zt>?or?#mlBtAn|z;?c=eo!M6BZ*JubBY6X3f{7lQSw0Q{wk)nahFr1yPfbaSTT z!ddPVY~)TROddvZ!V6_;NvQYOjOL2fS@V9gW2?}((Eb?Ox}S;#-HbU#`NW+0ytxY*lhjYhw_zRSnJ(=;k(!rKw!|E_b?Js{WnZ$FB6NPJA%=WiM0iu zN!$RVA^EbSC~7r~Z;*hcKb{f$q1>Rm7MHjqRBZ9wo5}kDR8DRe>HY1gO6EX8o)u~&{7qtSU!oJrn@lXDCmyz4zrg&ALUmeG&YD2SW2h+<$ z4*HW0IdUiPb!3NZ=%Bxpg;96!Z&Rn*OAdC2+2iDFmmQKQdkv!4S$G(B&7WM)C3(rQ z(*wd7J-5nsqT>h-4L6wBA258vqse0*$2kf5hS2E1@F3d$aXRKf zYw=hNC^bP|xq#gx-Hmyj{`BBotNw{H{J~1KZnQQ7?{5u#O)0J*VMCQQLN!|Wc+1H7 zfs*OU!5z`)Gs!*Z`?#22TAyiV3y zuPOq<{>e@Q4oP)kErv}S#i=7kqmaB!^BwDY`#2Z(!r)Xn+HxV+ZA+ER-$F&+8~mu7 z)Vc_j2_ZtY;cl13WF+2vy3GTQ3?x4UNi}V4PjPl+Rux58z6d2)q^0=rQ#aU`D{A)I zZj0$x6$vaFv`OX(2zr(4J|(FmEpIitCd!ekb``KcnmH}vZ@rqswueEnevgm0=lg+j zhc$O(VeqGkq(>9+><9jiNH(N;jz%TiQhiq7t-I5kxtU{uV4-=?R7ZCwaLE4xB2Mo6 zIL2XoaO(U|{VtxyVMmil_!*I&lZ%}p+$k52vcq)?m{~}K(%8e}3`C$vbm|IUv+hig zM9pBVhM!KOJln~lF738jWQry-@>jkzUTa^>eZzgMr2h_eXl<6=8T~JV!`oYW;hf%T z=G>+f3-fdoO@idx?NwWL%Y1!*iY>ZuroOhwHyyEMllg!Y(4Sai@ZJV1^f5x3A&ow zYu!>96izlNc#M#&h@WoI>mdFfP>-LvI=r^<0uqd=g_n&VCnoR0@@()~vQl%VbkoP^ zPL4P*V3c1&cm}jP(Vh*0*c*50g$Unxe=H$Kj4)!JZAz^_*Xz+E z^T1=jiUX2TEnjd{zi2_ zl0`LccE(SBxl`P%a=4z&Kkze9n^>WUmkfHoJHLgaVHt5*zgTp6DJ3Kz>GN9|zl^uw zt`P9nbcugU^|0J+gI<4D{kze!Ixfu#s`_^P+hppW={F&O^sG-JMo@`?ELw4{J75FY zQ=64Iou0xfzSm>E!^tZp9(^L4j_wIisb=jKefIZm(^O@=oJrc`F^2kpkiz_ZMNNhY zEhU#F%H<61N~zZNPvJx^ zGfd9Q^%Fj!84YWGj!4hfX-~6$d+_A+qjVr4>A|(RHntf3%-^~SGr4|LmWZ5UsoD~3 z6=NnmeqUEYdFa(_^Qo6jZ&XB3{Lo=`F6GkvtvO~76TAud5tKqGQBkMAT!I=USIC*! ze?%&h2}$b~y)nI0wf;Eb`RXQv91RoKA^D!hZPi&->^~&GWbBZaG*z*)&5UW!Fwp07 zkcRMbm5f5|g6T?5aS(R9z>nZ>7}yQ%wiAkkQ?mKjuH!>wzPmBLn)i*^@+?B5|H;lW;@kPqR$oW$=!VO;q=G0u+_c`M69N_MdiEeUFVc+tGsA{Yp#IQU7gIs|=8T7o$k^5p70Bck|LQfgkQPlGWOjJc|M^VhRLnO+m7^-M0q%GmOUM&JHKKH{ zOhHx|G=s$Ng}>*A(25!t;Xtr?P@5lm(s{e1W?;`A>7%C29(vY>)cFdARWu@+kKMuv z8y%LRTpIDBt;wm&o;bMZNS}q?oHgdX!^0DQYhnnUL<#ODKr{&rp$m*ZNkHYfja#9p zI2qp`iASo(_su0HgLxm^JS4!YjB;T8Rp1HmST*SAWw)^i=tk-u6AUaV6@dHln}o<_ zajQVyUxniK^;{k`*LVEi{DFRLWc^xtl?36L<49Kf@);{X3rWD%;0_*`gKaaj>we=e?Yjye6E`tBflB$@ucxNCNEPw4b4u0@%#KZBxxA0q*U{{`qN+ z`sS@(!SX`XXkXhwPhp2yBCk!1x^K#Wmx}-0E3Lt1P8u@Tk?9rvT$E!QkIMFaP-be( zKB|o{DZ3y57*&ekMffk!3q+OhBPQefph(`SMSfH9Kfl3MPzTD7uo*9J3k@r{)}BrG z?YesrbPsKYARdSFJ|Tp4XMiUv|FA(nHd3L*oZA7j>-&|d&jXv($(Mhbdds2b@e*V5 z=U?cN7ZQkgmtHWcC)&Mul=45qKY(h7nfKj1CcG&AJW?@97&P{z{^(!KTx0sX)z-_4 zH`^fXXv@}BZQwNW9biX3u&*Iw78VLL6x`CyQ6*9<8Q6W~xk_mD#-Y+&VXH{+D00!| zkNlz%y!^f#PgV1!mJ44io@zpnV$>4!0pw?aXHvPj)7~$eP>G=Q6}l#eFk^kq70w>2?CIU2BUl9Nii5K+!UuJOF<*lUG9x>RW;2^9u$a?9;$s_ z&1$3z$E>P5N#9@ZoQRB|fLUvB`2qv@G8)Xk-J0 z6A{#p@9%3PV+$BA7JEsG$(Jo}yR}~6vjGM^FY!u9umIKH9 zoZ!+fpmbfC#)1Eq-oNtac*)LBZ3L=gk=OYrBT+9f1DsA4Kpq}BwuD$lZD&EEnPl>{LE3hIe7-|R#fI)niGGu8FbEOt`J@0O zBiGn#DAHd*qtXDDpPSpkRvfM74E0N^tcPz}j$k@rPHuC23gn2OX7)ycmO#A6L%>sh z_>amoHHrpxI`qH6=66K}d)>sBh2Jy|=1W-|&igH-#0nzDEOT3Q_O3mo(YMjJQk-bd z-vF+J*bIF6GYnFUHWdP`n;6(UaposXwh6U_(&N;tmE=4rzypc*p|cp`!?Y80;t;sB z;4~pKb~UQBf6ax})H8i+A|YVGE2<+xQ8DT8TuE{f>1{#v((Ssxgv$BS6&6xAK}Wjt zMMW?h5PKunuv?FaY|C2G5JJBm5Zj(|Y8u_|LL%7&*U#Nqz{OquQfE_ldtB~J`qS;htph0|Dhiz)w zm}eAwbWr{w7;yC)=PM}pImTILKf2-=qB7_-Fm=!A{DN`eci zM4|Wqseu@vgig*@7HqE4v}=l-JS!l=V*^Co{G(|~+xGeGdk0td(NcOS4WN_o!9n%W z=l9FS7kK0&ApDn*H_cr4Wv(yvIx}Ky4=iv;^hcK)tvKdcQb3AmZO=Ax*H1X*!TQ`! zgv@ELWe$sRkpPHzEHA8+7Lb@7?+JAR8aWyoQ`NzTeA?qiRAVY+Dsa4}TY)L4A`Fom(;~dgy1s4Sw%;Hj; zV&e*f1y*!v$$_@a|J!f=8x3$n1YmkML@IbQz+{MJ|uEkv5k9bG`ra z)Jp#;sFgpz>VNs~tNzcQ$5`OMd5ryiVetPv|6kZ`k_R|!<1#lFmlhC^7aCJjoTNrU zOADXrpDx)Kf*^Ac{50v>nSb;iD)2@!bSvO?odcLPCI6ECkef(jD^$ql=dyk6q6Pel zRo1HwFdOXE`L*9!q-1614Rk$DC@lOAIm9SDA1{-U_@4xk1T1FBEoSn>l;j3ttp2|X ziGu?THkGvA>eS(XyB5h!z{bai?|iZv#oDShl5pP*|Ed~4VG{G)$w^5mzUgsBhr?_f z7DdR%y*1Re1cJq&n{ie&_KPl&%kfas%d4GzZa2iZLaV_%e)rxa`3wP%efagNi$O?8 zXf{^_>fjs+9$r+W=0+KUmNS^H>*Kz9Muu3&=VdN?^klAhriNCrSh4XmvjZB|)7FLe zKf!nJD`}XU11@nqmzsNUwnOKP+r-#Z6G+o-QC@S zyA#}90t9z=hv4q+?hssqdvFcz?oQsOyYD@H-m7}QzA8e6{jELM)G^0E*{X5BHRtqv zsF^4>n<)Y$fG{#)2Z_B|PfRJ-n(c%$S}xKQ=PNWwC}cC_^UGv2xu)A(Y;?RCnvaA3 zrUiUA%fAdarWy)0ji?6-EGUel-q`-dd>R)>@sEw!dEQ zjbGJgze?Xf?=tvMMVL>AfDQIjybObkQLpA(fe4aY!d`sk6do)S6bjY+-cC zi@rQuZZEIh@&9>@_T0uT{$NTB97+WUS zf0W5A!Si`#J;`t|s+9dT2t!vsC|imP&5ZgYqWR^%>rY}d-;+e-$0EvK8@ckK_vqA5 ztd8W;DLKzv$FHxib3?hg^@fA+yyDc)eSt9C3qHFvda+D~0|)J{W5wCtn!qkB#CSUU z0;k=C@|cFddT2=oG@v0 zd3Si;x2>xHd}Yt;qrm?0tV99QO+SX-fwRxcHh~krE<3jN3H{jdAQJ|ydQJ*6jPOU6 z4{JeYtoA1`Xw*YCKF?aYcA_6?Nl1j@;Icl}cH*4DJKvf8_f74BLe;Eg<9$&!I#l?x zcJ5sa0qSsVCNE!7a4lMxC3Qkm-JZ9im|M`x?{;N$xYAVZd91Y_m#pWl5gD`A=2A|< zOGG3%h{#Lz584r(kCva(xo9VQEI4+<~akMxcC)L0Q27^bUzkNgXXTV0{A&>5V z`NQjRSF)woWUX`l^Psl0nHveiB;ahVtvpZ8hG#Ma=HVj(PfiNY?W~eHPlZ;KEc?Ev zX#-Q-VOu+n0)eY=eI8Ja6sW2@^q{%J9K09I=R2StK_8!k2l z*ojx9BBQ1dNrZ#jdB;5~*H2DlHC-QUY}P3F_u$0MrWk<|UHw40eX#E|K0ckTXodNB-tB-FgjPQr4ZJN$&r>2hP8 z{jQYCbmlA$^+5v2M+hjiw^F6zBOCW$sq_8YQ;a!RwE?H>@|Ng>He?t1{KVaCq|~C zqUr@Tp{|t{&lS%u6;^gFbydX7%*pMs%D_l8qR;;-g}|FA2{U7;PAJ_!tw4%}XB&7Z z!x<^Mn}BZ_h60_#Jhm-=C@Up3&5B(F<_3FAe4tZYoR#I$$?@mu_V~C+dG#=efXB7w z&3RAs8#VReYEl??&@~DEO{>R*mfBY22wOguryC3jmTW;F1l(i@Kx03ErW9wIG9_X7 zgb_(INSIeAD;(gk;e!2{2NGL0g8em7! zp)2;*(hLrP1Gq}F-$9yknFbF~yJiG7`CcZBS?f61C*t=9xd5Zc%g=Y>*b;k5xe^(M zby@5F9|EI)&Ibm}Pl$=M#P`q3K7aB@NcaOuM&9qb#?;@V7BXR&^u`+Z!?QfGVJeh1 z?5T56spBU3|FplX|9Q=(9#sxA1LKGVS)&A`2*RZ(27x!6jEzhyRpc-C(+>g^O>OUO zCSYRA3>!qbk2i?(QF%559$(%ZF>svP(!B1&|s(_ zDP|H_R_Y9|l4d2rqF9k&YW(Oh7ObRZ-bB4D$V9urnCTwobxg8c`-wC->YbbJ8OGeJ zG0;6*%&!rih$Ps`sPkDhL+)FBp;vq9Hb=~ZG5V39aBv}1Vb_~n`?wrxVt%F)wtTEc zm~#&+>u*H^V3A;Afz4S$o+W+t2oRTrvHKPIM1njS2e3`W3Pa10?D`d#JRAhr2tIGu z*@Y_Qs^*@*dA&RVx@aomr*6BMpwgy5O(;D?0}4?pGu@nZwu)yY1c_|pl?9OToz7C0r<>6#aoFZOb5AD5;^MFL1gx;=gbnWTRU~d|W40Ld`Bmu1 zGJXCdroJuc$w?sQVH$YljwH7=R_j((5xeQeH8>3Ig8!^*G+dWBU98qHajpBK$;uPb zFMrUWMy-le#owWt;wp1#`CYLAK!|dHeYRPn2k0o{r?@mq2fb0Fc@ma`SR)e0HFDI^u( z?lMh@(d1D3_!pbpg)!p8bNaaipyXO0%#DGwmy9)f#|CzW<|ia+)w(de=qwujfrOd% z;9DA2Y6T{e0c&6^*xx|Of1J(x$2;>OB=oZ~m;}{m^53QGe@dPh4A7w7<%9(=%gq0Z zgzwoQD*t=W)_Y;>o8`Y^R)e(CCo!_rh9^K7rz&W9nGi-VI)m`JTQ8@m5lysE(>>$!2kh`)u9obbT^)rZg@i!ylq<$*ZsP^W`kxsI4oU*+m}{jt5rg0qh6O!F9(r&!^i918veiL z(&JWeTPCVF6`EbBOldpdpxgNFy{(#!1@#Edmlkg?#YoTBoxSV_2G!o8JWroq_A?O* zfelo%g&$6zH$1JfmdN)n^BMOKX?%ovUVC|L@XxLHvlcv?yP8l<&1YU^2ORA6zUfWc zWt>0q;tw`5;W>7_m?(TbRIAERhN*CsTd1epcjKqT2ysIX;Y7Zk=9-*#|J}cvwsPB& z&AqkOG;YIl?a}V>*mlEkPT_|JdVZXxf_mNlJlE_H{*q1X`W&~#IC&E4 z=)zC&S6}X5R`yqU%_Q9W2K9gcPmsaK&iRiC1BQwVx+{PhXSW?Zmc_z9 z81S+cNwC+vijEEX80uU2d6y#XbJD-9J19`#4_}8p@ARK~7d&4DZE+6)WKfaw@8qGs zJ&-zFX409O^|y7mIciZT9#8vfw>d&l2Ax+K2bvAsfh1B_R2+)5On?>oq02^=Mi!2= z;^QIfN0+u|ptQg5daJN@@fu|+@v^ausRTrAeB zBEi54vdU@t!z-o`n_X>N&-2y*fD&#DI zxnqEK1fGCmj1XVQtSH~a( zY3THvL5IspqWO#Ij2QIu4?`$d?DyY{tZB6Qw^x8fGF>}D7glPUFJ<9$tAU+&{4Cmy z8fy8pVYT?5ceQ~Bh_Rh1l1e;kHkcZmV1#y6ME}dhp%ycikFJ zND9@UQJ6@PC+$4de-16b(>S2 z;Xn6^FcV6<8Ic48#Er~EHhrQ1g{!&}A6HQj=mVTKZjV}itnX?cyA!G4|JU=8gIWJ> zC*rij5yo z{_s5s$Yw+&D3X1taeI%?Ln2TaVO)_$CLTK@bLGfrSY#~@&+CoEwZ_lzZuhSUg$l3k zSI25uqpbNEOcqt1Oh;N+e2z6Y=POFjDomsj)ZfzZHN}~6Ksjr|T;zmS{#^a$7x)i{0g8%#PwpD)?WqqT<k9+fLKl6M3gq|yZojY^PaGp#MU>&*sUYt~Dx!m>gNq2b~E=ZYZE zv^t9Q&fM&qx2OaJ1jFeR(ShP368L|36dR?;DA`+#xDzs!6p9P}=bd!Mpw}hmmrIGTdzBhVW*}j|=x{teY79Ka`3bY# z{8^zith;wGkw%SFPv8T(fK(nrlX8^PvCivGe-I2t9Eo`JunMJtU!jy_M{6VU^4LM< z@j~@zcy%WcfzN}t7`xSJp>H>Dy~NHS>1m-!wsbD6s?p!BZln40>*0NMs%S4Ce6Rqy zFd;I^vsDdo-$1|Q+(;rRM#6WXM?Q3y*@jGoOz`KNMx(*81x$r9J7={*y;1D#_SYXr zk?PKyjIj(}Ip@eA^>a9YU-~zpzO~Ffgh^XC zQ4Bsbm~ zSz>`M-a?pX{Xpc7AAVKn{UX8O&q~vXzJY-e-%hWc!`Nuae2814!#Xr(>t58QwsYTd z$>!i}eji=c3e8HI=kYYwxOxuV7WYbEcSLMiXw!5yr!#}gK`g0SlV))0{v#y9Fu+r2 zeA)^(-D>>had7>OSO%Ld22eH~UIhNKP{ zYvao0T^U}6a@CH_X~`;b|0i?zYajxEHTGE7Yt0QRKQsXky)ccV`XlgYWQ9(LE;1q3%G3)lIw6JsD%K z_EE*_BAK07gMdPlrirT$s`oT%Wl(BmB=Sag2Tq)%AsPKfUGhCbR~tFrB{M2gNt8su zC5w@&VdQ~=6T!Agq`Y}WLa*C#;J(zO|wErITaZK-R> z^}ZhN?q|gf1|tNi6b5B&^UAaXv!6T(#+v1S3RyxcDBCS07hZa+#LD+v&J`7;s@-O# zR+wTSLTCAhSF#8(M6OgJBB$*J;l!zIvyXPg@p;lEO4N=Bt#DL^evhGFC#MOrO+MpN zF&IRW6o*2IykO)yx7}6&H8W2Sw7YjRUZSWa<~G6A?r6CkY;7|;TA;6QyCUM5q#Gi? z;4wtN&vZ8H@9rSj=}ZXpl7F5Klr%uUK<)->N?Fe^RXQD??hI4%QtFf$2@x5Rl&CAn z4rnoClbE9R~d{2zv?JLnaOl2E8_7tB?Y;ejAN~_x86VuP__JUwiKD;pqD=XInSd zMKijdU9UBaTM`owbsl}!+pF_G@I^M}XKtrt9zrf(Xu8;pdxak~>kq|!X+EbnSta9L z%t%XmKimN{L6u{O%_dL)Yp>>AFkTE20s?^5ZNPb_sU3l`T>F92Gl@|EzlH6OICet+ zrQ5#GcgyR+!`M?Pi|5V#Y4y>x85R#6f?vEl&Gz5|NgZ~Ce22>3=I0UvR4_R(O)|+K zZUJ*YhJ~sqLKXFd2tsj|ecP@YJgU7G6Wtcm{#xi8@5Qf2piT@w`n%(~K=8Ho2p$a? zmsBtM5&ulWPu|{|ic(gqX$2kRBg$@q7XPr2)0uWd5(X9Wx*RXE9V!C8ZpYpcOC>A$ zZ$IBbH0X2RVX;jss0Pz{Qc=-7yZqpsUf9bYo6D~MWMF5YAc{$GsiBJX?kZTETbqHZ z#Kf|uo_)kMNLE2AdFWpeq>^k~o=-yTYk{S3xGCLM#~^CLg>6JzJbn`w)oVGTV1v1| zTY2TYLg&h(@9~S2z+w+X`m`b#A4Y;P&B73VAKq-0$~8JS>L)m5(hSL#86r*IuZA`X zjddBQwVsayTHqxKw$gxyhBm~r-yg0_LL^@@M7Jo`8zhbz#RmHpUzHd~;ex+*75TdA z-`{Md9+A#$`1zn|bYzcC>(`k=sqaIqCX|?3XcM1yfJY*US~VbwqNhZPD^d3{za0j~ zpRl*=c3PF?Xy>S1wQDP0~q>*fR_u9g{NKTu5BTP^N2jw5EP!4HS6dl&E*j4*%&12+7Hr zl}9I|X!@j+un!xLU+085MuT)vBBxSD})RNAKzjU&UcS5>oCXU57{WhuPI(VeR-PmQAIi^jt zH%<0dKKlLp#_M%Yx+ga7ZUF6;#ITRlWT2`B*`TD@?)Ey8l-|OT$CeY-I^w%4d zs$oZ4`9~uO`B>MxVI<8?oSPaQMsc^7T7zjstnzC8+YTOWv(%a@)7U)C!CHx!j_(y; zwEHI`a}M%sA-{HC{T!<9&VV0`!V5W`cB0ZQNmlN^bux&x4g4f2S?H4u*)X)u@6ubE zD-3b))@ZR%z`2Jr=_~8Z4f@jz4XR9DkjurgTs7$x5+SU*IvZ60v<>7H-}knlJp;nY z(%>e#SHw-Wjt4&kOfBZk%l&JF(?*?>^2#w>VPMbx*{x6yUw?Aj&TzWgZ_l+9o;9Z7 zqi6g{%gijy(A;P~GLwr<8JV=7c)QVEUsfPvmjC$hzY3+h^oVK}@Z70=&wP_Nfo zG3Rdh?&FMEfNz~?T}^L4zE(4wl&^XV6)r1_G;H?i(?X05hu zOD5zq)5T7r7%tFz=6a{2jvAI!Xpm7$FPm(!qB;rNg93)*-)t>EGV#@kV}D(`iWFRN zC)1&ny!p`5D73q}r(K$^-9WIrHLxr-Tt=O)kSmg=@ctWk@a~SS-s5+3I%a6ykS~X; zKsKs)H|n`|W&Ui1f{Od?L9lOrdCqkP42nT>(%?Y9dG{0`{1jWqE6?X|oM(NS#$2Ok z^FUW6{PdV8QDm=O(wIc8BJ}#W++h2wa`9Si{C zMSO2yr@BZ6yPKau0t+;WUXM(xJE6wxTD2fpFT}TycZ6KN%t#W>eXAoiVpoXuV+NQs zRQgW2&4AEhO5WRdzrrsgs$h~{*QW?|T))+_F8S;C$3o)lg!d-&0yj!9JCYnN>h~uw z>JVNYu0=vSZ51Yn$X?sQ!;PjB4(md2XJSfc_J?-NSlD#D`ZoweTO6?jJJyE)O81-g z4r6-YOF4t9vHNQ&WiE$)JY-grt7Kn-2BA-i0A>5DD*UVS5|avCNYO28h%UF|&zm%* zj_1<~nvGDRVYl)Hj{NjEpRHrbzNih6NzX@bHd81LU-PWx1J74N3j_3CuCA`-s4RMb z?U?SW8aVVo=c_vcy@kCl%-c%OyWIsThk>zZBio((jb?N9IyBW{yMhk*t0^y6&= z+cPu6*daax)sHW$wY(lz?{0}v=#Cv?i=fPa{;}a@m7K9aix_w}l43I+$n^&@1Ljap zvNc`m5HO3!#dDu|I;tu2L8WeR70T)aTV>=FPoSkF?*sZT$g+*o9iL-w|X1_av z)@QE0@cD%9nou4k0!Ny7Hdp6(Y=-Js@`rf$fnNQqc=w0DIt7GZ2siA2qn9T%*65GP zQD)dR>cZxXjWxDEy3s%mmky=tSh?T`xXhjRpCvOFvK!~;*Wl#Y2#&widEM%jrj|t z&sPc zYMH8=B5sfr`Zgefu}O$Pi-OvUcYAPDXKm`Yf`if_pHb;R-J`gPs_${V=LEO-4Jm%) z6f}etEgeyvN!Qi6Ac0;*%9+SIpao`8{Dpm(5X}0+7_gOV?w{@O3u9+&sooxf-n6*Z zSR1z9aT>-E?PY19YAa|Fo!Z0ml10*vH#%MOPfM~-{yZh03Hf<0sDuT!9-k)>tO>r+ z2e=^|!pG}v6~Zpmv1~mUeJw&CkTrBFMTtto3X88$FUWxE=WTM1$pSX$Z@+GQS8agw zPZW~HNdC{W>|*cw0v@+B(agPd=y#4%jp}QCyTq!Vn+;oL%^9sgT>?jz{RHZ!t}f)o z8r@rSmBvmN9wHp@_h4q%#7NPI&2h>a=wEAbuB%aFTBby`tp2ci$KmpOD*`z-jY{`c{6_fBDx-J! zV<8MhUKAr?dZ=zmH{&Z0%7VOUB;heiCG|FiOkx^axdlPSv1R&aunBQ-5|6#h2erVA zZWbOm@~TnS-x(MCBZ*&3iMEV7<#YYRI1`&dYseMMcKWi1-Cj1M_M(Alz)K9=tazfo zRu~aM#h0Jk+;rlOf^E4gIAxA~Iw4nnCNkw{i3z5jXL*x)0^P6Rp{qXf(F_8qxgI#r zVxnZpdh{wBFc|d2g0}sz@YEE>qe;IAeUw1hVPhj*M*tgL{L4Bp% zySnGC-^)2GheAI3^(NGz5V$T!HZ+D3`@SjPPM>6$w>BYFa`l%c);tRN+QmFCwJ>o! zWP0Io6LyF0bU>~5ItUKPt+d)wn9m2*PqMJWfvhvMEj0FFvlyBxikX1?J3;$1dWo83 zb*t79;f&!Z`uGmBeRKhdonnqKdiXl z3*=VZOaht_kGr7Z+vek|p&BB0Ia;w|VtN^3cqhD25*k!gSZXZo#-eK8ZT7p3ETfRE zmsv;{Sc<}vZB%s{>i$9Po$oG*_RAv^TC(k_{SG)^Wt`7`Ll&L~LQFw|?WmN?>g!XD zr!2wi@$`qIDHWb45yv16wPaOxKJRqzlkXx38pyvEsZ@1q3Sn=Sl+4(F@B@@qtNURl zpg9r11GAHn`@+EA9ubvnfP#JBgE;oqIi z3o}n`fOI(pp?MFHZX?QzTf9z>QZD5DK`^WmnMAmERdx^byqv>KWwXhpMn?LM)B&M(m6HPlt^8ITL+VQ7y)8NS z=VxDd-T zk2M#c?RI{%7KCqs?ODBcb^IYnrsM5kzj87Pv8qj)=;Dk7-<=acu4% z{Q-h`ZHy{%{9RE_lU{jCHAjdodINDcD(7BXwt&!#WYKsE+>asZ<+Bh1A9};CXN9A= z%7DhPbVc;=az}nHcUo<}w+k=Mz#zK4ZOwXXURs#90~7d0*9P&b@(=>-gsq>8wGPQ+ zAs7qUv$z3043%1FsZw7;8P=B&VsX4rogvU&sx0l9fyUon9u%;Fm z0t?Hc%MO8dBrDY{Bu4j7J1X$TTlJJ!?45IQr@lF# z`LdQn!sJsL1?^+j1nn$kxcl`0eW%&oeaBE}l!tC{kc7C#6gyr1l>=Squy^!o{pCsY z^7=N>riWgVZ0mMGcOXxj!c}WEW>P#-fjC7#U5?U0pA8TtX#9jVD`&1+U1aQlK^q6i z-)^#(R*)ae2{knVY^O&yiZg)L$7!s3sD5MK1KjySTZpcpF$JjCw6`G8&sp$v&9RW-Di zJN~%Mj0cUt?|0=Sb=OljMGj|7cHC=j2g2lNbb}d~_(Yv3Y>P`G3_+?J;kazKegU zVj+RR`w0t-Q4TtwNm6;{hZC&p7f0EWpM-~;4j3Z}eWXRC;y-_?JW}~TuSpI?VS$kO zIn?D*HGgcAkhU*Ddy}&nV<>}pB6q?L5$@YjIQqV)iL-reH@}$r!tv>z=!phm1)1ew82uHpRG+;42#Kx zFK4M#9v7#>lj#Y52e%?}YX}R5nw`4X8L8uOR0LPy*}kKR6!kt617Z4CKh}-d8%^$s zjQ7e(LM}pNFL21+i5-d&e&c<@_6d*Y0~2NBc@cCQ1e82d@o=+no9fjax6gv%&zWa_ zY;=;%*U3e(6emOuhdo>gK2XGCc_NKs4b>cdZ#w=k%wd%82>Q4mmq1hVsd?)x7IZZ} zF=MuNy*=mup$g)xHW|}CTXjoF2pnWeScx3L&A#;_nY8(JenhJid(6W&Z> zwU_`M4tn(@OtVXd#h`}?_#yc%E-vO%;HQ)bxk5D3(u(yONov(k!M6o5BE(Z^BU1Vs zl@CzGeAVmFN9v08kSY>Ug-Vk@G+^H&g$6AAv6UDRqtgKHc&UE;?+C#LeLv8vwgsQU zkwAkqrW8$@zpS?a9EAQmGx_zUcnDcpCxN6XUN2f!N~mjSrpMiourS2PV77NIt>~wQ zB3t4!dP&3e-p#VU4;J1F{GZh33z(l)2zJzY9A<{&6^8O1!IjIJB(#S3Bn@8tNKV+- zQjca!3qQs2dGlQsOE`OffydUvlp4A+7q zuP&x~hPBlXsrxvfA=Kl&Lbdi3zQ)v(jHQbhbdv2g6OYpxqNJ{ue4?B^{2_utH8Bi- z!cS|Yna6nHKE4bmb*Raim8C1!+`(owD?e|u7;!lv79qi{t`9@lH0{JFfF}wM-KW}( zJcC`4Xw*kquY$BAM{GzmITLw^x>)vOv&o`=giWzP!r<^@`$&QvxKG>KfO9?Ndtp{b zNk4z8_x*#J8&-}pqNCkJ*cgK)vzFe(*a3mpQ=vDsi3OqM#a}Od)esDOzC0XPnL9`o zq!o`@ZfY}su)r+;sZ7MypBFkzsH+o!QVY3l0kq-jlQ;P*HyX4i!(H%cGDfzWq9OWf zNR7$4H|dg29?dPC;`aa&3zWnUKkV?sKpg1Me0TF=Z~~B*2%m3`sIoop688pMgWHjf zN5RZj!9G?}$;5iKYHW)!8;r0T75^?}a>a!#H5^7vNdq((v9?c2A8CJBt^_}$&sNM8 zEF#eAV56siOq20Jy@HJ#%->c=^YwE$l#vBjNjt)AFD^G&X3>g~G(Ky(&Hr6x8Ilg! zNza2qAT#CL3L4RU`?isjLnyuEfwkeSG^x03*c*@5P^Q}U@&O$eXvjwM#F4}s zQCQ!$cIf*Ba(VQWPl=cCz>dT0Org|od%v%$hdD62Dp&@c`JXE_DbYAb6;Y_+rJV;k zzUv&&tR);Ap{ci`B>0!PcQ{zZ2jA|RTUJD^OfEpei14Y)hLx0~n2pD`ig7M1eLf}z z%3osMDO&Y*Wnd>0I=hpREuD$R(b6)bs+W1cyW1PVv@ZFk;jpyTsJo9v)y&6djV` z;0h93DZ=pstM?Peb?_IDGbT5=Js%BPbw0uN4Rbf_);bDr4|&iAU(up1xKHd zYxvO?y>D`Q>C!!(R_iJ9S#SMJq>DfC11bWe=zYt4RxoB55Pm)WRNr>t1&PYAeu|0G zJ3xYM2r1fVmaYO%m{1gqr%Iw=uJLe{^WhbbKevcicEU_7-`3t~@5HT;f7>xW-t`HV zUVLhT8H_oIAX=WE|C^N&qB0HG3rC&Z47!G&5fd<#{KaKFnjkno@NF8ih<$`$-CM0m znoRCn0LcZKr{jY>B{Q56SDasEKprBRljahr+B zBf=7}=gN9Ssa4S#bf^J|Q>A&(d7^ZXdiglWv?Z$Ruf*c19B#p$e`Y4ljZHt0ZLb3B zGHcPM$I7VFeUPRn1HfooGkL%HNH#Tqly$~r0>sDOtQ1U7h}=l4&XV&h-<|o>6U6P2 zX~)T%>IdBUOszdK@yvHE8tY3^;K3HCZ?<67*MQDIDI0(A(p^YSk?(f}A zGGFu$_`5v6aP~cmQ2$|9`yS=H=KogM*~xdbr2-&~;FQaKIdTddeKo%2%q#p2bMbqQ z@_jx(@;Z-jB3yZIUlCVU$uuy>e2t)a(T?1vw!&hBj}eOK5qC0INrp&yQBtkaEtV1i zz$Uw={GCGK5~lUhEM9{nu3j$Ai)bP8 z!2K-z(C*y0v;*U%5fyWEqu?PR$HIgeF_3=o6x92nG&9TpyaScXPh7~n82WT)|47gL zBVg8o1RpC2(eZZQD`X!kbP(+l4$HS`&|URh^-WL52F2B1X$^MU=&7H* zerPfeiS$6b2ngUCN9hY_)aHq@5y^w7e>Pnk!iYiGzm~$M%q7*%H18WJ%0;8aGADroR5G_?B46uGpMIyhpq^hYiBvQ8*&}m^$4!8w<(&SPVC7v z)0J0ftrQqg98>?~HXD^SHc7-$4%RYYag&1bHpGjhQ&?3hNu>4G zb9F2Vt=iHz$ctZ3nvE6lI}ffBl)v`GAUSO2$!^K@cATKrnO6i@1%E$?jAS zp*17eUHM$^!L@5wa=?IZGe2wv@=>6|kx%9JZj_1l`#o13t4|J66jL*L%TuO0v0~7E zJJB=nv>uia42~iWf~6q=r=xGE(Kr#GrZ5@&r&s|#He~+FgDoP!1dV&q6oY?Q%?Z&5 zxTIVnaSMWTV~nwJJDJ26mYYy$T}7)|BMLo5#L8! z^HKC*b7b`d%*~H2#RLnZ&C_!IJrpMJoKZRE5Sn`aqfk1klro5@Ye+P2RM3xMR104X zQDi5zYQO|nT3BtU;7NdJ3-lVJ3Oxi!yO$S-2g3`S&Xdt zSef)DUpwlSdWw8xbtf!F;!WhsPv$xVYi7tC>6?RjNt*Wio-VQve)Err zW8-&txwrm34L57qOdeSSt^mC&JCWGdI)P7Aa~Q8}lbwcC#&Nq(I(F-CetVo;qKhv` zHJG7#VL3YgfGBMl{yJ3Eg`%YKbl`7O*HC!9&9N&MS>_DT$7qD6qK*o?nMSsMTvbHU z-?;V<3TJ!eN(|9yyDyb{HjL&eXub?_9jxMIwi>WBa*0ql{wYM-UJjA{JXI8_v)CI+ zMn)8L0uW|3cu_;MZ!&b@-P5R)B``}|rU`-TEK#XdsKe>KvP_qH;p8&2n*0X6T`NvU zPo&&SBRrN*luA@=O-uxa^?<>`Zc{>8t@m1)Pm_pr z;tuG%x!V1b=CL(hIO_g*ksFXu<+yOxk>j~mEG@?t!`JCnKLD*!^?yMa3CsV= z%mB|07Nh;-StvUF^{F_~w|aJ`gZ~dxqtXbxXmH7F0ie^CCO~)SR(GGW>H!7-`J^3{ zGy|nS`Bj7oXm+mG9W7R@|8t#x2mA#O@EZ}c=SNx$D)1hR5|#K=A>eksBM33680x=} z8et1j7ptU6C00J1!+?-~%wRL|tI%!3$EuMd zBHs(%bEE_XNYCB$}W>}}(sDCBa$UJ*jMmbOw&5Ww1- zCDQ$slqa;R(dusyTa3cHzZoit(&S!302%1=WVxfzXtfNgb7Qkwl?Wp|Bw&#OkTvh* zQ-xTC*;tP${wNqOYb1mUeg;LifM`rtm*e_U>N>3g5&<7CG+w^3(}ALfm?Amg^Q2cD_9?arrZ(~zlCRCpaRj@XWo)VtK^2ejjWv618}SEC^Ol+H1;&9K-GQf}a9D=@KY(UG0oeg2MI zV_*%oAQ*6M1;G)CIDc=W^Phy{{tp*`5&64i1HgrE?yDN*3@blQV;pMu0{w5pX1m6W zWT;ddN*oVob*uanX~0r{VySo7{OK_Y2oK!VAD-Ubk_WBtbyBDE&f*Zoo^@gJjWswv zw&_YnqfrYuEDvIg-R!LSSZDC_8z+Fw%ff#wISHw==X+{zRk_qYR3u|-8txlr0k%+# z72DPA`YaQY7&BH{okG5`6EN3Q?{R9km{)2l5$EUaFruQ}P<^I@46md}TGFTZ64N(@q{mMH zAlI*ptfPa(p|%;*x~+~LO|lTl*|mdL39n=GNg*0KL*NMngRjMRCeOVIIX&%t^B#~W z;Y9_xJwMHVZ`{fr)x*c*1FJaG)6oFNgj3vypVc#OtB73 zB>n~+X|sQY$d-t=tl1I=jBy~nQUWOW^=K#xg%KPw(twMe^$1*}^Hj%hA0hy^-dj#U zPpF9cdu^cm^>6Ej7$Te(wH4K9cI6~D3yF1{U_%-UP2AY(5C7sI-RJ%lEp4fiB|ajX zRi)n4<#0+jjm;`0wKb{md5bdg7Y0KSN0iqyLic#-cU1bF5$3FhX*fn61 z;%5fM=|%Jci8t#c9-bbEWl47V$Xlo2|G^>s^)Vy_wVGz&Rx)!K8k>WBd3wLSvlSGs zSS(9ds#uyQ3p)H;cmP+?c0eEW9!fR*O9JItE`D+K(ol)gP+y1mXUpXX%Z1ax!31O| zn9q*@?K;D`BIZ5G+a}@`tUqQagXh((`9XSd4Dg*v48UL(7KvZrPHy8 zIt=dlBM#F(?H4yg31vfv^(Nb+ zcofB`_CWCgr3`hk#;!TgpP%eT?y%Xnj|6i@8WB@Cyz679DW&$eEzrOFwffQ@#mHth~) znUNlX4xBp0g-R9S>f%2y)4Mdr?4TApCtM(k2=SA9GU*39j&Hq%7Z!SjPFh4IE_)e| zaX2V5U7fE*mLMckLK*yyJKvw00Q8&$_FOfCmq%NQ8{gY{GIFrK_Q*-gwbS#7Qgr$H zD;L;_wP^PR*2B>ASH)4^)u|#VTx+bd+fD*@!MhXanO8tg{_9n%Hc&I}Bw}RG*PXo0 zf0#6-q6L4+#pE|jb2MGRhB0EIOvAXT7uu!!P$dZlG-sd!nj9rX2(t||6i~FiRyf3n%K)h&EcLntM6oCSXV&%uV zeCzm~mF7`&Z*TvX*|kufKaO^s*xtBK&SkrKs0opy$qb{eH8;|}&kEaOaEy;MAA_?$ zUTrsrB74xmhxO?rHE-Gcu9Nxb-eQjiLU12O)Wh}o;(QWahnWA4Kib;El#LqGuZvjHGp`I+H||c4yuQ%(L^UW`(2W zI(E~zpXHcC0o$TKFpvtmvM7@%xT>hru^T^{EAU8;Vm4luPUW-sQK8i(nEi`PA1ex4 z=(lhCbfW{LjC7NWO$xQe8KDXc^e^F78YbJc2i0;#&dxBJ#kA~6&TI5CV!>~Ppx{?u zz!uZ)&elRqW>rfK&A>+?MH6=&4Yg`aLwQ(@K2&^TGaeY@WWEczlt^h(kj>(O1~;Kf z7|UYzJP`1-R_zPXYP%n~gY)Ai(Pu(-890z-BPPjL4pnb7k|pj9;?^THTTTiC`xQS{F2EL7D2c-fxE#0+kw) z=(M`z@2x^hKQiBjOrzmkEoDa4rw{}@+HpZLspFqMd~cv(! zz%Q1eBSv`*<#751CE`@N6)BzCYTU>*s7Y^N$NK@DLL23)kaIa)HHjU>;sqpe*U_D{m;EHsx%Iu}Di z-YJ=@X-a>#TrKch`H7EBi_ncNX3%lf{2K@l4DaDVw=Ztt{I^LBZ5sP{!uOpi^}iz< z*575w-3=G0;h}YJXq$&^g##~zv3Fj5aGL?-HWM8y>DMeI}W`&ds zQL(JJ@Z_&MjGpT_v(@EGp=K>PjBe_v(nZr{4B-{ z8tlO6r6Fgnf_9U0x(i4fTxo@6{R1EoB*(Gm3Z2_M&?vIzsMX@knhy}4e!hTTu8Dj5 zACDX1X&PUup>qKZZ^FoqZlNzT@dEk%9&=O%1A^ z4RoUkhCi!jxaXQHQyti!sI_g*wmWSyo5P)Kbh|=PeYY}v(QZ4PF$8wu{{bmY62+LI zhI*=l7a`kGkwbXz@5e_z93_^wVvnOZve=Qz{pN`yIHSCfSGc^N1ZPjwwnwQ&0SF3$ zzQkJe`d}@vDAl!r38Xf=GKsAvsGo&DV??>gY%x*sbp6>hfx9vObJIz`Cc0vhnXsc6 z5&kR0%PxUnel)T(iC#ysO1s5hJ!%n5lu|BhwG6CqHtGLR^_D?(bkWu>vT=gDySrPk z;O_1k+}%BBa0m`Tg1b8bf(CbY_uzJ$_nhzE`~9MdDr(ccSNB?T&M}^mQuGP@Uih>@ z-?;H(Q`AMxGoSj9ma}1jw}Gn;WdTCDlo-2Jozc4gEyl%gmFyG2sgGxA-SDkvYy8QS zJbuHxElxQOM+^rj31oiPp)e9BnX~XcXO)|-23$OvDc8;_J*SoVgKBtyEmd(=m?ubh`1H})ky!$Wpg8+xqe z{?XhlQ55pgQFPwBmUk?5)+^Wg^FJ#1=!BXHpag40eK>i3pB@nQR%O}1q(XkszfU4_ zY^+qH6+51-$gf(ycfrW@|{3t!j4rBPN-J#(k~AN*vPMr!>isaHOH9cJ8&539;^PZN8<7TOO` z)!WalEtQ`-oTZx8?xH?wREIF#+zg1WnFnSQ>#uzv6Ei2e$W?SR$AVn`N&+>U!zkxZ zPU!3w6AL`yNe@3AX9&@j_Y@E-Fq6Tw&<@=(5C#IBu#@p&t283J)1$;~^%#5)e;T#I z3Zr;;RqhY8}R3>sKL+C;=8zv;7L~``aP=qg9_-{{k<@=Dh=A47R*H4t0hB zZ(8slDeskKe62!Ut^I& zHIWLg69Ut4ek!<1F&n)T91T)?zHio-M3$;U^)j3op?^4&1M^9dNhQPS7yf8(!t6%w zlnkE`f7yiyTT_wCT4^YD`@nbOyaAl=vL($bHRbsVed?_tihlcKDX zohtlBg#RSOQsfYdLRV5`qrVe={@I185oOY;(>q$nJxIeMl}0E+5nzuaS42y}NSxph z^F3fj!xk~l$RyeG!`PN><9M2d*TC76RWoZ@Rzjo^BkT|~mo zO$3JA`Oa8g5O+O^!WNWN)F;cWomG4UpWWrsBipT0qD1RSe}piJS`Fjo^5;2R5P45j z=9QbrAp&E8qgP>MtErCC__ldBQxSWRCUN5WO5BGf=?*X-v}(fdNT$&TtyAqU@7gKO z4kqcN7`=d%{u#bL@Z@{}4$K@}*GnZ5znURxacDWVI` z=(J0A^K5KnD@0napD08a)0zJKX9wI&cBG#HZt*phr16a?d1#I=yKu3kW5kNQP*wq_FRi zP`^W}(y&VpcUMcN%+Ar^?&0Tej^>34bm~#-e$xhrl@W}{LNM>)TEMHJxV`)0bdAhv ziA3zXDC=|WK7Z#YLBjV0^cej0fTFTkyTq^7x{oJ4J{~@!;Zo4!B4>4dVL@}BQ77fw zr_-EO9`v<-q2^pQM7lKLw)n_43;mCGjBR+&>0|U}WPFmBU2Th#_~CK`R?K(8<;FQU zo~>^#UoZR0a#Zs|9&|Z`nEcgDWD zYE8~4vkY~SpJvPqfC<|2NIYBd=#_5=bGB)WAGwNd1zxl2wSEUx7?^N(tzgNN)2lO- z^spTF1ZbVy1Q!YLd!wUeb0?f$7uion2lZ4C+Byj&yDytM6(aL5mqjHDF*ZN=Oq&?Q z1rQ*2hm(7mRaFi&#G8(Zq;UQ)_l%L51`se)D~Or6l~lH!nyYo=j4ibLJjYo7T?Vf8 z!;H`(3uwdD>u?A6R z>mg+vfCn!t)7Of9L#hggN9_g9GVS(nd`l;7`1Py-0{D~Tg?(c#RIhy>{X^Ua88 z3)6=zup?X5V;O$RGnG8 z&QZu1Xy_MWJv)kAovdi;>t+mBEqcN#{7rKt;tBAuFlE&k<&I6j(ss+OtkHTHg zSC&8E#eaVAc3~`(f~BH zy$IJkVz_x9_E;@(*$h$v{kwbayQA)xIbCg(T>7Dw^erL;D{^sB7tVGkI?Tx_x%utM zqt*Qu4=00YHd3$>u|a0ijfN7czg4hOmrb(@hI|%DYlcufSgqz~_oG4Szg(ZEt6lm0 ziG{>}KX{uG+ngUom)OL~czxGZww=WLlB(p_uTg9XJS6hmD>GQeHB{5`fo814{x~yp zP*72Fb;hG;I%9`fh7r!kC|@zyHbI&@?%Nr57PZuBn6)3u2A zSGA6H*UIafP)I3xw%gcVfGYZ@)F0b!2Rax2T&Dy{gB7{{o>q`paKvUG z23%C9pCe-%mXADSzs_%Jx5E&~+7TCm;=N84xJXE5QufF1J5<)1KNNR2dw)A4MuJ+| z#4KW$jZ*U(1F61JF}=*mPDB}2>3QcqT-c}E?SwYCy*TChUN6x^29ixTxyfotA{|HX z_4bO0=3L08G2O5v02~TRz9z{3)9j5EF2`!7S~w@)3f92ZqI_8C+q8jSGoUqwL9)JN ztL_ZkC?SP>o@$pal7}}VHSZA{#x8>NkBGvgC0j9O{T7<(ppZ-8=yDvlQG0AJ?cHeI zr>i{MO*ruKJI~H7v^(Sr^j(U+oAt2ri{PLL?%`rrV;huaxsG;u3Y|8A{lGxBtl3bY zE~2Ue>5cfq!QV52<0imYmOMqLoKNWapTq#r^4JK{-}{kN>W0h6Yf%DC`s8}ciP3~h zM>AZ*?+kl3wNLeOW#s8GtOyu&__2~)E*@8-d(=}?Q_h(C#_+gwLl0u5>h*2*+094P z3dc;iH1On0fYkLWs*jZBlW!{mIw;|7q95g<2zZV6GmB4F0kg|!KwZHyS6-}1i=%0vm7;J+BvxcxA0b-VLQ2(ZU4hpta+tKM(f zIE>PB6KeRshEyGBA6p%ucudL7^b!2!F!=VX>dRQ0c8d}ztwBfn-B$l_QjL;cVz5+H z5_T8_W302WP|#o( zU|9dkfBAOf4tv1lnM!1-iB`jM{B_gTD7a84PqZFta|K`79KqcSWg1NnSbrwoC|Aq6SI^4*>_9B(~ z-RyLOHBQcY+S^-W)S#(JU1!B%v&@65QFxDkw+Uu^$%V@_U$sH=XuRk7GPMO9^d&0| zt88(P;^bD!1H^Q5RHY&`HO*?3Q#(kG9{{w$A!oH7ySFO0{jaHlG6V)P5!Rco^W(;SJ^PM3nK6|0h+zIy(OTNX z>2)lp4LWvDs)+p%ZJixhc5?s!z(ph>C__PJE0Oi;8+O0t#txXe-@83HM(;@|DqScf zk-k@3@;BF2Mtsc3jsH~>c{|Tnd_VvgAtc_98^6y(r-q>#b>$}|Bmkp*^?2J|NK8*B zC$tv3^|sH(X07qjG;DM-w0}ZEg8Ko5!cxFxJe3Ng-mgHl3Y-d#{f?eiCWo93G^g#* zhbhr;*Q&ZY!)FMkNR!F;nkET(rB%*5OKS3|4thM^AAvyrAgcB5j;7gj>w95y(B~wD*t}cIS2{xV*r{$ z2{M@UWCv59tYVzw_$iTcOE#12F6@`46qb3-u-xc44Qa^itr{V)($ zVLmd8E5q;qDQQbuwOF>+M0~fDnka>@(Rzq&7s-TRhGCbhfUGy=mc9mwW%vj|%37yE z%J|W1TTQNk8^FR~?iB%O3xaeG_BW%w3^%x_{@4?4S8@Nv_#hRaf(2}JwAV!AN$Ij_ zuG5Asj-=y}VxuDbG@NP_I6lHq+eg&IGjq>j-`F2EuzyY+%)v#0Qi49=HwQkwfYS)< z?S1uZ@xAU=&STgpi~?O;kzX^uKBXL(1LhR?Qy=0Ms(ae}F|i834wmp6hj{O_)dkIc zGccK1SK|+X+i}Bm0WpuK*30WFCoerFoTP#8zO>gx2y&5OE|CiU1Fz_+)Y=>14zoUb z1dKWy!kHrq!)OE9)=lI6AGZ;Bugbmr>&&wmyLa3@WNmf4B9rTDEd;R{%yifo3L9KH z)?cBVm)OjV{b0v@1kl#BdM%CxB`hB2dfIhnksUXG`6EYWTv+^HJeQj6G6fzsL)a|; z5>!kZBvR*iLM$E62wA1`I2G8gwkYTLUQ5${A5J9C8hY64pmpeaEPes7%uZ1kOR4u~ z(?!t@)^o=>Ycuw)_poF7HCit4pPw$3^gmn5Iyo)4nZJ$9*$m+}5Zm)o7kNxnm5E*Y z0*JOc{~e7MD!Y_d7^FI>DuZ@9AZj^50#F}0g9eJLg)3!EGu6 zCL_O{P9sX2g)&_-Jw1?86L`BF{2JE|nI3uX@OepYRr(}@G#&%o-&i4&RX3Hvut>0c z;i@PXePhV$WRo0;D})yK9gh`mG>N zR_b``2xJLLN6+~A5}cFA>4gWldz%3i@8fV*lYZDv1~M|TxzV+hXf=BCo=8l3jiDG^ z_TB1$*Yc(&0Ly)}d^-HT%ni@CWnzjT4m0LdIda9XaD@y2N((doFB7OZH3(}+sOg+~)7b`yQZVp`+( zNDjW*aavZe%VZ`Y5s7r1Yb`xjs&%UJFLuvPu_XGaOM!mEzSrXVY?3*>#^{5z>g{MZ zxrSaaN|prit8^`ZkgC{PM>W)+1jt z+##_WpAH%>nCdlA?{||g>yZccpxwj6)5k=4H(Gh4tZ%A8n%s8~VaMfyzJ7nqrMjxy z1#wk@&NjmNW>EgjW%|aOi82YKFu8098ktET-*SeU$JWt|>bq7V(g^)hBX;SJ&D{TM zkF3aDl}`4EKkR!DLI{;M!9daG}VK6e3*2)!UL?+{+_8PXu%jx&9USY{fXLldnk2wi`+Md?&7`fjUYa; zzp;?-_2^Wi7Qg7YEl!pHA*kEbJLV(Er*pkOTxp9VkHD!v~n2K32Tf_vQpvP9hxfK<3;;tT=)i#5H4AQ1=< zD80TMrp`4ARu!Xuv{|T1XbzT?UtjY^vH$3{I-3s|U#xfbrP#u+mE#nS@TpPopz1Z* z{Wz6wG8?68R>KE?tbfa7;_#(xPKQIN z>hU3T$uk@4@Q$6!b#9q-d<^vZZEDl9s-O2A98~iAc6XBW;AC_r;@Dvzn*A{aW{Ck~ z97@enhjtr_@?oY-6GDb6?Od5!BDeod6p*^VtLN!X(JKi%F5X`^-j4(?W;%U5VkbzFCVVbB(NPY(_d0&!$_G_l>4^)xxG)ne}mxxk5=(w`Ls9l0A>lw z>bO{ICcc8>iI8q({}B}(?N)Y}YTxX%fR?6gC5^(+Vc4GP**Eb3$;Q))z(@!%j8eSs z;ofEXjagt<*5Z3^Uu>k$NAI${9hU3VH7fOU9Wxmn(+ajv))o4sPced>^;=cG z4N`^^!!QBAW=ZFVn5}{_PWh$ADrU<1FZ3CoAGGBWc*8%kQ@CS>%gEE!g;c=6Iy?s3 z;+OGxM&7z*qWfC+ad#u&e(Y1loNXkSHaiYNFXm6?F1$}dy9E?tyetZ$_=y@j_*#96^N- zEIM9Qod7ZwQa}X->!R&d9p-Tw-&bM7qm}Y@XD3xwZTPhE{qYPbU|jDBOko{0Va>1> zs0N8a(9km4EcK3w@@Zs}aYpKitgx>4ThV>$zEyX~I4r_Imx}o#mO~GO3K0OKlEK1b zryhFY76Scgwm`%qU%%bG6hakTq|gJc3IhfT%8FA*-jf;Hu^nNhWG(~?G+&gd4y4Yk zl~bI$RQNhw3;8}c;sQYtIX*kF+-7~DaMx3k#HF`E^z98Xg;XhY>eH(Iv33dYvlKUE zllgY|xZF;4KopI^4cn=Zqg3UnJl-7oTaN4bq{3PRSwd0}`my7S-DGyt1mqfr!scc^ zc_RPY&4Hi{9n_0l8^Thiy>y(}0q;^*&_rYVrAt5dnr9}bUBSOwywJomlllFIEs67AKMVovPJds`QgQjKf_T#h@3~dnWRYtBfOd4m&gJ7%d#u#+XBPzJZKg=KSOsxe{7=6BYp^e17QqWv} ztOyj2o-D?TZ#0?1GmqnmoCA}QK6zH4%!4kJTISHt8@60P>`Z?Uj;51EeR!$7pklO00}AT+_?aJnEX*g+zqN= zW#%k2s=qG`K^-+8A7cd`9=>gj(mM{_``*8n<>;z@La=-Uyb{GVpAY6(h7K;9&rN1l zuzJUHO}`}z-Zia&Y`VqCRF30jI0zCZOO@815IYe=QOCIWOP*r2J)T3)K zjhTWoRuPf^*ZArB#NH#e)ki>ON8ebcsc7W2ZD|RpdeR*psPR^S1{_)n>*ewzqw#>q zs}E(_1f;%!mOg~l^;7=YsUwhtt3HvIa$lVg)Ktsd6$}HWa*j(h_>HU?r(jJ3Oqf&=s#*a;k zSEX8k(NZ(Ok~j$eIxf4NlO~f|G?Vfic@)QNy-1bcw|n);z_?Xe zHtJLA^>79#8JDIT1$FJNM^QQ3QBxD>dNQHqY~zFeXt5L`RN+0$BAfox-EH@oSkMY> zkNPr2LGw_OI7vN`oI7{~q&~{gSd6o`CGKa-$9MfM8@@NOs+4n#m0&T(c?hU0@-_nC zjA+vO#j7dA>+vF!w%wY{3x%;v3LT0n;=yjb260JPm^!QkVI&L;a)+XGC5ptrJfO1h zehU4{;WVwC;x5`l$n^OK6u3foHk^};-?jsiA+0pf98JRHmp)ikWGT&Rr}(TO%kO5) zxk+CdZ!(`ycvdH1r9C6@DU{iRly>+ml%pmj{_wBhx=X=n-mBKFe${YGDq$l@u5Gr_@-3lQ-@h@n0|u(M-= zI-_S)D5@cwhIp$Kxl}Eh?!k#vE%`fCJgzIO?4g1dAigddR0WN?+0zvTmq-y6FbXa{2fhS!fpQt3oKQ@F^@KtgAlW zXYYnKp!OX1gn-Ur6AbQM(0jFXby6*_U%4TRyCWCmKnnF zng|nM1vaLq7^r0rTUrMBe)#&l^ zMNy`^={Tdkb6RXttlu*IqT=G_^NsOE1D}Z z@Q%P>0Y42yV-=DzcGE-*#s03bGVhFBko?xCr z4qD-TjTY<{e=Pv)__$Vtbdwy>_mQGa&tf!JIPgf<=2FAzCV(?VER?t>yuk&HNS@$~ z^D_GWylwNib73&!6EFRBCe`jrPS`7%z0GZOKZ7#ytWMsdC8i&l)M`~GB)G;Z2|8V_ zeXyTzNkqc$CY#{5WufdroJyf%ujgMokdt^$)Svb|1=!VE$7I>3mQ>-vu@6+M0cgza zdo>1@I||hqJz6MOT@PE4UePRhA}spBWaSav*am7kh1#d;aBG<}&kHu@dePA>3AS|BBPHuSz|FT@FBZcC@H$Hv1rCX7AOMQhB15Ov^#fvPPZ7v6YM{owT zQ0dU*GdQFh9(uIUEED=#zuW!Srn-dw`0iIfNvR1ADrP{ZX34W*$bc{*J+2@>EfdvH zwjkgl4%N)$<@}yIo2J+&uPMRAQSwC*>sLQzg=KKYh!p=eoF2mvXSdSOXVyWQoP?f{ zks~vJpeU3-ei7VF!JDY9focnt>~b(+6a0fSkF4VRSp2`yT$nKPr!iijXSHippI2BB z!E9!88Jngwu-#5PNPc5pL5C)y`D&)H z&0R9NM)*xm%9j#zy6$?9N&352T$0mBZ-~-%?WSl^XezQwMKP6{#eSzZYLGTMxw3*xtLhN+1XMlkiGKmoRQq`&R}RJ9Cj1E0%& zMFrHSBL&dbF)|qgVS|5*rOLirx$w*#&``zO<#!uou*((E!(gLk2|Srg%b7CmQWi-U zuq&oRbzRE0dSjgw-2V=tH|zuVbM$es!!4twnc}v+)&#f zY2^Az?wEGfQVA~wq|&RBfFn>-ZSh#>X89bae{4E#lS}ldMK%wYdX=K~bnhih`~G#@ zgcwjY&OF~8F7uLl@*i;mjio}&pu(eRL(VD;TMA+DyNDekJUq0Vggxc-Y%MAy$uKkRqn zBttY~Fp_ydzszQaAU04Krsx=|(NYSn5rE$l+cXc|+wTd=(x z)Mg34@im9OnU4LcZwNll#C$%A3b;PGPE3M5!q^&$!hazLzP)~M{tIpRAXJB`X!{0l2d z{Lq2itF{>upDR~<$)E0dZbwLo?s(WT4Xkcg^4hYV-y1c1X)UeAI6r8eK>Se(r!5FL zxf4z~ULULVy5PCXbl3>S)af-U!(}IY2_frQxdF3SN6I5DE{?{3?#l>aYhJ<*`#i2Z z+t{9Pc{2+B5}XDr%rbl5b%-Ht7V0V(O2#6YJrsS!yVTkx9{caY#cCAkw22H7t~~!)?ZE-YCM?0vf!Rd-8uPPxYjqbh~i+$F%~@ zr2@IEMqHKfp{cfu|KEr7zri3I41{R_4mG35;k1M(yJQ4g4K_u!v4sO28r2d^P*x7n z@mjwWkDv8&Oa4EJd80u#$GX!N{3(wVjYxXUDqi(1@__zE0g*)7s)1h$rOwM6x z>6&v4MjfsC8lv!PWvE)@zb8Xmrg?M%>G9J!bYd!kj;RBKREnv6vo~G-f+G)K%=cKd z^0VAq%>j6gEG|C6+yuP=%`>BWz?ekb)SpR;Ak?iouTXRUR0;%=uA?>`!W{)S~}M}Hm+Cq>~lPp zzoC*-v?q`cD*RIJJa^h+SF&~doFBTC2l%ss^_xB}?pxIGhrHDzZBUvVy zMrOh>kExIjM(3x@)ex&G?KjLmX!~D-2a0z?bmFEv{~kzgN`dkalYul$`a1$SjY0N~jZyovV4_K0PG}Tad@^k4jRXbP zU6r#fxk?elGpc`4`4?0>H+iYC`TPq$TwB zE#FabU#;$&m#|2F+*xkD+r}>ueOmqR4Y`h}q9pEHdBWC8)lK8w$efTAZ+-6A#5K}= zIX;-n>+KGxR-;P=D98X9imxisSKJyQ`Jf^H_INfiXR|HLR`i71K7VJ5I#kLC2F*&! zm{)szDO;%=VyWnOp`3gd4g_C|E#=a_??1`4+6nY-B{^->I435z{_M5pK<_^u1;EVE zGrR3E&n&LqAmyeyd%f?;Zd$ZjepnXEOv))EEEAIe5NVKSu%2u_L$ ztayr+yzP5%nfUe#B;8m`ndA3%;&7Mz8A83#fAYGobQJ-Y9={joJc&D>=ke=mBWG`E zc%mD2SXtAwhwqAzPWNLPw&3=ji6th_JD(4;n+=*NU3&+&bF+%y8grPXQ|!!wvxck& z0c5o}QN^s`-Y0QSbwFl2W}k8vsaiY(s_LCf;{I}SBT+$$&eQk;V!B*uR%Dhoe4ps2 z%}Q`4rjETbx`@M1EUFl1ABXiuHJd%GJ!Q*QbY(uIso}_j##$!n{LJMfG8pZ`X%`a~ zt6U!%Mr^WX18uifn^dppJdG36yEF-y&1CI#IN7=9OtB?DzI~o5`4GX^Nv15LcH-`L zg$^4U#E1xOBV(4`B;*ZFB;GY^06L=$hf|-{4lR14KE3@s^!?0KC#f#UHOD|i%t%ZB6Pk-Yp13AHIQA>dOs2Irq9TqU6mE5zXMBDdJ`A!@z zOxsjft<#y>NsP4k4K&?zfsF9eL=OiQ&iHL>gRkEP$@7MjHZiK!G676(Y7Kp z+d>6mt`}~dzT0Lz?q7cl2>ct|e_LemSmB+Su&FUMsI5{wd_{NoW^Z~O(k2rG9_Gn@ zPsONJ7h^G=$y|EO8AnE>$Mo9gOtv+Bc(|L32Y&i(wo*Ua!m+jsS@5xXcHozKJ)U~G zUV=;GAN2;m?7mznRK*hWop;k+Rw9@Q=O~z_7&j2*C3jAN6hV?{< zu$c5{#7qE@gW6AES_`CLx*{Y(kQEfb3cy21ZRC8{_c0RrI#8P#&k|=ShE+VR2ZpKA zZBOVV4Q&<3kEW-La4kWT9N=RzAL)j1iY*`-&mdvcWoO(=vpQp(?_cCeRJ()iw zb*1smj`*2br7uJ-P%3L5S=(coGV)>Fat zQ0Z@putC4=-fFX?1mt5vSMsv@up!FT%J=1WgP1k@^MS;e?II-60c z)1dZ_A+Dw{o06UZq(=G8vIya)k5C>HdlfvYHUl!rK`EREALmL!EpjD0ywC!>m8NT! zD*Op0o=qkY6j36(rNZOtV1K{kc2vkIQ9`aT842JhEtXEAQl_969*7#idg=H2*~b}& zp44Dv8c^lzc)CjaR||;5<@>P!bP;7eKRnr@BrGJK;u9%l(T1SRfIOSoI&)dxL7`Tc zgJJ}16IEb5dK^R+4+{|n`C4jrRj}=jn3lIa5cMtbdrV{){9anSK%J#|^nm}BK}%!GYk73#?kB_(tOrZJ^U(r;@qtr+B~uZ!%p@1o6o9(Ns&$ppWP+H8*!8$wMv zJTBJ%FsZ(Y`mU;fZbSkHcI@2Ccf`b2;yi*PilqX~3p*cN6d34M*y#S1K;9{vQ^=DlGVDWGKFI zk*qWX2nEGK?YV0x3ff&>qe@4z`}?aT#NyU9X1}^!bU5hBUfN$YJI1vGavKQ^-6b-v zh9BBj5}AlkOgSszgz7z>#J|w9wqQ2NRGQ=KIN`e0z1EkX60!Z$HNafFmJUc;*IA9) zG%>@XL4Uvpl9wwU8?=x&iBd?vgnJ&;hFHxWMS5(Z8uXA&)fj*Ifn9;3+hm)s{8K`? z)BE<9Y?_wl0x)gwKN((G(KQG;P2XW*0S;-KPAD|P=khmL4Ed0#33aB(<*XGa61~f; zr$nw>CWsf?n!5#!ytIq~`x@2y%&f3?gRMzD$KhNat?^7Zu#eBZHvRhh7W7|4MOgKH z?tc=lR%}8yhU~;!JC-f2+0N1YJ=gTQ87!X69b?7*#$2iX6R-UNvjp+wK3cwuogmW+ zmJ9Y2mE?u+2UIAzybcux9LTNO`~LK=6VCGy3;K&4zkB4U`T+diueJJ0qMAaA7Jb7u zAngqu?q%qO!>k5Dq(D`k2?VT^v^Lyd+2A6S*E>^F+aYaMqg)w+HbmLojtSjL7b;D* z+CS7hYqjSiJkb0K3%I3V=#t4tQ%_?k7W&a+Lb6HKI3!u{{KewUPjQ~3B*nAyR4oSDl*%QPkmG{_LYPUw^* zDNJ~04{}0kKX@_Ria-+8>49Y-i%%XPm11yHbF2?wr9|zGIuRU1H~DnGSo}KELV9o* zuKAVDyt==^R$pjB$ZVX~=tOANNl2X&L^3l2F=%oWrLGpSmWe*-j&pxle?n^XK9e1K zqO?#<0h$?a7ae3e9om`7Ghke?zQW}Tcq=F@<9B=F$ma2q>8jbH{zOSABM^mLyx+s= z%epg4kNzxZX*}>50X<%>gB-qlrr~IM1e=e|v}n)O^paDwn26o2=|@XnM8<@gJ?d8lk$jBjRqZzNIF5z6ll6fXNIYpL+7i8@UXXVjh7kc~LQe9HGo9OkC|`IDS?HxF03pjcv7UYj zU5jWeI34!o^Ss3g*fs-7ePG_#hA-|#z_?uY1yliLIvA7SzW?l`2k2cQO9E{$mPzj* z{Q6>t1(?k&*!IIL<5P`)hf8|^kq%8Q--_ik(b(jAoxw-pq>zI9)iHwph~#-rk#XdD z%-@F*=Iv)ituu&Z3Htwi5!dtBYU$rt-I6a|6>R;=-+t?R^Qu^&lnH0cdTw(RHOFDW zz(&QmwYldaisdfzDMCxUTRDU;3(1|#QVvi0&6c!d5MSr{E=;*7YR`_sWJs}lawNsZ zYI@_R-OTXsfNDxv49m2FYz&<;3J2?fHqLzTp~>Z2e5=XL3(79=955-#?ueO1GI9*A z({$1y=oG6)$MGAI^ebc{QfIxT z?rWXXO4MFRBcH{19Mwl3z8@(Ua%J}CNciKiCax(I96jFI{ZhMXG3qWkQoV4q13@Fc zqze)}aMANF>G_cI`G}MJKn z2JLNG!BSgp${OORvj$B+huqd(jW7uMVJZ^6mMQXVsQ^p_yd6Ll4c9u^k2Vov{QXg0 zv!vN=&zLbz0k0Cm{+YCW7D)YBinXpb^N<F#o zA=zWafEJxLV1X0Ji*I4=ixQKUv(k|n<8rn#IAQo!c(L6IqUxYNle|y`VStO1P?86> zeUhe>p-6<6KKo-0LKNrQ;u+cvl@#^T68N&F!wLKS0S$k_G%F+%jp#cW01Yu)qh)M| z$h9c{4gCX|P9+mc4E%fObg}wPXo+pL2m~5hS{*?|Py}gq?svm_1bah^1?HdGg6-HJ zyCVuv@2$Ts1fBqaea=uP#ayltFFe7~9idVwRx864d|<4~${+t$k2b1fI8LNwFSHwp z8U}a-8OnkB&ZHI3=w`%s0(1zcZ##@ik_B$j7Pf?uZkn#CyvG8o2*8P_|7V|ioP1z- zC~*`E(y*^T^E1@j%gNWf%2d-Mx6&(lt|)+9b6b99(zEdDDf z-g&SzKo%?6#}B4&!t)H;MHV3l3Tt(=xdLtyYy?eTm$l$Ww7KGw+zH0*wTIwK69oWQ z7{w-k8pe?!vN%C;H?y@P|G?N_fjabUP;IR5M>oSQ1+-6}^DJ0P5GDj4*I05NUjhR}w|MZp9 zJMePK{pY^oN5jMIb7w34Zp~i`6D14*dg^#W8_((#9ufdD^0U*72htk^z06yaaR{LP6Z1P(oK8whvKbFXSQ2x`4OESCR-e$*XpdoRE1$H zl@M<<^1JmVVO>rfRq5kv-`s))RDc7i3b$K~J5}~;ZR*n<1sb5;1;c=%x7X)CoSwly z_4QKjfxU`?nMq8$vFugvQKFdyAH~#nr$ev=5v0WZ^)m1MCvgDLu=wJ>QYwSC%3z;c z3KyuxD%K>8vrIEm^XtUCFfzjzV9Q8QtCC-6ebChTD;6m5W+6h?kf}#<3e7%sq9+74 zFr<{a&On2Og^sR!IpAyX9rNRUIZA*Cj+QwbH+%ksgTi)cTcWU2TBe@zBEv71nAw`6bb&mj#U+=6 zqLH%JPf^MF-nCKxE!e1@->AY@ycj=2u93?{AFubUfU31_C8BH+j`33sG|4B1RrtJr zKd(8s;uTz!%e&v-bcckmwg-w(^hue1g;~!4#PD5#Tk72i;(`4(x0Ab`LM2xu+8%&^ zBn@0jN&c4zw5SnWD-%GiWhY8`0!Uydw|++)0Yx$fDyj$$B(OjM72%N!@X;#YkgBQW z(n(UPmGzhf1hOPz@x<9J#z-1~p)$jtbuW~tBcN9SSX(<3}G z7FN03WM|Xf0Msy~uz>yubHJZib380iPk8BKp_-V}VO{SVRPtl!|3lVWMpgNJQKN7; z$RVUV58WW$4H6`Emdf2)F&q zL-9iz7qnE8^S<~g@YY%^Y`w0mtgL>h_T{t_{zG%hE%B>R_LP?o1j_C z`@7rZ*tZ{L7^HoIf`ZDG66u`RtUgZu7ce8~Ox)xlpP&w5|DnkgkW@BW;(^>+#jKzHp}&N0m4QXwe$YYyQo5(ghd0sX5-C` z9~Zq&>>afJpw5IVY=bnF02d9m8~j(S@8PHw8VNHIIKUvz1o|V`$3X6T#R^-y+&897 z57&JzGeC--hRrGCA+Gvnu3W`~fr&F~==r2tWo+(?e>YMhOxVTpP_bb@vkIvjpBT!} z7tmdWUab^Q|4KIC8aE=x5i47L0b9PuD%@uGFkQV=HN)!f$+za`|0lNb;MH`M{7%nl z*7^lky{ON5d7K+fG+Q>!k0i+N)-1b&DZDDn;v zD0o55_cy=Qe{*{MxAOqAk*d#-`?Y~J@$$R%zZF@bMt<#NC)>zaxA|~mTj&#Pv&D4I+Z2lt*;<6tG&j8(&yVpOevVG3oeiGz* zJ0W&Fd}!3+MJ9Jp_rG8kfF7uQQ$kJ>`l>ZQJW5(c#-zJD{-7_=!Dh5Q`84cM^nbBf z4(dmGNAdilR>tT}G-fjemtoqrG?e45U2nDaaVH98vpkjFznCyD+nsn|Y>3I4Q}y2m z(Bsu)D+xP0i8lWCi~svWH#lHWNjLbzpZAEP+D$;e!NG&C-j39v`M*mFt^hY_QIIvv z((2z+BB=oXNjV~*RgjT3eJO=*qZF2}(smix4-;}&jd?rqG_88fnGVX)q$K=B&yDTB z)AH{}Gb)6P*CIjG@NmwdzUuXn@s{0Cj#xvPkny3lcNJPx01=`(Rbw{2RQ7+r91Db% zDsZ}hksvf*W>qiJXa+M%T8q|1Byma?K;} z1Ju7#j%w;G5FI#p!T<03L?LNL;w#Vu6m+%(+v#Rk?)OCw#oaqCjT!0lSi;`vX{<+EV*{8 zNm?Z;mj9L{1p&DDANP(nsbA}WgY#A%eC3s2hO+{!pn11Oy;4n;i<`|SnF6$t0Px0i zWOMm)|L=Pumc|V4QJEL#3nu=7&3sIC(666csf-7IKK%!6{z0uj;h{6NTg*x3EM*jZV>7{^>(k@tv?|xu7KwupUdzu) z1JR)gihqvOmqOQG^FS(o*6NCfxqpNS3qVjF_^Hxh`(%B3J-Pe!_tz2D|3TFSMU$bQ z9cN=7%~>4QR)9oH<~nxeh9gyQecdlYK<@vH8$Ue$V<$H?l+Px9Pq&1hX*V}0Zd+A9+!Ilqp^AcjN$eZn6aar#%)}hu+gi$-tuQ(8wRvlY2X?>)OML3 zVUVk7DD|I>&-k}P zNTFSAAo6{w!6vC{vuWM0NZj*u3W(Qlr1MbFuo;YvjlFKq=V_Wtnei1juFffv6H%O> zuh0Z$i*y|HhCTV&r9q-!utSXg^!~e99xSICe6}zpvSO>C-QuTEzq`xVnY@-5ITGHf zxJS*VeGjgFwjEoYZjX#ajfbEUSgcr3edX7EuRTK28db}G5sB_2p$+zGnzVFqmEoq{ zv@#pw*(Hd>K4*)(10?~ug+vfVld&+~W&=hKJ@Mq?q6`H0QKu@s2CF|ui_i=F?2pD> zopwoZx-zw#LJ(k|0qAD=mWG5`En5jl`U-1m9+`i- zQ*Mb$!b>~K=36c(bxhAy>01LghwH&K<7g@;1<3~6V}LLcdA>YoyKP>pd#%3I?#Ty= zP4U%+ZI1yhR1D;)i@UER0g0aTc?Y~Y`xi5}fZftpce2rrTI{n}HxdrgEIg~bn@d+9 z?U&682ta!O;$yBIwQ#o&Z8}N62PgO6y!3QZ;NeNF9GIL`kB%Vg);;mr8hlEAK4e_) zGEdEDL%fl-V%T{#xZFsK^4Ggeu}N+FAfwM+4JV1@f5C+DnBsjAV#^=WZz#<(v20R_ zy4EDZ^3jttn(PgOrehB^%F!N@%YV?RDg=%Z%_y*;xVnQ?eeN#zWU*xB>$R zLB(W^Hnm0>hQ#4fvxa@M@8VTtQp`1`dpq$JhJ;+ zVE+0Z>?P-iQkw{f4~m^SMsk;+WGPglo@bPN2Qsc_AdA>pLYOQfr*Y^4uMs+a9TbBQ zI^z-*BClTqBzCuy!j1t(o;yTW`$h5cJwE|<21m=-%y9op5n5n=fR8kplG$^Hq684ZTcmZ`d z&Df8X7@IO!y2trTr>}Q=vOsWUfKq^MI;sw__b1>Kx&lQzTb*o4->YGRqlQ@*^|p? zN$6pHplw+GFVLt5Be^ev>4t?r4MioN3aR^WcQ)NW{p3>e@@SZ1b8AZu6pjeqGU+}b z=G0@rF$lN30-4Y>q10U{#=sBCUI}y_(&MiCPL_Ks3kRPSoHUjM7%aB~OtckmA0%zY zMi%LAz@vYx0kCZh+M#@}iBop)bBH`@Dp50OhGD+62bRoz1W91GmMN3Iqc@}_pgYry z7?;qy7H9t>C{Q+*0yk>y@&rg^sVM@%cgT2}dH?_)_eqxy&^ zYrAb`R{9*M4`B+HZRY7pE;2z4Ux0Q*I8lT`Z6hGcSrQnzRz+DaAfG15gzj@a92 zfKgd)8S0tRhlFT~YI$(XZ>N#(QOryY_$C&;{gMU${G4%#q<7^1E==?&v8P}EJJAcp zd?lqvRN}6>ks&B+N@I~wKdZ0g-vZw1g#U|}3W!t=juc_tt=1{?Am4)i0mNQRsu&Eu|6(Nvj$nv z*QQsfs^W zb3Up{=ZKT+^Oz^CRHOmd$?koK^m(ab~>1~3i>)6@OmF+JTDY*wPJxsI2* z!%Yg>u&tym=*EY{m@>*pi>?%DQwAfjL;b7U$E`jil96toD_y@1$-s}gWvr>Gs19Wh zw%)x1^Y>&yQbpss2-B~sbTU~2WvHed+m_OCwkW>JINEunMI4TtW^!=hGOlD4_J@LF8)aM&b z?2hh)-h7QPd5ZKa;K}S0?hXc46PY*p9`tUN->RVsYYUf(QV}B3Cqj@W8M>(#vIlcj z6g|^{s!x@kV``b{@@$Y>o`qjaD`CmNg|FoEh310b4xdq{+ul0RO2SzqP>~lORq_n` zSq?8dbUl4mrbaX!B8;cYpq)e$C==XOMjGc?VOaMdlrXL#lkuLzwZBXu-(YcJfwd^l ze5mlCPR96I3vWq<&E7&WY*4^gO%JN|i)*5z_=lGFGpGS(ATo+nDGplaQy}wjsfs+b zB|=7{()_= zT*BOLZ|<{K54}K76eLY7bS_o9T%-1u-L1BTzbBTp6MsJ+`M8qVnvDTl{) zhLzmEH~PmwYCw~ak-w%%2XsVT(qwc4gh&i7Ev=Y7@J-EFFz2+LQaSPr%My?G&FOcKiNp#oCFv9D7@GHY8Md| zm1O1sd`F*3yc%pzuBqsKIlo)OiK_o2U!*r-EQv~#6di>KSS=kTYXWL(T9a@%JOF@= zv?CkiEOx(IfaGA7Ixt_l#BvaUYvlq)5MKCr^{OilB7ZG*`T(S=h*Jt6q{Fq81Nw2w8K6 z>^r`E0>r(*EZ42cgAXF7r0>}mMXiQQ060jrkRUu(Q*h1Gp%^lHD6%{R;|^e0TY1P3 zSUAEahT^avKz5_u`Z!w-P+90sIBREU91LNf^Q4U5Yf})Fcimmt^m@SY0kcPd390TWoC0t;Q{0mmU_2EL&ho-ojAb}Q zxymXqC6PI-wz@&n*l;TVepW8A!KH2%Ea0XTvR%+9edKXs5)~1lL1)@d%X%b2cM2QN z<}=n=&9~>|Rf4=X=hpiar1MdqdmeIwp&9)uw%jD}CO%{eOcOjfon_~D?9Ph+x|SI0 ze!M!wqsnZF@$mbAPUYKeA6MHUI&i!kk4{}(|989snH7*!&Va9OfXxXEKkpsHC3J$1J)Wi0aQEZjkXTejf|`Z*OpaF24a7 zMJzcflyYY&*|9-m^V=J!5F>0Q5vzv@utJO>x?tK?2G(W*y&`s`en3fYjc|W|zmjc` z6Sp79(a6QRzj}>T`_=akpRVHtBVwg77WVh8S{Q|e(*f`Dik@Pa7c~h*Cb0H*u3|C=HHgK&gre8xNAP2eYa!3Qv%-7tdn&z7 zXMxx};n=vxR9n})U!Hbyv)@Zd&bKl)*e_}i_klqHR;W$Es03MnDe(tG5(Zmn^lto1S$ ztpo|ys7d3=7&~?Z9TG-hQCmd=5c}9XH{xAHOiYXr6AX8$XA@%cAgKEFWG?4zFkHqF zTOMN%j}#k%lH?qlLQ@sNfm^cRA2T`Z*7%sipgkF|WTUAOSE|J1zh3h=_!#I~OHTCD zx_uXZLKf%5)%EdXRh4PH@NlizM_0v|$%mP|zJdgSzLh>7iRfy5X7w@!%>|!VYQ%|3 ztj7_Zw()x|sp?JS{odG+rp3Qu?kT>88n*hRYzdt{1Lkat80~%%T{A92rgd@8^1ZQD ztHVDz{GrFjliNkqO=H7zXbI`#s`9O!Q;Bb8%T>HDLce%0al_?9gM-TD+62XSIhI=O z#5yh}^i{uJI-Kbe4#jfhKg<#wYyUo1HR8{Qwx9RwS%?J@I(8u@iMiE4)NFD_6@!G) zk*bkx?81NzNGeRu`Xw>rY~~NG7M}yHfa)#I}q_aCH!If zmO%+LY+_+&-%e0bWdm|W`gwV>uKOk;zYTcDY8MVF+8`4f>91u{YyU8G_ls((ft-=( zDvTO?1Iw|YjJmz;tH9v!g~Fsfwig_V7Ym^ulpIYlU}xrLj!GP)v^Pr}jypj+TS)PH zV{@@8J~Y34Lq&8d9<_1)FpGv6WS&SMy{&oD&ZTSk>GcI}S}FcfV`$e0CHKW31%-ig z+=%Oe8mpgw3-7ImO`^T#?f+MXkb+W@(FayO4by(F9eMI7`dhU{HeZv_#Pe!{jFTGX zKTBE5f%zN19(n#~n8)w98KiIkw;!my;bfz{?C#5DIO-c-u=rS&`=kX1&+oF&$>g{E zuDaCjCbo0(Sq8v&HIP2p<&(}e#gI)ePn1}8z##Jsb<)P8JMW&US-x(9H>1X&+xo0!!Wn)vkVv8ahL@} zJ9+oBzLK2ZO~yMqC`|1xyF1_Od{n!_XVK&00COH8#wy^!ul{X1m4RS7UEqiU%0yt; zge;z;8uU9~Bn!TlE}?BRC1{P9)c#V_VW}9|vNKPk`%&krK3+Z%V)&A1aR>t3CJm`DbWN0q+l@32XsD5IUUzc}gStz$+`3H6%Z*z?y(P$2I% z5?tVDt>%#!HNK*=REMD4?1!pNKC4I?V7)=o7b=Xa^PWf7Yx1L~dUY|dqMHAe&J;&v zPwF*5PJS@guz#oR|D*&UMEV`hR*%$5zlM>$15-v+a*cAev$invKU0v6s;x~rhv4Bp z!)13WMy`I^3CD+^>{`^W zc9wU|@U4+m@_@LkM&S>Gfyz5U0evZP#=lpBXi0mog&2!#Lo1Eyj11mQufH8p5q?lf zc`#iHrcJE0_>jggG-KIDSd1j4@SgY%L)`-3alwD0H}GOB$m0i1_}^LbEAUhZkI!K< z;-e?J#m)oajhmfwEKbmb7Kr`XXb2`-1P4QuK%rX%ui1^Bix{GVTC8R_oDo0aoZX|h zW}4UK$m6+llFysXJ1gX1dvgB0;gC`3o}46yZzX5561Ub~&02)wD`+B|PHIs+M%h;v zxkZAzKw}^ru^Qm4#d5q$-%R23@LlQW4V#zNtYuLO;_}ZXh(on&!xZRfogdc-u+39A zAMSF3*oj}!&xu}P5lzHNXU+k-{jcO`R8YLkmPP``h>?Cc-w@A$p1>cc_wypZr=#7V ztZx!KFr4W333#Z%+b0W`c78lBc8u#t7c?h+ZO+bO4xnnzvxVGka?0#gR&T+$%V9Is zCwYcg2%H%GtzhO~!S!Du7|5SAp}eohRo|L(jk(D=aT~se5=8!X{j=hUEiNhVB0`|) z-pHU`p&f@(aPbB7WUyM8?9xDuL$&I$)=n%W(t*|G`vMUQxsV^PJ{6ZrZ5vw(n?{aa zEsxxDwio$aIbyi(S3@zk*OJIePlO$Gksr}`&(@o|b$hyyTR^P?KKEDC66r%Rrueeo z6QxE~Ex#Q`;lXAUZf>)jVQS38EoVixfmG6h20sPyBDd^X&4s!<6RU03L)ELBjiLNw zET3Ow@SObmRrt)dLFQFio*$WV#j}#sW{j`3(n~9a*}FOe0{`WbHhzy>=MY#;7z)Z~ zP78;_QQcj%Qzcu!argr%2$KCgOiA(aJVVSOQC|)_j1w#6D`tvI;r>#r&cw-kM~*_776PNy`N+J(;g3r3dP{V!Vv z$Twifac1bvE#_iSmmSJ};1fhe)RC3n_0zxOTzG13P9fq@1R6|Y8_A?k!*_<_Ja6ej; z1Kz#8fMVe;*$dBWH%4ibgVU7k)M}5y&XTC42AGHU&IVx-k?^uIwhfwd!5S46JsvKu zw3z!*gd#)!La#A}=f?9&MI_X7L5DSt2F@sA&NsIKqCx*-su6|G-sgr{8)Fw;J?k!b z^bV$z2g1hnQQmYXv-#?)E~Z?c-p^!@Z@-)DN|x?TYjtx^e5o(?RIyEvh|54Xs)1^g ztqo38j@4l~M$Bf^-h7l~ehxe=W!5vL%CoNtmwQX`-s=}xfdpy`rm)lA(IGc6s zi)v|HInc_&B{yKp*e1sqC1TYIK@{`K8zn$uOe>d8;nNMegmH$R7S|r+sY_ml_%7k# zzJcUdX*yQF_-Lg4(MV#sUGo0Mr3E|s;dkA9k5y1Cv%u0`rsgpVIlH<#{D_GxS1V=` z@@5&4oD~qGVk|$+;0-ks_I|h<5+iB1R9^r}ItanDs%P`&BS*PJ3GLa(CP$#spbThK zo^f5A|6T0V2*^B9_f;_u-ETqia+96)nZw@;iL2EmL>#3i3H)QHKO-dPS12{~w3tM6 zkS#fWIlNI_57F0FWhjn{fX->NA6>I?TwynV|1ocmw19Q9bk7g;=QTh@!^Tx}&ri4w z#KIb|p})VjN~TtvxNK1^X)Xd;q?L_oOafVs%0ptK=KOEZ(^zKZ!mtvZYI*CCdq80& zoMorHTEcl-iI$SZB%D9BJm}%4Aa{+;>pwr9fKI3Rpm2xFW)}>TIS|?gZI`~eW|dX= z-`|DEdc&pRNPpN~$o&%9yIpUzqwobi+hiYf0&3$5G|ZB_2iB$#_|alrxU?4>4oPQ^ z=wE4ZVMJ;IZ09t#P47wo!4+E1{!+t-vxB`oX88fQ@nH7(f5IzSI2YS+;mejnn;CgE zP>FkEsh^ObFlE&Q4xx!`{yoJ<=kNUwUAG1w&MYQ-!sbgsZAH}fmqz-N6gCBoR9X)% z%|iM17;c2uEyuHYqnkHy^=vH7oNsZ1nq{y`ziE(mXNNFd;|xqx<o9=p;VJ8U4slwLUK+DeWq+CuFD7VbY-AY zBft#Jkl&!j!NIBC_LfybgUN#@7K*izDe{!bs1L)83BTrRKr@_^2{sC3*Hfzf^Yin< z$pY{>WPCh4+GaEA8f_C_z}VL|bWF@fn~LzfAmG;F;2NHt)4=&hY&zmY0k+tSUHD{& z*0C(*_ZU@d{45!qSq55&2BnP-u@Io~RUm>CC=oF2f*7S7d4n^%gJ326Dn-u^5GuA3>amnvj} zAAAK&8CnGNN+1F{7fxpqMp~`o5o-hI4Kwi-Mne|iSx1Y(>PfPS(>(#ljOat6<%JFb*7FX_+>R|u+6+c1>8$-m(4gJ*rB-$B-uJo3 zR8gl#sU-N6=?hg}MtC)Z2+&YcH$U;8kRyo_nPtlFs0il+l+d;x2Xs>@SRnh_cgS=NVj_w{F&7X0cs2uZp|GqK{@WY!4@OJD3O&UW!Ylm%btMtMM z*IV5_BxHs3L#lOZ=JJhKUVPBuY$5uHr|%3#f6>xnR0ZmCC#tp!x5K#<57=3tc|Tvb0EPubzErQ_O_C-0 zJP(>2u1T!PG0>qt!4)=$z|9K${VI@R281tknN?g}lNf26O5{Tn<>4GLq1Pv4%3xO8 zJ9k}@2(+LonSAMbNif8uCCndp{^X!6Z?prB4BHI@+@I3!9pI71Z2IE@2xUI&eiNt^ zbZnA^Uo6y`JE;uxz`$hV+(Gr+!Q(?CStntiU3-Hr8JoX1t-$->uPfZ~wSmCj$eHm# z6^Ak^e_WMi=CzXgsz{xo4%fDOCf}2}>X!n_LtiEc1DO$tQs8PXP{cpy{l#z`w^jre zkQE<+&S~x5(`p0(9qF6)Wd2emON<__w%QqcerXkLxfs`KkJt@U7bG57z{{9bA6@!< zgRaw2_RYs3!f3!W0_9TjSRkN(f?sXA7XK+a-uBsUq4%yI9zl?zS;`4Z%x@V1nf(q8!ZG{4;>)Qq5wKNg<8E1e+3|5ERS@@A=+cE>Wv6R0(oYCJKY zW{T(NR2s=CEIQ9!Wt8%^1gj$T;!qaOyq?hf&R@ZT(}c6FGT|4BF?tSaNQ=aHg!_tM zvSz7OweG`0jY4@%3~VfT(fF#^TUPxz+hiWO$F07HYT`m-MelyA=Dz*8B&QfhRfeTn zA5Da5`e6xui&vo1czKRSEp?m6{b*%;v6risy@)$y`}-{OLQ-SOmb}9!1)iz(coip# zz7p=!6FgDJM@h@s+iji_Ej}zPQ|mvyG^Xt5bA7XwzG3W~{wn=s5P}_giM3eoNkO%} zjq;+}z%trY5W~V|yNl=t-_P0C|G&DBFgv6M7r~Mc5)(6pK&qvbvcB7zC4~0xS~lx4 zx*JZmQA4sCZ7ppUO)^>CufESxN+`baI;YoD!J@&7K=96 zz!H%bNdf)H#5Q1cJNUFdC$c~EH_7n3`KcCju{eSy7IbbiVJ4P52P3Z*ZxUd0W@Eoi zJev$*Ju+%|zH)jZ_k=>O zoF&W*((6fvOo`XX`hTlG?eGLQ!(W-6er=YKu%A&|I+UtLz+oVoG}!CQ=R>4md(z!6 z4YDW$A8b-+C_;M1;lz(IUMhZOtmVaWgNKB%>!bv&~olxeBfDBxgU z@Z5Y#4K1|U(`6(hsd15V8>G~0@!}*13e*0m_Ox|eJzi)DPr2wz&U$-m?0;@~^=;31B-q?HKSmDM7BpmM#Tfn0{Sn7$ zS>Z|Q3=rBMWDt*+tCTnsdTx`>+oBh_WWQO&ox2zLdmne>YdM*kVzhAw%-t%7g0|a7 zwrw6Uwr6HdYW#LrwvCdM#ZUDcF%tt)APjW$LsnbJsISzJ1tUFVHVEMEq979>S^D z8dJqE@RirJ{Uz6_El70mC|xuE<1N&JkT4oW>JXfIq}s75;G2}Wg(V=5nQCn*=idn$ zUZL&UxGzVF`)F@6Vh|6jpC8T@X3l<4x(2NUX239VE0VJ2wIPg7d6nNp%@<$ysJxGE z6l-S9#~O3$GdSU3-pb95OTEPa+p@=9r3VQozN&w09!J~VU?@H122M0;gyO2+Y(E>4 zP5&RNT6Fvv(rj&wi_3c#RbeB~3U(rPa@p5vc|>%`A4Y9DjLbeL<5f@Mk5ub~?|(gb z#v8)jM)~LXnyt*FlXI@u`)DbRS>1lA%|WV3#9UP_mq%wN?0nISK&jKyrEbTZ&u+Oh z7=2C?xK+w5EZbZzu&G{8C+AgBD@2D(`LFrC18D)>T%1SF0cIIO@C`UAwR^HDbOa~$ zj&@_16rDMEGqN<;R!hSpKfN5tcmt(VIcnYHaK#+sSKaYPt#vkioxR2m_za49GC8p{ zwq3lu7c+Oa4=$67ppryBe|J9)FY~|T zzgLPSpW8w@`dshjW;@_+j>Um>A8E6GE3#rf)<+d=)jyH2W;XU%=^IkxtB^0XcWUlBjcy2ds^g7PPdQ|7`GAfLAK# z)d#HYqeV0W{iZPkv@`#ltBx(y%MFs~qWTKm=(ycDY<{0(Xn<;@muqS3rhDnIZ*j81=3QNvoM=~am^6`l zTSYAM`0W4b1@N+t?djHMC4w^5y}yAr2f$ z$feaaD3PR~l=R`qpV<2ow&@J$sr{s&>nDfwAsN(zBEZKoIQF(Z#2NW5Gwl6@936eU zWA|VDrCJ+qlJzm>3bT)Vrg|Oj^lvG|Ffh(&Ybg7z=W{#6C`sUG`phR z_C!At1b$EBGA@nI4idD>bWOt0c`)s7@F1{Rypq^%>tRVu?iXvms;+e9u2#ydM=VvxZEB{S z5s}@br1Q8%5k@OyaSkS9kuun9yvm|p98tRy#>1@UZ?&8z40H+%URLPWS}Zy%e|yvH zZMa8T;yOS51xG3lSLl&?V=BMBZdw!}_9mSlwe6~~?AVK{lJ&>;GS&+zQDw3jB05D* zMP8KYMziTjl5N2FK@gd|xm2Gw?zVn^!q;)LiJ8RNqp;?mQ%bjy1k1L3cKJvxJmNE* z#9xPrRR+c~f48O!t@$lU7~uxhUnA}=meHSJENk%sd1cYCd`R~jm)+7)U{dO7lxq+6 z|4B(wyp;|mEdHR^(*6*aFru%I1J+3WYfEVNS#sPl)$q&M&q>iJC7Q2$6DSPC3T0cS zx5v-nV6G~g%uM=m%{Tgz5yQCW0o{<3pZX5NP7kV+AF>VyP7I3JPD{%Mq1f%6TwOL+ zp}#DTQ&fz0gAk{6BS}qcBxl*^_G@5cpR6_5;ABRjmJUVdgjyJw+n{bfiGmI#!3-4b zqJRolDRX7aHg-6fmf!`(WLYagx04KLUD6C^Qs>{Hd09awyz%r>&btu%j0tQE4-07f zrQ%`H#e=Cf8Xq=m!f#!b|I_w3!vm5lJZ`e`gBmmkuGW_%kGx{956s8y$iIHD^kWSi zEf)x6n`OBpCd8HY79QZh*!1-B(n5Ck4q90L<^R>?Is1zUAts~low0;fFc$rrAvPNt zt&C9_{;%Y>w-BG0xF&-#RQU8wu^MihJ`M#*b zne_=%({zc1c%o;FCpp7h2(oZnE?-;tY0>(eO&Tuhge;Mg910K~okG77Ty!K=kJHi@ z*h8ZN=<%dG-CZ2>>GzV7&23`jwF)bISs|<_ft1;t@10AWPaXTCjK3z&#s#c?GkzV5<}jZtO8N_3&)N9BWQi7I z^i12azpQ^;mQs`b0I`Y77si8nBILAxeF=D#_T~RSU&|6tI%S`x>l&C^)D%8m_@||Q z)cx_v=1U|yq&n!|3KsjjrM%VOLpY1L0+9@|T5Z@A(mX!8CQXD&XYyN@^Ud@Ay*uPC zCe3mgS9@IqYo?o>_qK=scWyd3|$6EGVf-|)`@c7eW2ZVQI7QR>I?;Ocle&J_h`3jqko@1 z@Kgcf{12Q8dmmuJoQRKW7Cb+=;JO8ES!RMZA|gX+Vi5j(r_t6)7MESsxb&d73Rp2I z6gZ<~$H|5A)jR)25px--fi_Lf-y8ZGSdY4CA2z#xf2+*A#|G2>pcVLDhf5vIY%LO6 zBUf^J^Sn&En%6U@jBaBarb|u#ZTs-;!r9&5LmIF16p|Eq;UlW4z-Q!;3ayetAg(O1 z=6hXMUvlV06i674ba%H5nv{k4{Wfm(I)9%KMTipx0R$m3!lL)JVdSpO_3G>;8#%u1 zePJ#lX?lV?42lw#6UmWW2JK2B;^G`+^sJ)K=Sz#FHLn3BEf4p-Iy<8)(@`6mM92wG zz}P6Dxb=(rIgb+bzE-SoGZPk*$DhJw+)4NDqh1SL!Ta}7hwubRIj`0cnI*(a5}fgd z^PTWnFUIFnm|6dOT+i%mp%&-2xZe*+NzUd)?y#yO`+fKjE6BLrKzlf_4_! z?ooS}m}yCAFR=f#Rk8dQA;eS0B<3voA@=r*wVIH}#RS!8k^nmqTYBDmrz|k0APJbA z)Oaq6h6=3?;|zI8UiZziA~^>s1N9?8JGv-plcLG&cQ@^JD;N<+!upT-t9r~3qPKh1 z67}B4exlB2qyzm1Nin*Ex#c1U3=;*9Oh65S)h3lA83>L>cecj6!cj>NeGt+q%MDQ) zwx9ppW)ddT&&AmwXu{I`-2Tc7b?YXkaU0;$1@@@t zNYXDh5j)|2EGt6;l<7a4)=**GOs2r0^?K(cNP+!aae>@!rsGtfV%(Q~9`g$KALQuV z2R8r0mKGFZw=6E#BO{X}y0rcgw`2Mib+q3;p3Mn%v{n~S%&o6{-G{9)7<0f{>}bmN zybubsJTdL!E*h<_f9i~T4mSnwcUL<-pTUN}@IltAZPwnfWiT1)V7p?*HC$*JI2eE8 z4@7HaOeJj}A1hWo)WH`*m2gHzR4#yH3z7%HEdBfI8s#Vn9ZSG^6l*yG%<0Gn{?lpn zyQH3<3ACEbYSWBszd-l0>};Tv!3NVYV<0!TRyfBIM{8~I6FFVdWYe$n^QEPN)LUq0 zUX7>pwYRw7CGSR)n3t35LwkF1MlR0|W>h49t$P2N8P^wLg?Gn)pRcxFQ3Lv_ooE7i zBxpBt84l5w;fI6`X?=>{J*;m z2E4wF7HgWO^!8W#jj z_v@OAuATR&X=uChhdRIM1JLBxN*`H~V`EJAu3x5t(5 zckH7i@ZrU`fFqqxS-DyT=u#dLuO@OQyEM@Tyfo4dkI#H6#>`*h)>ucZm%6HcmY#6_ z?cnr7PF_^G3$P+=%lAYV~VE>)$gn zh|GWMD#ktjg?&ee?GcNo(CXCJT5rGgDpS-2n;`h?>(9m4R$}aHWomh;0SmSFs_>7L zxv~sE6aLg+J)J{E*dSD6ikp-DB)kRqnEU0J)N<8cd^9MTo8&JWdG=ZZSj$3`I9@ge z%~k5FqoAFYLbu0(Sr0ENSY`qR#ZI5iO&!rSr2qWQS>~t+HWVIDS_1 zdhHg|bWem_GN-6E4Oy+$xtb}sarRK8Bne5i* z^U%QIgxsEI{OhU8srdFe-qBZx7+Ikr7EpgVdsZhpz4gj ziuI(Po}>dwsO05u;uD9_$Bq0R8t)!I+#i>eK&R-@K{v>&X$e&X4el&RZ5^v#HYIlc z{jOiDo6P?Q9V2|`ur;NEg$<>j%a-u zld3d!?fJ%J*We78zcnCFu2-18jn?ITfgRuVE|b4n{Uz_~$eiBWzkgOMm4s}j14Qe+ zQ(ukeaARB!j_Zdi9qly7#AY?BJdS^1e4r-M(P7o^U~aW|nqoW6$(4%o+spB2pp8Wa z`OYjLx7D9jy>dFhf- z2}M^<7xTw^S6~gbd0O_z?qG17LN*r+zfrtgOe3-Ab0p}i)_gulC?=TzM5i}sFlAR?m;8ufD&qeO z@^r&25)E5nic8ReJrOtkj0S;upFuZDXF%tZH_N4rw>!3~hq6jxB0cu72$fBUja+HI0_C2nyCu;Cgk zfAVb;4^QP#d)^#@&v4T%(-_zPz&G z`DRE^&ID7Z9J>=fot^v^3*5glcT6qsj(io?l`5l; zaR2nzU~gn9#vM&VtHl#O+jazGO?K8iYVG~029ti|UX*{v%;fl#t$!{EbO07%+JsWQ zK9m>M$85A+mx)g0N|TgUGBYzP#?&=Ac?4zHJ8JoTdb%`wc$z&UHj#bJt8e+)EP<{+ zEgjWftNR|OaXKCKZ?*`GZZW-@!QYv2qO$;c>`%TXn!tuJ5(=_p?R(XpP{=FKNa;99dq~k1l{T zx!ikR?Gs*OrqG?=m1VsLb+=oyL59W)-5~wRFaO9+``b%pSEus~Lg=S9b+aHUf2eGp z1<;3@^%KLlo}sUi1rGG)nxN4zeB&Cz?A~G4G%cYFk~Xg+9c{W4|MVo?lDbXlc7TV> zQ6h+l*1OSG)m1P8C@S33J~7w4GHAx_li#4!f6nGO>e97 z&&krN|E0Rwm(X871y*i;&^2D~lTRp=x9QE77|=|t#?K`BakoRWX_dkQ7O1uPOr^ri zAZV;)&`TH{Hg8WL16O;dTpXCI15F}FW;q`I8nCf<*dAQh4ER+>ecw%B}&{UgirVLJD13p3}7P0V6|$Nh>{4!eB7|CpMe+zd5la%y^(ou z@_`f2zRJXPE&j0Z?BNbciE+O`H@ASx?!wn#$CRa^HpSstJJ=>m!Yt(fq3RvO^IE%T z;l{RYqp@u?wi_pn?KHM+GBGHq2*jB09$;Z)`cqYLAk30c!Fv%y1CbPTp>uxvJwZO~u*tAAKs5Ts~qE>6q!lKt> z=Nqk#5@{@c(Fg|JkR7CM$htIg^8=t5kkBe8#l+&Xfd4*jOJX~9-XO1`8Tn7Yj_$T` z+^rM--3wP+wx@^36_FRKcDo6;xVX5Jkb?(eb@kAZtiqJ?gjhq`u(av!$_< zYQd)obdF(2Ck}?w1%x_<9h+Z#KuhgZ(Nk3n28?DxkB#&FSj}?h09wKRS^vffr zI9qZ+>!$@c{i5ZMMU_LLZ!m~U_9<5CR8>9M? zLz|w1{9Uo$ll}PW58MpZOnVNGQ;0eX4mOYVuPiuN*uvuIV_6QkEGg^gXb*GvGP`(> zZ?{C>hdT)Q7BR;&mS`hVcidx`T*=^eKAo5DP?fsXq>^vh5@vRnOr$Y5^+p5EO8Bq( ziL@!7LsMyo|50%vTjELj5KP(PgcxSI^eZCJireZFw0$Lq8AGJO?{`6wQHkH`ZIUae z!XG)ek^0{0Uo|ZI#EEw2FJGT&6MC>ZVwSy*xAsV0`3CmfK^d+h5kpAV$mD4s-_z?4 zV%z@hKvSFc{c_M!4RdT5BV25=d2@%&f{6b*rZ+%*w4Y%YfH;X@goQTRE_iQmrh0&0 zuXS8uX%_Id3u?{4b>Gv|v?3`fXmg{8LMQy7tY~A5pKvDNE&1pD-11tfDOH%Aoh^U^ zz|%$vx5Ubd1tpWc^tE}ti=q5p1Q9ecIWh%IZ>Qj=nLbPgRQj5@c^HV@%V5OKxepzH zEhl~2ews7XjO6Bv6;UdMtRFh3X2G9@(1T>DyTN?&SIlh@Ip|bcReLGJJAZeSJn6qq z?G0zYfOKhA9st(BN$ItpyM>Q@bq^7PuVci;r@0xWLK_;SXd;On-4Y-EUceo{Xe$gq z?p0c;kX|`oj3KycRjQZ3*l5@99`VeyVfa&tePZ`;y?%JzXW(5LID}r@Zy_n`-R?Y@ z+-#O|iMa56qlLXvm^mbbw($Q2V>$IrKj}C3q_ptzT5);U_JcHawg4z97B}DvjmNuTU z!d08aAj~TY*`Q>13^B?4R=gRvnSIeO-O=OO8l}`;kUelI-Z#$&JVj{Uakoz*LnC$o zsFHH93yKF!e9IEqZyvX2$z2H9IFzkeGFC$RjjX>KX#R>xwAaN<)kKEacrX<9pVfR& zvj#V;z;cPVkJ=?#x}_QJA|T*~L}YfLy+`?EiOqM2cJHStZtz|3%gn=yU72|<07i!Q z&&n%a{MY~b&&J)IjN)gCL(_OAMeo{UkKDsbNQ|`lp!PPnccE`V5VpT`^%8(zF@X}px%+VuClZ(2 z>}W~%&-(BQ{h6yeI%4u(S_f(fp$OHB|Ml+v-yhuo)p)H@+L&DTCNRJLgC;ge0-&rh zefpCBaK->o-T9-SRcbX`(1r64gAyHtIImjnnfpJ19D9fl)S~)Rz{H2r5~}1^c&w)$ z(f{PL{>6Ya(7K?3%HnK_!Bj*XR-nC9N@%F+=6InLH|!CaoF*yb?9q9i^33M&ZX*vogKeU_e>OrzwbvE^~VuFHsV}?qA9xX*3{p6Hw-_eY^?{8%Qzu> zDv>E6dp9?RDP@`bB8leCv-2jp^|w`<=5rZ1hN(a2=jZaEJ?kV=QhtB4cs&wR4N*}u z!hNxR=XhUu9dwL&KeQd>M3VA0_iuJ(HCQh5>GM_-4MCZUA0Fy3|IsKVjv*jVru(gy zx7Oknd-^-?9hH``9@dp$Wjg=Cp8n zcj<}^Oarvmf@fDtbHk4L6OJKE{Mg_3p3X<57o2v>lwNt3J_tT8ZUXAxNx-4a&nwx! zX)2VfR~ODVKAf(G!mesiv&Q;zPeQ?QHnP3BcRRoVxXhm zpdzq7!}ZB=uh0-|5(8r{#$=1?T`p+bZiovF=aDp{8V?*E6w;sG&u@?*oZipyH=nrb zXr*>ho%L$1EG~O#EX%d8Cm{+pd5H1XwN_JBt#*@^n>7FtV(5w@jP$o7grAE%@v~o8 zdlDHe_$$iq(pJX0FO@8VVfwJKtlX}t)B?DRdkcCO^07Mq#NDpa#iA&YylluO#0H8{+YcBliLe4)ta_1M+w-M z`f=PhSTYwm>xBxF)pZU#X523OQIFynaTr_=`uwd+ZB-XX$Wf1XZY>a@W!C94T$?8> z9>?&@wN9~o54Xtc7c+aKb!KOt>p3yt*;Ni`B|nHD3N@!mORYVn%>sFx+cn(y8985V zPQ{KkOH#jNvB<%qU#dwOZU5Q3Ui}rGK&K&3qgEG`#qC8{{~lRrcR@H)P|+tm9oR3B z&Fdw9e~OR@Pzk;Xj`Zah$n~%Ty+j4zTdY^wZMFrKx{d0DM2|n`;1R;tdAG6j?e70x z#v8ZB7TNitp}>r4_S|t$BDbr7@n_N-v`F|8up%avtZ7Gu$E=d;)-Z0LO-p>Y;=K8W z%mj`7@uoong&;+{cVdF_If^EE15m;N6O~<{8gA7Yv?pb~(IjeqePKjw(cFmbZ4{sz z!haK_8VH8!a2W?r#I3#Xb)f@DlTpJC!54FRe6*oL$1~Vw);B%=8f$@=Z^gg+FrDNs zZWIOuOAf8vWfrPM7S9wJd*L@%p03nugv4Sq;BnY0NgBQP7LBwK-Jd27&6me91M{XJc7p9|j-%83zI^y@=oq^3PjlST3? z1ms>6u6@dTz5xHOUe@=5kh>!0AF$g{h$FiA&0o@$Sxlx1Ryg;Wqi}eI_xsZ8Bq4#O zc)HIWmzC%PS4dwopO$Lk41_)YTuE+!QlDu84Ew4NdM0~>LDZXX8=VGSQ3J#J03dX? zjEWG;VDr`fXG#yZE~SsxU7VR59?gaor*%S27Xjm_dR1o)nK15bQ1~p{ir8S_f%Eg2 zmgQP$C%w3UbPk`#Hu2MluNdi}P@_NVG1Q<9+&Rs@eEa3vEbbGR`{7UJ+};Nw#kD}t zod^DnaFb~yiFfu$eRro7;Pv_m691u z-7}gcpWUY}>L+z|zO$J1JDm`7qt;&xAiMnXWLGxNZDDwYuIjbqM$yGoZlpaFHI#AL zHgDS-Nfrg9C+MJJYlDnK1&t|aySwo)~WK)2o?i~FFPld0PP>Xc98T=Y1hU>$!Z&(~)A z>(f&BP6Df>JV%jwotVRR-+cS@!_bfw?))+qW;NJNarDXPcR+%I;B>Y5;N2XBf-4~1 zJ13U?vII=MN(KY|QNc*jSKH0-J2$o6rwoi2S*U;*9gFDWKWEtrFPU`ah-Fat3wBFk z0=acWGMjDpsksl5VxKO&Q6q-HvN>>Rj84I7K%gGOmx0!2lbsZXYpE`QnYtD-knDIW z<<0=mw{0=*AL@l{>~=GnBIRn+`(d-`tOq88)q2ODARbdwW6pF&dF{Hw-#}4$3$@Ju zpH;^r(Y=ELlSmdXP$NKw`Xr=Mj-m_!*1nEC#4&Htjll)UUJ+`M)Vp!Rp4Uy^Ys~?5 zrliyyw3r;|^!fAWRkLNLn=|7VdY;P;A704eUyC~o2T*^n_X=%JQdpes`JQeg?UGqU zeSKWug<4`<;RaX0VW(T8GjCaQ9o_eY$VoGGTRhcX;t3d|?A~7|?(n^Dw%M$8pb-<- ze-soDG!Tl((mOR|0?u(U4VV;cNCbCt0E{+<(8)rs|LH@|nK(!9Efzaj%=YAoUC##Oo3d)?@E+WS4s$j{jPy8f1@PcLRt~+%pd8!z~bytD7Wh#FkSFP+FIYyPX21`M1Fw^|r)>K5# zEjf6z7$2b@#JqG11lO2D8AuZdUVe5ZeZ9N8>L^(+WV{U6+2&GzwMb;#0YR;e&TN)x z<6!vkA03*erU8@?7pvUJR-9RBWzedmYkx5R`Dt$Vi#~M62~r7Lf^y^SL8si$<#x%T zNMQOYg3DQI!}kPXeUK05zn%XYIWO_@kJb0Yd8-9(H+)Xtgd6^{pM5zVGf&Iy%+T(j zAhEotl#;z@sSFS+QFr8^Og9G1zXGf!XI!wkPJH5Sb+GFnni&+x?iB|Wvc&ZKQfBgP ztPXkxiD{N>@yQK>>JrwubaHq#7_S(R1(kbjr2K*7A2Pw$$uMq3#Ene+P}ct5jZ7&m z1*`r5D2IlnCdoDy=}PTZ>C$MXU5;s8)=LRAMWGW=GO?y>CbmyAQ~q6H;Ji0%1AD%6 zW!wNdn9WW)k_QzAieHw2D46NS2_i+`p2$sW*{bh7TS-Rob6pHdINB@Rf)UXZI}O~=Tt#927hsuPS>fdw;MXUKFcur?LcVJoh8TK86CpZJwxIv6=L<=Hr-znZM7d z%QC^9;9Byl#g4JE>1e5#)7ucAwQ;MJ?~;c2y9wSvQt(7G(6@)XNc zVGb~}$9SqwtSl81THVf~ERs@bzY_3xgTExjXL1QDZ>Dig>{|WlF>xxlcKCfdm@B#c zT-EEcRwjpP6|!}+J50vypIqyOLfm*{jvmZr_Rl7bDw-!(v2UxPGLrQa@Eaa9N22>R z!V7o%cBPZy4{`usI0g10&?cmXX1Bc8=5}b-uca~-x&K)=$`fhOWlQQwu^hh2ui@ap z;QMDVqNC90dQ1KgoFR`i9%GJD#p#T`sb)8~G1r3#EBbpqE5*orV`N^q)z4b3x@i75 zT3gnfd*+sUyl!z)yBgkaZ-SIg8I(YBsosJHC6lo}5~Y z-jD4lpC`-9h5s37uuI~wS!@lS>wy<=f}n+j8Z8{2MK8JNde&Se;*}H(ZbDr=fFfUj8WG&| zCWsNDN{_S{k0A&b=>D`2$RckU5xS3k`qH(!s3BS+CD=H*K3jvUu3YyJ+iOk zBA6`0t0thaRNc*hl$nFd^(Kjm&<)+`!Nnq2ZEm5WS@)&C*#P$Zk1!Th5)i>cz?)N% z`ROw%6SjoM3S9^Zy3F)7T+rxCbV2crar^B7=ic{=R~7Rwi8E?4NeMaE_M7_B%eqkE zefplFoo}SZ7)Ltwu4IQo2Wm&9rZ>f&)niD%V7TXhh({dyv17|9s_OoLr#<2>ywMcj zKm`qDomaJK4e$RZ*aeCT9n<0CnpG|{h}=PJ6A`#MQzUZ;-`c@HG3B&Hh~a`Jz5pxg z*jVk;xcZP}MWJ@UQp!*NbI_F`N6?K6(sNc|ZthpKg+!V1z&hd*PQKw^Mj>%pDAm#t z;-_Ut`z6R1m%~d#mqPk6?Ch`du*o&oWYg(0jVTdm57I-}AojNp5#>C!UFQj{XD>I; zxbeD5^JV=I@MP8-64)W#jxZX!U5P0Z^O zmmIX{3(0 z5Rbfj9%w7S={f&Rar}45x^gV3etS@bWnPPN-wQzHs8PlPYC=-i+7!WTW8jyNPQ`0H_lBz z>Ja`2K0YSm%xBQ~_!A2)o!uiGU=Ct}5|(h_JT1<(CRu*Z8iZupUP%M~@1-OP({;^v zbm96gVPY#1AYT-=oIe=TPBLoduNxG|U;od1EL3TMwvGyYey5kNKnnW>IM(Dg;hpdSL z(VxTVofjSi)fRMNMfxe(qR9s@Hv6JFf`P$^LWuo;MgSi42*jV8x|rK%L3j64kOf1= z?NrI_Txfsc(5#A}O55kcrF!I(%iQnDsef#jkjJJLrg~p z2#u5BHLTH;D*uz)|L^lA7T~~@(|{z<=X=`3 z$J1E)`3=WQflZB*Abh|*f!(*uH$kyL^TO!7)neV4hu0r5etDZ~u@bq=f0D@mjT=1Z zIf^D=69G_lq%~6Lm2@-MzHRyT(YM~Zj@j_v*w3Bd2wG;$m0{3|ep%0fYQ_8ad!bqx z&8R-c0gen6gBt|__ zwF!sqKc=3*>baFo-Z3o`PQ-yi5u`%pV-J1b<6#nuN7%VgC?c^E*IFEhL!vYHfQTn~lj=)~)4^oPAv4;y zN{2qk-q6|?vdd%H$>Cy#Rrv9vcg6Mk;6XCf2mERJ{|_iE za+z!iRFFtXf5an)#xs@b+>ad7*<3=b*V@Hbn!YiL!(uJeZ(_L$ks=Z%Rm8_9Y_96i zflrz?r zLjX?G?NNOKzZVCMUU5=Th-zf>@`legs>9(=u^)hz!HsM%tS~A*ITQg@1$5n2_K5__uk<1`0!|qkS^N#>TwgTF;MdrI@HU{mVefT4n=&P#8v>2VZySd4YNXeiQ2UAbC?)Zl%U zsZf`|v&X_3#F80DR*=es0CV}3)L(%az^M7uP3*T^7VQbAHR?EPw+A4ACke<2Q6t@* zGXnnG3$84GQ~>9~-I?SHoZ1u1m5(v7^mN_d`v1*yWf1=Wd*s)*QR(g8U=x79cRlXb z7muYRHG^ClFc8PtGu_H8MnBG3#Ox=RCfP!h@Y`g}oMm4pY z?PfC2Ehih3<l#M^n}C1?C@)u z78y87N)?Owy9gI7++6%pr&a7s6D~(7m5dMu8fp49 zvV&V%sC+DN7LYDPZHs}2v z3~CP`met0HafF9)Q3ENaa*q3}(t6A$(!h2az98Ta3dIAmMoCL6Q?6cCIS8})UGd!L z)pR+-1#i2-Ix&GFQg#ROuE^$OzxDXB7A*m7qMLB4I3j;Mu|(byFJ(k!bYD(raD~>{ zyUBKwLW$G%*f&0YarbvL-l3#Ykpz1%Z4ze|wy_q{M@p-Or0n$j|9Rae;@~nV^dy0h zx2Y-PnIqH2gG@|MrsDg{w)s__(L{fXQ%umQ zb*)uEe92cWA-^tg$Y(2rpg<@jV3iPaQHBaJx6%P@SXHXPn4on={dQ{R<^tiCk?O$j zR_k~*9TpwQC#o{E1g)=SwFUTWk?VJKk~+xhI%^qz7g4My#Bi?JD0Os|J2)V0~?$#xEpX!-y4~i z66O+WbvvT|(jC)@!Elnd!uEQg+4^p=d39S9i0>dE3CAmy0 zEd{q@Kf+=J1`T~O@~~zoHJB3xHLDl;Gz_J^Mj1Z6hvR{3lU;{lPOuaQxu$t4Q0>r) z-03i?@|_60ix$#zY@{ZSUaVA-vsA)UbldLk>C2GqS%d$XD^$-D$QP%f>&BYP$_?t^ zRvaonrZYutmM7Tvl zN{tI5bPqM5;AZb8WM`}BWSxI+EM0|G4O(@es9-RL4A(((LR2|rj{2{o>G~OIa9s0t zWZ`LrM$Mt$=E`B!_l}Af2()gnx6zY7c=p(bQmR$TFcZBbEshk*PM;5N#kN=nU3$3Q zRTSWrW#$M=`QBbfE#z*SR@iH_p#GV2P%=)%=`bLeXswYr6u!(l66eQ%C`Oape0TQc z#<IFfes7a-&L=5`sf&RDBcZ_DkLYs8vAED|~k(UA9ani!0zV zfl{Nsrtw?Ix4Ju#*9AcRP~1{0v19@qVie2AQ@(gSD^fSIDg$3Wl(NgscW(4oaZ+iX z-zT?Fj!_nF(BJVxyI4zE8-XPDfOOol-)GrT9B5JM46su?DK;yxl6-i`WhKSQB_dxT z%x$>TVV6lhZYdd|=9kOqojN@2&4o^+g}}lKaYWlid4fyhIJtJFNSB8Rz1L5=DF8pE z)QsD_D~%}?-S`Iqd;g2ToC;5a4F%R`efbevGrT~dR-rAsnl9Q4pT}W-pY85(AY`9~ zPLl8y>+0+vx7*;uj=G3Tuirl=NpBO9v zP0SV?EcS>?cJw0K&6cVd1*=l7c-lRK&dS^VT5jgMlfzBZqdJTgs&cWrZpVFtwO<~x z1(a686+n%s{(XO~zh9gB8%d5t*4*L9=)Jw5vQ$~u+FMv z0COMe0|ae3dMy?GmkF{fdMYzT(AQBBgEqr&$}C$jiMLB6|+!O2)mlgMsN9-G5h#9VZb zVeGvEM#w+%&wUJE*bP7Pk|F>GB4WE_LS2`4#O|#Sj5b9P7`N?}rrvs?OfQ4EK09#; z4cw@*sWmfUU}V_zDPqUUU;Vmd5H|*Vv$C%tb6xq(Mk*CKS6Nd$p@A3}s;|{5_1=~s z9Lj3^)D&4t05t3FbMWqt=#UOqfOOGl+T6Aqr=?tvuzyC{>B&g}f}8cGL~?rXJyG}8 zD=g%l2l+1}#dc7KBtsW-=P$H*_UnG{9oZG5DKvZDlbn^3hRuq*oR5$0I}dh(cfYJS;+dz+;s_m?tV#9M{Av(o8dL zK&v=yQf*}@kZyj|2<~jl3v+5kXFWMOH6v-=Zf=2qiC}FEldK)KiiKAir3^)Q`3B{pT?1Z#rc)RxEH7BlF;Xogn-!TW$KuOcHpD;-G#h# z@NG1$wmbsm)A&UNG|glhzs6H`EYfK#$SvmHuitAiC?Re-`9>w235&LYSf2N<-0L;a z3F{URO1h#O+JO8}Ns$;Nn#?9Dk-JTjGp;4>au55c@DSdTw@%JaYPmXGt? zQUj0mT5?f*zh1bz0Q&O5Ken}ThgOlwSxDadDn73Em#&D}bn;qN^RAxWqQgvBY=2au zZ1~=9haVFem9mut^^8`;TMm+>R^1j8*TTq}P}w#U&hXxaHNLfH2yl{IE?Iy=i#$O% z#8$L2;f2=Nkm5WkC@cyv0nydL5MatkRjbojj8i6_yB=R>p>H7JobWmy_o1{x{D1C5 zGU4F|OI3|%fz%6Ea`AkhR#tRn9ClI=%vXYz5W_V3#BbL_S{CD)OYr>5`)*x<`W20# zrt`8gXT@eJxLi2b>vtu$)VDTbHKrToRxua^(RyW?Z0Hpg1p&s~?{^(cG-tsFA;&Bd zc)ddYMj&|{44FrD;VQ+WrOZ3*&%O36^K8|9{-sb_9U);+Vq_!TVZ9t&{GwZIE@yN4 zbP=`^zp_ZoX`P%U3IioVyXOzRZ8mG+|I6}4R`Tm%+@SM9&H)x?ClT1bjFdWE)iuBvS!V98`YfALr8;hX z&Gm4O;AYQR`?(6pwozT^WYD@F)7c0RUwKJ_td}*?lFgx;oXb#a&pa(fu2B_z4^`)? zwfa`j2fSpsHU&BIa_P03MD9sK{azO>cBK?y0=K`ZKD{15!fPW0P8?S%kj| zl&bSE2*FI_WW)UM<7tzn_8hsu4Gmugc)OZ`>D*RmLY$pOn}%TQrI3PMs_bhWtB(3a z_P-z_xqx_rQ$f4FVL%I55TN^@?Z+sc;E?|{rujGA#f zwP_aqqnTyuBmq}x8m0KtJ=Utt`O6TD+|Z$SQoxPF*)u{*nDAfAU0%iN*mCKyuFI=C zb*LVfzjPYa$1TgLiDu$@b~0CGJ<@q>2DbFgQ9j`!CV$rdZr(%Xud>4GVnUF-lu`><_IqzGHso>wo=Ua%SVcpJ9{MDO&g+hetcFf){=?wHNk2A`>4MDU zbX0#%eIF9(gGM;ivM&iu3B6Ku&z8H`%i()$g77~+>$et`OR5Kk3N7Y?)7=o=6Nk6t z8GtbK8&@5iGz&%{Pdp;wuzkv{vvjQY@ev+6*9+=ZDKTH=!BPq3#f(GW zIMBD3dsRu&`m9)Pq<^zTeUyLS*vv_h!i#UmOHauR?k#2R>yuhz0HVm)*{Zf_Vn+p` zvKnTdJz`>V8!<|neE-TFo+)7p|4LU44>8cSp28p{weiz35?%b7okBB})F6-H8~+qn zk3zaio7$jI=J3)@T*LUcU)FASE74NB`XsSP-q-|mxz3V>0W-j9e_uSf{{31@0%UzBqkBk0-2XS`B z)xyWcr)XNoi#jh_K76?Od$_z2@274Mtjb5v7f?@>Zk{*`j!=NnQXwz72q8b${W=g) z?u=iqRs~K`W?F};N^d0J(#bvrN(2B?$Cd46$P&k$ zJY#aqT$?%Po0oJ^AOEFcnz>qqM3~NW5R~oQsl`9DM;YcLX8@oX84VUN!eW(|CPi6o z*n_W$=zd?0AjF7PwXU2EZ7UjF0`x2oy%70S zhc5v&mXL^92CWXW4)tnA-6aL6hXcjUAMg!rG@LpZFmnxCu>Qwv?GM`rGoW{P8KlCm z)c7$5647cd)P%7p5%TsimEhJqeDvBTRF-!~%W7&B#qzln73wwfLCzA?$BR{Hli~Iy zEB#_eh+LC3oli=&1!U8ON?_!gM2RgoSi^`?Bg#at=$Ahltc_3uJ(c%q)KH`lzReni zVMYPI>f(qaNsQ^`2dTJF6`CZ_7;ZHszw_Uxm`f!%Q78CL#y^ORNR6hh9{@KzXj$|J zXg?=F;?y1$*li5N;Gi{1@U)$;-;sFH4{Ub@ z8(rtOi4j2C2@}Ilu_}cUHt*FRcsiLB_{rhYS@*am`2L(hDV@vvUC9XzNXN<|q!uKc z@n1(%{mD-dlEoPOK}AKOkdiRRarO%yW~T@4i(8icu9{!wxM+LM7AbNa*`G zq_yd}wDC?Z>7fZn#|S7_X`6EU2Y4xk{X&Oq9BBl7IH~E_ZQ`$Ix*_hCnzI&r7I@$M zK9@hnXP&}58KgY>_hCa4pw+~6Da1<{ByRMMB$iD}(Y0)ap(}7HNSN6q4HAKaq zhBg;nOlh%l z_b=AA#C_WitrQ+;_ly-bvr}-7my7T0@?yuj6EB1m8WUO9n3Qt*zHb+}%%192@t3`*;Q>Tsh&fElq zj9&3*zJHqi@$Vyofb->$#e@2=$^8%O4@LRvlekSLG2Hd{igQQI9s8t^Ef>i}Kga7C zrgRV^8GyhkOtI>t|NXoRI3Hm=fUKx?6(8;UWvLa#7snIQ)4X{+P1;3pqAD4@&(>>? zXS@l-YNN55O(p_DV@7@$r0a@ov{bve8kO1~6_|w|8bEla#@OUBE3s7EicY=tB2?1u zvq-4b;GTX82Zyz=fUMeJW&^K2XgmKSz5e%aF!me~UJ8gobRN|d8%l;!xe7&V<_6C& zB_|nkxAh$`qWHzl*VNmyS+eZAG3UX53Tt6$VL>f$d?DTbVWI#|j2hdRyA~3Q&s&{b znOMKcjozDC|26(g29I93Mg{3QkK5D_d!44UIOZ+|F|{q&>&Na;CCk91bxsH8jGK-l*eMd+KHxCiZ`Mn3OT$b3}(MpUT3|B`{Xjl#T_EzXlVm@=Z2^> z@>jJP#^m-w|Lk>~r%hJ=r8c`pBu)&V0nh6q89$l-Jp?z9FWtp@ccluOWpjAm()sO3 zAUmjTzk25a{58wP;@}`6F6y?2^F+W2T?(-VzdUo}hZdT7$^KUzZ6#IvjYh9rbm~Jo z{x;WyQk`a#^MC==@Z)(?nPeeUBeZnh@A0;)wLW-0>j3ZL{v1wp6^p{{d`(+#r5v>C zO<4RJkbd*HSya@(@Mm|qOJg!l#qJ4G2nZTwmVqlce~wMRGLT)<#(4 zS3_2=RHBX$op37BKx+LLghr*c@O+|hjNhwIl`+8ugcec*S^c?b6{tycn{?@RIq1m@ z{xPd+{<*(-2naU-e9AZHd3k(ur295NkK%E6@-qe<1n*?%QZ|=|G9a{8!BuBrV51Xk zTVZqaJcuk6i674Ec9FJwEa;lb8yUw`W+%sGQ7Q46zThTgr)T<1C=0}&)zzQP!QlT_Jn=?RY9DMra6tnjU;)9iBC0J%CHGI zy&S=Z4o}wPG3vK^7Xd6(nAJ^Tj5E~Uq2WpoxPOSljVfO2Au)>$I8Ixtdow$eS^Pxt zK?E~xlI9<^2Z`6`w%dzUS)d<~769_*<28R;q(@~lY1M#a2LUC_vcB#xID)3VJjZMv zCw1Gt4>~E+{gIu^Y`d8wIJIo6^#JX1qj_#Wac-~XF^N6;^xWspHzmg%UQ#x4F=HtF2cTjYodHhYjm2zo3J z1}_#n)K9}|vUlu~0RZ%l;`y#XZzX4;A#mDv$=i(WZuV}uBPQkq12*uZd}0jcp{nsEp@=D;yWWMNo8Ilz~nsn@vLEY}*RDiSP zEobY}5xcqVH=BI0Ob8@LL&kO1c~Jd90AHZnGH!e5YTZuK`EpfZ^!#7wfWkQ$YYJMA z?^usVZRt|nAe0n>Vy-*iObvEXSpc+%>KsElxHX*ye2Tt3K42D6>q~j4xr5RIJ?AS@ ztM7Wg!cf!xn1xPz7-}(Oc-o~1+oOf^xU#LfsT?(BZTjDQCwsSu3Qu-p8x? z>ez=uBG-|VM)vQy`S=eqI9L4WXP&Ika?_8%CX-5^U$Xu~i;Q4*Q=GA99* zDkF*2qD>s$qrYljlmJ0cYomxu_oyiuv7}a|l%WghV|w`b-IfWxZUg$7;oz7B7quYJ zE+I3VFc8!NIrr6W=BGcUsH7PFZ+iW#q@sDErsO!eU^J8g0Yl7`cupD%m9)u$dkTFys6GZ`O_EePZoo%f*$l?4O@;E5wgn90Xe4mqF?|Aba|=^T6hrCKJjL%KXn7dH7f(e{#q&AaDr%Ise|tw>v!oHgkj*P9j9MYrn#W zdX$%mP)LAcxHLRIOsM}PnpI3sRjl%lN>luyI5XqsUhK+QYAxx=c2~XLhl^CVzYk@; z`)HAt@i7iK^)JJ=%GpmAj9neG>lOGmQ7IzHJe@FN>5jiV1=N{n&5tApA(ix4 z(gn36j4~Ruk~Uv#EI?1qn9@}ZAmU$zpREwU96;{N6-#_QeH@-?QQ_SYD=erOqc$P< z(sb!n>XnLkRBB#K_YrQX|3_Le?bI1b-cOuk&0_IMIfd+Mb&IuC?$ot}cXk@7?(j0b zPD-DkOjA8fCJR;0%7R;O7giJwN z<5mc?h1d99%2iAkyKK9UW#7m9dU-LA^h`-IV05+V8;QrwUL%J?C#cA{N1pR30i_hqcMEuBjvM>L(vp6gN`hnuV_c}xgJaf~ zK!{k#2Wl$;NAn$d)@Wa3tB8CT`xmeAj5pU$vk8Awz}mfA=jAJBCgRrFXuI%0OTeyW zTedJMXS8$|8`0(~_N_sJx$zD2FM4`DP?Yf1v^}K#K@+?(i4HGk5V@lt`$XvUhh&%< z>GB~NHumGpZS1z@w|>r5x?2fuA%D=KX=QWC6av9m-D3L90Vd-h$;C72p=63t;&~WV zIg8TMu^Bx?lrtS=p`gvE%2L=G+(HdBBJ5myqP4x06k2_hbKPEC{CFa7ETww=2_}2g z>f;lJ&<}TcxqDyGy84tVy=G}xESex!Fmh0sh2M3UpwnT#dlQMgR@u&wTsrc)Ya)zE z{{>em(C+Oq;83~%Uyq+*avGmk4!N5NV;e#OzVy5vCQ$eKOgc6noF2`qWIUq+5%lCU zlL0B;A7VG9R#Y146o;>08q++a9*e3#f&rmohJ|lFrU}=GV+)^k+jRwR(ya35Zc)sx zszASe*^LqY?rvSqM=_ALI#r^9M3BdNw6s#gx2y25!fWgXZ`-g4W@5Xo>T7biPg%l2xae6JTyZd?t zlSZa;Pl(>akc%*}P4MlH&N8A)rE(sZ5{?!BH6eAgEML>b62pyuzBnA&67w`>2Yf=C zcm#3mk01JU`?6EiWo@|V<&&MS>I5V_ME%Uq>J3dTkk?JWl?g#M>a%P(KA=_;Z*a5m z^v~YpCJUbLzChYz!uCNAD$uKipV|B&6|)b2|Ha#*^Y8S*OslDrB|Js(a2}__PgzM4 zBK*j6Jzi4Bp9T^!?|M9bi2cH}P^%n*A^^pK8VZRhTmYxYumB+xVFrw&3Q}60y97Gpbyiqj9ToSdPEU8?`wSC)Tx2 zFy(?h$Sc!2%+7e!tVjtDNY1pu179VdAB3~Ra9in);EhS-UY;~IE8x!&cH^1sepr>n zD1&)mvl;c`$Hof0X+dyvSET3hxNhM2l!S%=3*Sx5OLQoj z+6b-pF!4Z%=$X&h*Jk%u4=qNEtpez(62V1sqK6e}N>Ych=|CXlgxWrsFi6VUdawVa zQ?=yJ*}R?V{wZd%#}jZfYdIu5SuI)QAN`d_F_-4J@65%Z`uQ6u!NZR}ShAiMKTIcM zBEV{r7Q>-4<;w}&Bto#Ul19uAp0OlUk2Qm1W6IDo=5^)0skJd|4&{R`cIm$*R}M{Si#UDwLct2G^{Pw zO1CHOD>(sayB=5ZMm@^1*=4%WcC?B=%!wOB;(CbsvcIDujC71?Vud_M;-#MISs8G_ zfrSr*?9pz$e|;ao#HvR}cffXzFHJ@#+-ra_{r%6F0%SUOPH~yLwClWT)clmW(l=~p zc+`5L?}QXzY|oLjX3gYq%Z)`c5G%OqkL%YnNS?S!3U1=!zzoksp-4!a^iq@VkBzz~ zB^{&U@deJ!3-zwz)0iW=fqx@Lu3I{+r#3JOM0p_k-;)15ZmDNuzyoI?1dSrpTtH70 zV4IPy;uEmKnZK8kbJ4_COMS`ZbI~S%kwl=7#ETM0d~UPtqZDhl%af2oDbsFDc*Jm~ zM*q#R>%Cow6P<_{nO`@!gC&xq^MNO?Rz{pzy}v#++9u}a);RIs>`fTYFth>CQ1GV2 z2&|4-<9G)1m~p!UKdh32ptaFp6E65M0~HiQeGE|`^c%%(jbv)f z0_{yk_y4~fx$Ka=XnQjMe*|Fqz|7w03UVz6A=|3m#H$Z-7 z=Ehg1`1?n^Ykf`g=jN_l7MrFK5ht8%*9B9cQX^#t&6Ik&{@156QJcM71H*ubNYO5K zD4~ds_(~5p&?eN_{G>shw^s6*G@w(iOb-7xRzhh?#hx5sXI3Fuy__!Bjk@(o zj<~>&*a?ed{UKRry7Wa)Qg@S}3Ie5!Os!5rqf+=kG`(YZoNwQ?9Xn}k+qP}nRvR=% zW81bH+qRuFNt4F5&G-CY_w#<5PqR&C=EyNWthKLl`6oAYnTz@A#;%)F_>ReBoW|xp zY8?^y_;wKR3vb6~n#;u>Xnd!H2KB7|x70HtOOkZY)sz0@QC ziQB(&_Px?v2ir!NBRkb<@pRGwsLPBEln6qQ5^mc?ALf6K>vy5c9rvW$ zIumjHG91ZSKRKrEt>UplHU!_U4Kf7WL3^T^jf?@dd{2^V8ATVTwt>vZu|H znYo;jp%BB1tl|^7oFBbm!4Kj_L{#56s}ujIY3hDKwyT!NrKw7h%J7x!NCK1NKSgQu zDxyV2-~VDbAFGS|-)_4^114Td_ibjQ4sRVKeC}eEweX;@KQhz-IG^D`Qu$43;B5B+ zr_$O6-iPC(2OHl6Qw|mI8=fNS!i#f~M5YJW?`#+AisK$Q$f&CG10Zc=`Ul3lo zE*>(d+Kds8vGGCJ`AXg_|J?5SQ-ecmr^iLbrb+f(Jg{7$VL-|P+iLqlyV_zGh7hti z2kRMuzMHScjQ0{hX!5V){iN#B@!c!{z?d@N*n zO)=h=pgroE&bAAA+aBhASQiL|XjEubOh&1Ei2tZY79gAb-C?wFZ%$n#t9SxTTydyK z6>5Wd+DcKjr%DV0R~ART;ve0OACuY@*eN3`&;t6$M8y$h8i}Xl6@zPQXM@=DYMyq4 zBVAJSBx4mt9tHJ;A^Q;*zHb)8xDUj`Zg*-Um+?@hE?28qgWVf zhh1&FX<#kQp>Vj_$OWWAR^=-~w3-kB(R?LuAtEKSYjFvFlM&mjs(EfAArAA27_Y6q zAc|_>+yXA7*2UMH_J2WS{oWoLANHX~qZ&@o8CX(zP{KQl1YCRp|CCr?rsaP!Tlpwq z$*~0EdNH}*FV7Kbv_E;=H%T$@j@QbAX2Nw9gDHGYj?d zDmbpDK9WD#UJ%()8Dm!aTPPSzvPMhv88B{2L(6Y9AM8z}h?HT5azp>YoXUcn@3c`& zv$!pfkG0Ih3wj#wx7rZ?J0)2xELPO?-!}>AI5|1$8w|$twBjUF1LU7+U`105#M3k^ zcejyvBO#*owN53G4*O)TSdu){w+U=vX^jz4;rZ%tHQVn~T!Mm|zX-9+4y@|4ipt9E z=qjI2H1-{@f2Npqa>PR&4cfO7*X**hi_@mpPsIqY6QsA#E@tQaZ?*{(&BS1vn~oYw zR-#TB;OC;)?5r7@NG7wO6S6@$dHVMlD8Lh?%z=&j&Bnl@jj| zR7BBjzgfE4bpe|PO)QN6H=Jozjwsyl4{35f^&NYe8GW8+L4=}|rU*4l%sWWgvzWs!#%bc ztl@=^T991JE;t;PU5DNW!+i~N~{0NNR;CcgIuzCkm)!t;>j*=%&rwITgiefw{eRnOKrg(uAq*_j=7XND z{?T3Vn#5*Pg8{QujZc8*)s##lX5U7p!Ze>VH6b4-EE(_j5J|Aj{Hwuf`q$Ljn=H`# zZ;Ln0;V7;|iNhY_w}>QQ(bg_j=~AZexm+gVEv*>&?%xBT=&R8W(0u> z=7bBDT`V9v%@?c3;P9!yYlf;b&t}(wFZnzi=kRGVlxAM+(ON%yIG_ZrQUbR+rx3X zSwRl*EKBmhH-j)VmgD(PRYAvIdO7z*u-2T=)9nRQIm;yVkN*+S z^u>_vbb&8C;n6sCAjMvBpPy2w1WBVNwLHizlQH0&m` zx?ABN-U+rA2CiGa)og?(hXj#gWC?}GP-ob;1}XaH>0$8iHNpL7xzM_C ztiI?SuYVZ@0~MnPW&=<*ZJrFr<2qzh=M&m(c&L^|?=nx2+g2cFTuRejm5%pjds8R1 zYRnBl5*-eIe%=vy9z3)LN1~+~1nWY<&vyUkked7%W`n|MV<6kp5P5R7M^#xEq9Mae z@sG<62SOD*05PlO$9(|)&xLUN;dQxT4% z6}nNbE$I)+yriqi&4$+W*fM*<=g5{RlPPp$pB~rP=x#8+N9#M^!$W zCzw*}5X(1p$lqjhaRVpzk}VQ*JiW(JF#dh2Eh@8sZ@lQp?fag5Ia+#b&5gQDBz&&Q zv`#eBi*}S+|8rY>e@NIDP^8arNW~E@?w<N3jy5S`VsSPLMPjtgPk~n@MFczP90=mHUu%CrL z`7U2P;HSfY-%&3uE=Z+$V4FakK5iTNx6_-6Vhzk{L|Vk-jH%XK_C#Xlv-ho6Nx0rwK`XOM6yltNP9mwX ztxXRdS}g>(UKL8+OcW<_`nGaoHH2aG^5rJ%Q>Ll!$A1erEYI$=v#kG+@OiAY+r@~gL-j_VAcqm-ZAATzVDl+q+~?d z)qA!Q&!0iBMH5WCnBzNfMy4It%Ys(3d872jX`0O~O$`sm9=eTgMfm(q*!Kb07e5bV z`)}Y@9Xf%3(&MREEjQ`o07K()!MfU}28(!l0DKeb&fprM5nsv|%ruVe&4bCH3KL<~ ze~PZM84DhN_ndG<_iy`UHO44#QbYoq%Q3P-DgKu+Q<+r`RurtGu&ALevZe1>R5Ku1 z)KPk)M~8pY?{qWxW+p_4#>3SAeTR!5?VLL2XfJ7NRZ)f<+Dxl!{ zpduW8>ZO{Zha8M&pwooG~->~LiI3EZD0 zOht;h*_=*yvk~szdvVD7HxoSA*k3K@tITTN;zUEN0GkwcwB1k~@{)hMzOlhw;Cefz zgb_@jKyS7e8Y%w>z{TBRF@)B5i!80i?fL9QK|XclSfXGYgzIbnK{!k4ZuPO_u~F5w zYa!9g!g5+IW)AjU{R@Z zebKP#{2o{(; z7<3l7BF~WNp};y}NyWYzD3W;3g055_TTgLLsXxS9<>6L=KME+Ln%rcp-eFdV!dhKt z+)L-OKo`FUnCqFWc2GUuc;l5!0;LzRuXbHs_oY^QJg9smX``$6y@ejRmG!l&+jBSg z&mLu3T!7c>x8@n8QkIDgFDm~bHMwKr?~(p##Nd1@k;<$ICM6`ovT4OU9>Cs%q$#Tz zVLI$08IA3F@)wl(OHDVFh=9^UO5#w1Hl{?QO@m`_D~*GdApK z6Xa8>s@;6NCukFsA4%>*|~DO82yH|NFO z+gS(nQ|{ zz;4VxnlrTC&Ho%h`a^$ID4j6S0e!$^(|1#Yj$a%kIN@;n7I|MKCq3oHA&F_NrIKIC zONq`M(SK+DRsAt$(i^^Ow7>GryNxOP6K2Q#ZnifT({~GZk{gD(V)%-wQ>A3e6=$W< zFlgi1-Q>frO)qbb)eG-F;-z)atH-`LyA##wZ zLgNQfuM1dW&XmP>2+ix?>(UvFUlq+kDq|;aj6)fb+NCR81Z_WXZfOJqn%h z+x$>2=QZebnOlm6k&rZ8In5W@HdkW^<<~GwJIeD^1^me6;J+k^fvo$`07VXN!DjTN zMeJh4etE5w38bFq|2PzStyl3>+qTKUW_3;vzsO5sSNfy)qym?;aA^HbUaZ)Eh?E*H zuZO^7T_sCCoC!-e@tl`qd{cK>qP`K%EQi@%<>nE z`*v+Hk)YnJMGcapzwWy@NmuT4kM?I^fX*vg_LW8p+wCI!V&Sf4H`LmUvLacT;Ew=Y zn=&L0RWf_qPm(O+tS8dUq^=m~B_H8VPQ;BCXDwbeNIBk{TT^JgXey%T8nSp-w89$Z@v0P0HI}kVkZz;dp4`HbsfX0*!3P~J!of%{;c0lGR^U{;il><0f*My z+%AlGJ7LL+5Ha@wF?ubs+JAjN_+LlUkBCV>SmM z>EL7>-VscCI+{1Oo5l5i`uyFFW(2T7a{7(AK+yApc!iJWo1OV-wvuErq^AUIxHjUY{Mncl zj`2?YFk>Z?`ReWUU7k*K7ysc_Ooi8RnoV3aCDV?@orFih#6LM{(coDe>!kj{l?Ew> zr1a@xd{~l*XbLw+^FO{yi&jHW1#rUh>p88;7&O+Eu+@88@StS!j_xUnY!1BFh()ws-A}FbNY~9!cq;Nar))S?a z9{b-sS5e9j)0sg96qCjiJShUnq_0nje|!=<2#VH#QMQc4|LGMe9#q#m37iR+1LS_< z`00PWvcku z?Zy#C?US=3if)pZD?1-C{aLj+gnu@h)8TT1%JPIsj(!8g+G!PatI59yVjUiHe$dHx zG)-mP1wc+=Z0DCSd;Cph;RJ%Td`EbjcLy5T*=B;OpqN26z+}5g29;t z%U5=thfuY7lcU}hL-=~SIa(&|GF1;WGZ^8OBt8vZj;Dxs02q~dl2mT~%j!@;9xKOT z)d60cPWfU~6ZTW})Y`R|IRZ$ISUY?=z4TYmf5s6@Xo++S#+ zUc1}<&>PoVhq<#f&sgtj<;wim%q1d$ixRt`R(BG*9Q`SHFe&i3>G$b4%c{zy ze}d2XCQ;D(wIBz@EGIgbJpUE;iuLBMJaa_o-SoNvG~_iSC<%$zu8YQ7%FBfLJF z$zH%V1bq@)s+70XJ3J5qUqLo_0jNe3BSC1Ib6J&IF3JV7+!m1nASCm?uaG$JKf|Ci zcz;#I<7ZQtFFX7M7+VcE;P0E*#Ep?QHQDXLOx*rDhvTppw7rE6|6%mmxe9bOro8vZ zOYQ^WT!=Ha?K8gtGBnEI^Eld&ADe*`r~3R--L5X-KBsFmJFBhln=fV-Hr1P*gz!P; z2$9`RBO5*Ix4su0Ev7z}g^UCkg=4{YKs|c`(j|~hDrBP^hr<3HH`%Fvd-JoWa3PG44lZ|j2oUCXP@7HFA$TwA&6-g`Fma3%lkgfklytKvMh zPPv5b>3MX)6*7J<6_1CG;;2kX)*y1U3usdZ`{+4;B>#b$b{iM%L;dd1ibnPAJP>@D zQ!{zu)m8$jdN#(C&QLE82U2cookEnV#m8wyMLjSsIQm{3PzswmAX{t4T4$Z{o;A{8 zE<61{3?(Zrm?Ig>w}JRLPfM?k3Uv99LxDl6sH)DyDPN=WhEhO z8b(ai4Mt|Jg!yi{!$K{`V$Th*mM+jXz+Rw15j;pwC34v+OA)Qx<7TJlu}u0rAG0uk zU_k1ES#9u~{aDr9$JB1TlphcbwA0Yya|_aOKBTkiz=sOQk8ap5(%*7M!NCUR@ zC1semRKG=5vUKmGU&+&+rhi05yq$iDg0xBiQB2Bp}To0fg z267T^-B6mS7U=2UaPQj==vH7H>GzLHXCPfaE_h(3qUx=!W+{djzL(H*MrnLy`atGfkys1737xfUep-*E0*R-LhqeG=yZL`yuG$&S6@ z|0LA_g5!)7nTsLam1XSO%8+Ev$g00QRV;&3HAs_$Ce;%0@0g#JlQ}oQXq0zFXv2q0 z=Qg$yWh>n;Pw{;?m4vttf_T6EjOUL!`cvS?7O~pj>=x&@PsOgBy{?LT=J9VEhuQm zt4)V(ALSLjBlpqNF)7>Gz}p5(AN-c}tyl&{CCBzqahJ_+LUH&EfVx`3^o-Fi?S-<7 zsT|3?bm&C(&K!_%0CXM@uy=!_pk1=>c4;j3#zNe%((TS>8CalkQvcVE=gttUiITcx zc|VV1r3)BVv%R=5QX5#$%LAxhDzws>c%|NFMd)38hXgF|>unPa)bBCoBf`qLsf-3R zd43<=p@%rWTR|ekRwWs2le>I>?DImHXpwefbNES^5WRReVH*bM(9(oH-|-Hro%{R{ zRO^yus*(3=gKQ}20spR24({#AY_345#Fhsk`wXj^j};WT!b%^BsVRp>X1e@%h6APL zB3Yf3nzl&lg(}JqBkgpjB%Sh9^r+Yif{Rp1Q!41kqMbVCf$Ik=qM@_Shk*OyuwM_# zJgYZJrL-5nk)GE^m2&?a!=*%p6YTv}I~rfx zw?5kGoeIC5UHOI5pVBL^cSneONLH0;i<^mqDbq1_5I>&O$mu=0)?7sh6-g0!-0MUjD|NR3octP@HXb(�`!@>dvDerA zwAlQJ`D1DB?C>`0#1MuP_pVJO+ga6@mCpAzaB zmmOq^Tv@}a!&#)~JVRM$ns#+R$fy{fIuj_kO}<`tB`o9o>cf0|KkKP_sV zX{=^|ec#}6eoy|d(t+ru|Gb|t+RvI5l3&fuTF!=X0J*7cH4H1J)rcW25f(AhV5+yQ zYbQw}kby6x6e?%v$DlpV=l@2Ek-Svw_A5uXK=!EJf5-x}xkwgOLra@EBIpr>I?G{O z_TaZ!exZZ^@ekV~hXPU5fc||RZkYY!B*Nhq`n_nO=2aQjUH^1;s+B@ZC83u#+5%;p zO}enOZT!^;JEya0U{h*Ckv!#DEL3@%c_&C$o1x4t7|x)_bu$H2vK~bA?fx!`>0|K- zv8g1pra&V%o0^kx9ZSkpTJ_ct(v+2|g{6o7_aSvV$_nBYfSJ+pJe*=#T)NExfKM zEnE9YnX0L!yJWk8)3sdH##CMGP0n~Y_pON8MzSVDX8A7WfiwWDTp$C(`N%bBwhS7W zc<+(kKW2fu45M~|p-hmb+knlarV*5gLLc~PiD9LP=T6FS_csDG|Hi|HcU zBFOn>$EWy|%Sg`B=aQM&MC{8q#)uFLL)ZZT=utWj#(c=@as9=a)$JYqqsOSxH%K;| zNXS=pt<|O^=&?vSIV!TFd|?&*RiL<8GF;#e$BNY5|HUeKKrr+om3ZrXK8#4!Bnhol z@yAAPOE~k4QJZ*_z(T?^3Xk8GSXUt-rGc~sgH{VW)G3yR#WhiUs8G~rG$9+(pWjFK zs9%D;&P-{Rtaw zQf5PS<}xcAm@YMvCk?Q~rQ}(N&$yAEJ$hWo+Y)D#8%U_UUw_(voR;m|_x&sjngeea z|857bBA@U_4vw`>QC3l0K|0CI^<2~8S0bJ2_V}GivzsmmX*H(AY|^Nl;=j^szJ~{Q zAquNB^wrc38_ir?NC9@Ei&(Os(>FYvVTeTrl9QL4!-Sbb7@Z2|Z^3}-PvBp(vuM`u z3#WbWjSh^Ggz(;v7mVrBqU#||>FO2Xn*}bzk0fyu%g;9=NozKTXsz!#Yt z_-Rwb+Az>*F(qRro=@ULE>@|vL=F0+6Ssc^}OCxlL;|&0wJab z&hJk9E<*gp{%|?OhO=5bb$_68GE9kqZmxJz$L}BoD|ZQ3{jYQ`&TE_Acc;p@LykSN z?N3FS{=12A9#ka+Lh7p`Zq2W-UnlZna04cp6U8tNEyGi7=GjqiQ*-?{k-tk?bAPTj z7$A|XgkdBknG*TDF8OesEfrNZ1z?M^Oc4`GBB|-(BryXE^^ic9(h{fP$V@S3jO3{9 zx5ogjZn?^Sp^$9i!|~$ggo+0H4@rXKkF#m7sDR(DU)T?}!B@F|I3@dFsv>2&Es|A{|ydMyM;Jy|@YZ zusC*Rsx$zM;+(utK|FX1K%yah0dH=Z35E zwKiihwBW8?m&%bgzwNS0hfu=(W}${R8#NXV1hTd>jFo3_WxAlxM;zlMZEfKhUQu*# zo0PeqU~#j*u`>WBA)Q0w2%WrL!}gqR51Vz|FfmacJ1sK-5?+zztzCh$`dHV9bvz`P z#p5J9a9*LNed*YLZd^avn8BVlO=!GXaT3G_I|wyytm!QP?`PMn(6vK zfGJIgu+xDN9!bJ$-p`&INFue0Z@JcCOS|KsR!t_Omm9YStwKNQM;nl-sZ|=dEtTM@ z34%v0clvP}4^5z+_{(rM)B}EyogT>N@){gY85D{LVAUXB4_ zy>{$towz8SK2)DK)jr%U?ibK22SWl%N2Ab*YfV7TsdVG-7(iEGzx^|WHu$m%CS%2o9wGXCl52>;ojx3QPv=KZPCdHQ=X>fLZYFZYPS6h$=KhO1LC-rUhgPokK5Mzi+}1~PiKU*)(|(_;-%{a0 zw12{^+Uj)ATh9I-zQ$D5K9I4@U$!?uJ&@6OloQn8eDvAdT?t})YdZkVfL^M+9@W|T zEp10E6ak0XoEabLD;d_-Hpq^7WMrgnhj)ErW24);9uw|MV5Nrw(T=7`Cg~n&fjqD4 z*4ro%aFFKSCGfH?t?Gf}uw61)*0ziPWU+JWaQR;1VKoeAVa-O>JfM9Hm}yz)r-E6n zWSPt|dacWCJNhA!XPq0kQR`49WA#IxZM%pA@L8^CcgVKopKP_+`f>R+AF9vDiKEAL z14ch!##89{yyn;2%8u*{Os7wCLY&EB=Yz)=CF;Mn@_S6*2godc;Oy|P`%zE*3ci}& zl|Kf}V70@f(rv_j8rY1#IQ)i?IM;D_INSqlmHIqU zsCBJ}vf<4}8hkt$kYzDa_suEb%#2!1&=84OBE`lVWZE>AZ8!Bhi@e)hZ3lj+wem56 z!J?6y*9uE3eBv~!@0id81PGDK{FPQWoFH*4UDa01B!~4{u7Q8}0mL1ED-kNB8;mmktyhDq;f}U6>=VE5mq4QS45$udmMowXT0IUS~a?+$UPVAEq~O z6vA}%w=K*oxZ6M`M}^bUsg67zpCVi%5OUt_)$@nC?C<%sgP>5V-HFYLaNl8Quub2+ zDJH>MOX5-xkZ~sAD-WFWFVoVV20pOKz%m>*2bjTnv(h%0_}*Ye^CKeHI(&z{nhG;ta&bIU#o zB)BW0Cz;DnF{!A+N)Mq?BpbQP*a;0Q#g*B2|Kg(BheliuuU*K4Ri zWFvxJPj5Z>jHN7INjo`fJPHce5y;H-etf1mZ0f%MvR7k&^gT)niKW2sC={1P&1b z6#vGKMi6iJ=e|8ii=!(X2_h9JTx@x1q2^A@D_>XpWV!Pcyh>Or_we)Zs56%Gh^HrP zXY~18j>>$7{4Gl1a!pC|%%MKN^?)D23p9*re=JoYUC-FsSmXZvC29)mQfw?MppP%)6GbnET=D$L zlrrimV-GJyfy4;$O@w=}(!qp;TF~q9axXr{85Isx3`~fe`Y(7#pRMgX@v<9IZT{t| zpZ_n{FX6Sn?OsfDhEL>}%VC2wKQwDe|2@Q=kzRN3pw0viMI@D;%=S`6nQSzv_)H9i z{*u*{uA|N3bfu-)^%y*Ys%;TW()e_-ojC z^qN!NW#e_8@h%t>ccj<(g$PM}4=)1X_K=Juym>`S2nBAFQgqMMrZVqHYBUifkPJ^r zz~AOzIVooxL?(b1i+}uiBwt5TMCL11}xlY6RFnuVfOtB0SWwQKeFxA7 zusELk91%1#YYciB3B&by8lzCZR)o|%mt2_GT9Ykjr9i5WAevQ&qhMpmd)8O%{?d;Z z0g+%>Vqo_P(i87(etE_f<0?g?u+_OH*MD1_)9QMg4m7GsA#bCA(4@iSa<-5G)JWu! z+v9mNPQhChPeWLr2?RFUNPjj`|KcA*%0vRb`f%F)bm=T&P!TL)Y1hD1r%Q-{N)>2F zc5*19g83K>dNRH3H!*7o1l96~hmN?usr6$XDgVxS#~C&40}f={78CyiT{>Xo))Mi<>W@)3Qdy zLYmBDs@*pumrYjgN=#d2ODK{5ja<1{;8ul)5x^x3vJ-oY$9Cv$LMe9pxI;D?VsU=K z%dwe1+^2@>V7+XFM!CpA$tYZg=9H?O2eA)H8!0S~42;xvXn9ag0(5@6I9g(SpOE-Y z80s2s-wGtHH#o)>$g-S*`4h6T)Y|`|d`K46f}t9awZb>-?!rKK-q^m#R8JC%?mLJv zueX{CPDt&>y@u-(hDjEF<}&Uoy2SgnT#|h zgH-R|VDfxgk0|4m^cN4vPc!K{5T8fW7ZD)Cup|SUMMm<$AUnXmTgm$LvEM94rHGV0 zPR1|x)5itXnof|O&Km~sGw|@J(N5S`N_h~{PBayISW|g%K)uM|UW30|;?If}RePWP z0{tYIlYVjRg42Qi5#GhmZt=DZZ0wbYd}WFj%J|`1}s!f0T<@v$GK= z{!&b8!A;W%ZjG&!0SR&BUVBiJ*)&Pm7-j1G&NKY9<2&-y>Zg-8+g=|3Hb0<;=E6`w zCstc+RuC*V`(J?1R-KgDL-;2NX1v4N=qEm*UdH!WJn@RC9wJwapm+SQ7J+@p%E+nB zdqzJ=1t*VU+?6CVi2rUyeU_&2*O_qmOm+_PDwFz2FKQfZ0T}{yNG$|-PDXx#B;;rq z>8ii>x3<);@#s)kH#mxa#l4Rf{e}1XS=*zt;+1K5SdPC9R65#%;2~Y>`tSL^#crIp zw~^dz&KiSi!z3f_c`|2BrqD=0u39tSl)Jb2W2SS5vdwlkLts(u_7mTeiM&HBhaG!i zN%U!mWjVAvIi#z;wOpyjoTi-Y4%69sY#j`P)KDbwXJCJ&l4FixfQ8t6{A%X0y&?32 z+Ld91KtLp8Zb?XTxEzqES$<1TBv+8v;V#EzZ;S_0k;ew{f4)Q`OV4$Yj_!bJy<+^* zt+7g=pxy%W#LVIA8kIOvygT}nx8Oic{wgWG$Z5F|u(NY@MbzYwK+~o)DR|#ZimU;% z{Z#F{k*Ttz@4&abqu9@PA3}-@`rq{t-<{GO~W}?X!!l*4Z@F~A5NZxGI zv#z0Q8Ug2Iq1c4blWT1(Ij)mubrFV}ft+X27Uq|vQGS|!w>_D{;Wb&XC`kaXN}+fI zfhSunDmo_Xj*RhUd@;}OSOhs{G}w9=SwX}z?u{B4Zg?=}=o{g{lS&9lKEfSX)chL{ zwDHMM2tpIsXgD)%Z9=ukZZzO30ir>NTp<3$ho89nC(RN;1#%d1{WhP@K|I(B5~Cv4 zZXc2@rMR2#f{d~-x+YrQ%nMdsWkbRvV`gS_pyxytt#ot+2^SzjRhK{L^N18@%Dbtj+T472USYT+JFhixV+THQLXj5-SDY5e^{fopy2 z)w=I;+j4~8Af~XiYV=F&@JU17;m4e6V)?SsMt~(c!xalAHsNyDeuLUq8#&lm!tu4C zTv~RPqU`_uxqYs{1tmpFxi8%|bFm%FW%ZGCXPY`lwf>XuuuP$dB*8JSfNyv(gTO+qsNSXw zN{feniO!9gYxZ{#)+W7ULk7j+03VjBo1EA7|32ja<^OI~6xlq+c3AcNkoK}@3)Fl$ z#XtR&OWPN^tcB+KVgoR65F+v+id~lru_+Ju`Z$bgPbkkmk z8Mzto#>a!lgdEKFu=|P`-YO}=t1VuxR!U56fhU6Ze+Tiu#zI~U#8po+8dm{;@}PD+ zrgQpPrPod)Mx-OJ1)Kj{*DrAz8k<+W=zzuIRIC36hLL_auiCe1YM{{)F43&uOwWB- zUBXZIUQ1@2*FUJL{0HtEjA(KyYqNQVDn;>Mf)-#+nXH)2OR=PUvkAkG0lctCpT>#N z^!vRIN*x7QR(lT`xm~9E)Qo%X<;Fva`FP^kRij03{$ELwdFZ%w&TLq=hU=@amru^o z9c*{8ol=@4FO^kRk_figJYEGYMxzvoir_8>$irHo zNPy%5g}a^X3cpX+8APR09P%lKz3B|(rJ{BTFD!OU$A*Z~OvNZx!GcX>RsrL=oo$CDOevK^PeJve}c<}^P(31|Wji{1>Cm;TDcbK|2O{83G)=%dzBdY3IlD|-5 z$XM3u{zXzF%t1%_afI#M=+=Kqy~ePy6p`cTGmiW8GL#yf<_VM3 z%Rl#7s9;oo4&#c&Z9Bj*AEcU3t9g_s-(M?&@V`rJD0z-j8T0dgW5rhfUDoK^R|3@i zNdf=Vyt5LYd~KP2x9b~Hf!jvsSN=XX0KN~^?fyp}JlbypRR!*d4Pi^L1`z_{DVom* zG#~ni0gzFc@CJ{I{-yHsUIyW`-rn}I+9z)px|1&bU0hz5U^S|~Y042VK;C3>KzXPh zyPZ4?Plz##_0DdIeBq7wX$Zgh6&wFwhV~gS^V=q!CYM!N%}4?AC!_~)S;u4gA2H?@ zxF-8U)7jm^Kj1wZR`5N&@^9=H>Il(X)r&DImt|s-M}2)&gN`we)+x-ukp6`BnSxa` zlZ{@IAKjMh;L^vnht3y``u?diH277jvJJ>fO1JTYheX>Y&4&UddpqDlA_K7bt|nFk9>Z`Td*`MDdrc3CX^4HmhROj{xwnGPmj<>-LbiPb=cO&A+<6 zvD({*Q<--nF(y@lI+}~;_I69?AccYninwhnk`38kwsc&suTeNtRT~3#MxhqOMjBb0 zZ59WdbYIsLVg9bi*Ddnn7vg!tKsjMg1P)J@J^6pB<#;gRhAEg#aa&@#Ae1 zN@3Iy?b*(A0`n+gnvm&d$Z{!*p#?(`2B}O2oGwKHUvH|k16dmVFxeGh)L@DMAn7;u zcRyU`2O!H8CM~n`9n=&;F(`OD#7Qo9Q z2^}JQWS8G_R(>iqyf_tQ>oI?!ow3rB-V||_#B^XNU@ehFJ!SUr7}}XQlKQ^;2PZkU zvUM=tUzLE)jsEoCn;7lb5H8Rf7o9X7IT94Pno3t~)Ty8!=T_^&$Pslxsp-fVcDof} zqw4)_bP5z872tlykPjM-%`>I=1$AXK8iINUS@U>z6-`vTOjcVn=v93T1QY64e~@16 z4bufL4ET#6ZIRTh#gfMIG=$w3?giRgjfhm;KAkV~P>VkyFzD5XzOD9Yqo?xH0cOUE zE^esbqV8PoG-KSZuk;h?EIHVy#0)xJE|A?@J%~%y8aZ!5;(kh*vSs2-gvf+cKPZQf zbeV&o9}nM$s7%x84O$|9u=#4xreQ_9U#?A}UpP~fuhlz$ z)5;f;-w^c3t5Bz9DyFenwu{FXL-&RZh=}w-Q5GA3@>n@~g?PzGdmqj7+bfjQfVt8z zWdwuqQB#4yhYf%`kc~>7&h>C<+p}23#o%}IjY3Tdk8#xRs<9Ao9EIyqZb{rrCB5%CZo3hLb0qu&(qZ+ zMNK4H|WPv67`WVu!#X*etz1SZz7FS_oK2XV;l z5!sWb{lI6~({=Rz5i>=wMULf95nE3G2J@M*o%+)8xNbD$ct_%U0IwtuLly`MF6&5> zK4u7xjas(t`@T=}=)!Iu=bx5s^)kxP(y5#Vju*^r(sM8&P?%ZOOZ>-%h7EPZ3>;(& z4@wE$X1&q97hB329!gkK@S7wAM5rR{2ofPeFrP^_m;H0yNda{Ie zeLpt5L+9gV5fC1tGWhChjdp~N3)<7!wuu%wx!E35pG$T{pTUD)$*i&MV1XuS5xZjb zMr`aX_FsVz>{j0J%W6ltwD!1@$PeW(7bvvNCgwZ}2rB;luke8h@E33*7uI-RjsI){ zhz7Vrn-Sy@Ny; z&(38C5E62GEFz($63=-i3xl6mez*#-s6$w<4pk$1a05^z6su$)sXa!1cvNsqqNPrU zV}#jw%Ate#zh^V0l*_tTLB_^-Ac3^TZTzslb%6{%^LBC-p+=!ZE*5%kDx4me!1Z$z zbFeX8ZmhVQ#%tGe^@gvc%o00!ht{Ie`W!CtS#k&+uUKLi z^i{Orjo#?dwNT4P1{T7&2BMEWIR)0NrpCuWpwO3uk(Tj6u#AQ|g<~Up=V{#;t4BM( zXrnGrqT@C{W2CNAZ~X54 zE`KsGv(G+z_StJa>shOK2I0{3pu5HMBCxMI4eEh=O(2m855lCmA{~^I6(s2b6Y36# z=LDsRR~}H6i`4@Dlw9ceCB&$Nk9zgJtiGpMmM=xLWtS({UT%A}xD#`*$ z-d5Uqb8`c~`m*%t!C*VchU%P=8i&UEW91Jbq-l*4*FDm4P-kTEstVWDjs+Vb_$jH8?Z2H;cNl4c20jWe zR_i;Jt@DJp{<3K4|1J?e2RNb%wsvo$aOD2Lxv!A zmt{UMHOgSO;S`PZEq$9+i~H^YzQ?PISu@CcgeSJB4j)<<`U6} z5riMVb8#@PaoV_-5VlX&e8#d4eIR5`(eA8{HH)HOZ*D}!qOVyzZam0VO%=0=TZ>BB z149EWQN7oVIogqjF{FF~wk@e*ZoX0ZMF5;#q{tkBM%^R(vX$;bfMDhx zwnVg5IP6l`pKGMYF~4XGt9ogDzcC z;LU*YAJA7}Pe7A&#+IW}Y^cwXy0uGy^S&SL5T>1e9cnz*D0Zuq&UwW zZiAJ`nKi`)`w&rHbW}R0rzYY%s2>3lYeF1!*e$Ob18UWBb<_-I41cgfqn=n(CA-{A^AseJLppeB>akV?r1&cP51gzE%H+tYF% zbK};TiQ@lqQdwS?MM*_>#bMblXgrr@{_KLKRC4IrThPPmbVC$~qQ%$&5xa;67< zB2Phv)Sd$#rmSzkN5_hp>C7jt3ZEvKda_fyubzH?QT)1vStUy-87qa09EcUQvQgW~ z6Rc4(?@uup9+Nni1?mtWp9B+|Xc?Vkd=`qoQC3i}pO_QG`P(Ni---7xD_`hr%i{BXe}b8Z8x1%% zGQpY5jo$Zo@K+*F`xSNfnfI{ctqH9yzjA?~-rxHu6Q!ws^cmtRdK=52`trxy!*w(3 zHKFV$K`&59aE#!>>sUO?-LCum5o*6T#ut|39Xxoku1+C%bc4SO7InG6Z{NZ%56MuJs zpR+H|W#Qc4wLs9d5(GLb&sZd}C^7TGlG4ryiOS9Ed--uhg^K@hE}xy?SX#55`}^$0 zRS(hE_ieLj0FCmvngeMNP;z|__G?p_NF=U~$+%0Su=$lKqG@s2kz4{z?$~h9?Z}$3 zD@sE3a`c{l7GpD=(F~n}twnKDnaGcljrM&~9Lm{)s~KZr?A(3-S~*zHdDE3gc+uz) zztS7V5`MA4CNd3MW}ezLcTbc7VN6zoRe=KrT8*og)ny(Vgup%MS$3(cgSL`XW{7!t z$hx?-JMVg6B9xy7mk`#foB3avcFPt zIeO`Y$IF!SlZ)gY1kHUdHIQwvq^&NW?X0YoMt#h6TK#p|UzbaJhz`P?Jtc8!k}qr* z8OwVsZ=pBVu)5WZJzEdd8^C@W#4P7j&bDOaZ%&)+wvGU97w?fe$weMp{fGA<$3d+8 zUeqj!z{>BQa_M<;y8`wu0LxGz6`}dV!)c8;{u;fN#&q)WbM0ZxWYg)(t;}RRKls7y z*B$k3LNq@Go0GG%br}iY9OOs}5#pQx7IC)?#5%l~1_vhN+#qSOl$06S=4MeQ^Kio3 zbUo%wo1bUNRnfz2V-&MyVi!QLkjC4W`H|KuH%o|n(~WRfp1pNhi(-%4=@BnH-6>w4eUSt1#D*(fkeT4I1ZJ@wX^kQ&6`NYM8=Y=;!%W2yT|LReY`$D z?!40qjzy|$w}CjZG{SO34yV3zI|Ffr`feT2IfbYUkXexjgu~UWB!w&TWYFkvs87d6 zp8yELIkAO;p!eL4UfHBNx43|k5z|vwY(QnGa^iG@i8!P zrzdzb2v}$J(_CVKS{PC)#cymHAh+uc;qGT8iCtfKZD(3rwSbk}F7~-VY&iJ*U8URa zc#OXJZ*Hnh#}>j<=`+=GCBIGkRL4@CHuJGuXTv7T3}iD8=310caVQdlzf3Y|1ZB@- z32SDhgAmim@LvW%YcVG#c$lyru6eG#ZzXuQ;&V=nL2*}(mmdM5B7kG z5$53Wm9)qL;JGSoC7Ko*(pq8hwVlJWtQK$?PCVa}XjlB@g?-S#`bsg!D$&>?tCqc0 zcn{(hVj79$^4#ajA%*bE&b%*}jD&*TtB*_WVj~aX;BIoersrnVPw4*U?9cf|RIuZ7 zX-vG0AXGJsbEJiJ^q$gfjq=fmKOI;Li1D?B-WbZV80ajmVk#*vcvj93h1aP*uC*S%$vyFQ9%Xw24IdOwg`z+%l$ z(h*3hS+9k~M^78l4EB-|k6X)_-d2&QE0`|FIPS}wgk}`U3q3>9**0vpea5!& z>M7%&y@j_=^=Kx?7!oog$XX_fT16?vd{}A7U_p-**d+lb_L-*4KC`g8m4+3M6wz<0 z5Uc_q`e(u~Mk22tV16cgv357aFzl4^=IdPg*tw{)N8N6+p+zWdw6j`fF#{br0m#?q z33K78P8(_f-U+NMt9T-7))Cct0&ogSQ{G;J53GLBsb=XlzIXF=N*@$6X`kjW*W$pz z{=z~caFk^y6DGj7X1)1qVM6-JoJpfYB@V-%HpO!)VP)+KgH2keeZc4H<7G{Vp!vYB z4Cj+yD%hzJDgc?AP$}x<_f+>2FH-^S83nfPvGT_tWn&>P;>^n{4cg~RhrZVdw=$}T#)jhu zdY}@j2f>TGqBLf+^A-^Q0Tv6N)AUWH>z&-^tpU|VFQM+@u9=m-2zemcBo8kCxrH!}oY=lesA9eyq2Ejpy=^x47$eReQig{{! zlKuU6&fDWe%p-~AD&V=XRR$}-1Y5Jp>*+AtZ)voZK9Zg`Bmd^p^+GBP+uyGHpTnA` z1JY}N{FpK5xwt@)_GY4MHvmJNe(wa?jf@;r1$FXSU)E{PihFOc4yA}?J=&8dmLgAo zZ}h&we)UB?PT0*|^;*ByIn|4JetvZnFzUPFb71dQ5$-kJAB@92xvc*l7$$u9jW<}L zYi7Dq)@p+Pozr2q_;~N+)0*wRxV&QfoB)%#&q`^Z!bCH9{QFGNhOqZqr+p7O=Zz|$ zW1Yd>t8i0(+qwQm2t%=Rn8`RvbD9x_Oj{yL0s}MN8>Ob9r;jCtoE()3U$X4b!PYyt z)mFWPLJ@|E)vI(ee+E?~tJ%SsTI&H<>D+bIMQ;_O7mm-QLcxSeqCic0!ze6uwaFh?w&%p0M$nYqotWm$4X;Rtc7GynbaO}#PC z&y8*m$l$2uFT3f^qx%!V&us{=iUB)u7sj92>y)G4P@gH_W<8=~9*g0E#L_7ZKCRuU zN}9*oJ3H=Fbm9(DExhYPwj_M>V@kbIm>0axW=t7VvGTm5vRzseh2ISDo0a=5n4F{k zJ83fe9hQ%zKa}yg<_HPe9TkJ6^s=%eHuL1R+Uy79 z4-H@`oU@pM#!h4U^Ru}Vm%X$YOh6drFA)n83Mx50dVeJO5nt4;Ijgs@Ge?Dwb0K|t zO5utgm^ui}@RmjE%R0xyIPZtGLkM0qf-4ha^4@GS%jDO#XbKM5=1+X(6=4O#E*SFe zwXp2={UE)pZ9TVKRQNXG_bm8=wN4C_U0t>zqevKcfy?Wh`?IP%P*0EMMApzeqe^v^ z+{9$XQ@X#&BCtY(OPz21QnP83`K&K?afU0&C3kx+zVv|>*Zqx?1Grj*?0fzD`9!<# zbe{bz*VI`E-ze64hjh!xPr^muP^tFTWFF67MuE7c$2T5T_Baf}@Mi!)g{K;Lq_{qk z21nl*kq?Wfr(L@s7kAVY1#{9;FTCbHaoa&2R?*=I7sm|Kxy3nM0CS-$pEGFf^NeM- z+-wt1RWYlTDZnm9&@S{glxavjCH=iJ4mwu6(#Ir#XaOmTZ|5tXV=P;9$yr94#=bgy zn)q+lG(DcFK1ZA4sL$0+M|nH~e4;zrsF&6=*d`k-gqMY4LT*til=&kEjxUb%=oOZMkVCIc>k;dyoHW=&eYFWH$8_Zt95g2UKkGTn|8k)IuTg8W+u- zxZU{0NWe&RS0+8-CGSeF9B2(~6A{R{5NW4p4qpFy6)&1<*^r|GJB?>hvcOK>Errs3e1-FEkV_CdP6E@GQI|gIe*-VjNZt=<+ za5fTer|_Yq_s1S3?a}rJZyK&OSV?~ppo+k;_88(l4sbsTCLecL+j4lx&nA=Q%N^RR zb7zUPGYWce=TuKa}<+M{?aCNIik@}n%l=BERysADBAWZ(rfdfs1O^yhn9 zY)&cy+bP+n`KT}F4J{jDD$1|{G!)r-&yA|Ss=FT zj|=_&^F>#Vio){{YCY7RncnD!w5Wbv^=%;*xUSjiD9(X$YJRq^iA9_PhAbD4_xyU| zI30Om6yyjv`f_7LGyGhcOQ)O{#!H~rCcI5@U7??)>x&-9#n&2mWgF3cM8FVSfOaL` z=x7!{oWyR}b7glFAksU3o*seysX1VY;ZU|UFEeh@PxMoQ0n?>Zyk>agYf8XHag8sfhsBGKlYLE92Ou7W+7MY`6(41G=l#kS z8)QHJ7&_Xb6UE1(x2Jm#>XmcPGM&g27ZE_JXpN^8lEAVHr}xt;)LvgJcPvmGt!RrX z#7e6_#IdwQq9{~6rLj*c-o3x|tS)Q!i_nb^r*mb)T?tr&YHFc)@A@hwX_!VACewF> z@-0`(3prU$l(M6Dx{&^?pu-{e3>4F3c$v8|OK53D#!ye2zJf=ViZ9-Yk?Ze@Sg~2H zP6!D&O7F^RaHp-PPGWzR-sEf}Pg$ndL--?}g&~Uc=u2f@PlAyAlqeuC-bQ2T0$T^{ zN;n7oayq_`FH|)s`*qSUqO}yqV9e$)hkP&)`EVE7D4BAWUbe2dzr?LwJAhjfIQf#nX6+QKGb^$=s8klnTEMSYH@5ce zMKA}uN4VXkugFtvcg z$k_1q!>G~dNTJ`j{7f58r+4z`V$P4JAgI`Um^D0#v$_SaVNx=<#Gxq^cE@sM@WBk zMhiN@BXMjjDE66M+dP|Aw-WJaFUC|G#d`o)UDU5j6xi~Ov$ZPatvIwJ!}rK!7=}kctxH? zlr5wNSD$fi-ck24ve##crMXphWQb^E8`xXFfJc*CS`_T87`I4Wp0LU7{-UMH>^GO~~=RQyJ<#0Ztj>8YsHQ;(jytGGk(`Q(1<8L3wnhLEJ z>K2r=-%ba8Q+d?J|kT;Sb8Z%^aKVTqp4#;^B3Bql3fV)Jf> zT!^lnRBY$%Q(0jvxl?b8%eMRDN?tOCQ{KOa8KRQD8ie!DL!8M-C* zUs95Wq%Cow*eHKw{EBh-=vYs9^5d-TCko^xNN)y0ljXRQyXs(6dE%SdB{Jmxk`J%C zV|@4MmbG@y)gGqARaM=^K)CUt95ZgZ&Com_3MD%E2X?uhov*p_@ZffvmyYl$)E;lS zyF;vs>E}CMT`9wycxSsJp*w1}QMpMJZBGZ!D#A1B-6#p%yVs;$DTzVR$y6?}BdNjRF4Bw|!E_UItHxv+)dVr#)e5fL-<5u(!mlE8RbRsC=KJ0l9R%SRHhG%{4U--{aui4*k5vAvZrapOrAgA>6B2L%izC22f;MAPiT;> zkQpej?@vpYMys{cH)_A}$#+_FWMJ#z*$aUdd;(!qTRz{hs@N?y9hbI(zHhuK2;rAq z)PG_T^ErylUi!RV&-jE1zJZwy^x&XT=$%IOS9!L2Z(@62ta9+$oC*R84rJ2nnLZmC z!O>@>uyV}1!5njv3cb&*f#T*#A5XA(n~KQ7f%l|Hn*I0>o4fa@^XhbkP9@QW179-- z!Pj4f_S)xQu!{0TBU!5Z`2laMouv@gCSE@7BSZZc5nFe#^~TqksjQC zMuZ3z`di(%!%eX!qw^36CdwMg?|-^+(s*r5WrdXD8Oz_&O%QG2$VXj3}V~lDl4mJJWHLH3oK!-;fw^U|n{fRO`#UB;cXGChd47OLKMz{(($+CT0_%7KPAi*yOgY@az-OLIQ|r%8^7?d|2|L~j=IE4Kj?(*ds1C<-Bb z^k<1$qE>~0Dp@KuwCC$1=iK>q*(qZt$4|d)Vg5&!6Uwi$-wG1N$g!F7Jx_XB+Ywe{-`A>Pu$5TgB3-e9ur4gKi0AeNo%qt4jzDVQuFSekP z(LbEtf6cdKKAxm8ze4efY(ei3MLAbc|41Tp0>;?+HjgDBnNV_mxc8QRwH^6%Tm!ot zX2%4`408aEWqh^oK7rWO>u0BjYGx*M9q1gp>>O~Xu-R`u-8A6_!_zreifa)V{oory3WV!eDY;w_W_t-4V&`8t4^k&O7H6id~AgB7>hp1JYsvo7M5# zhonl9v&Xii6Q9|B2brxu-vsJ?DvE9g3j~3MTqFs|d@Q};nqNS3KE)2#y*>Cc<5Q?AsMDD zVn2jY-dw4brwd(1RMrw^IMmJs^u^pY*v|;R8CnfS44T7n*VQz^MgqD`tS_gs98wl! zNH5zswpM*wz`r&BDx-t~o2WCEVxwDEC4ZH)+%?oNo=Kbx~m!4^atpW)!swA_hb z$DSabgaL-IyB@WUKi_cCpYP6(2wB_+H8*Ai(PbDx5qXbTw7=w;1Y?}M_vT+I{`e5j zknl`H&gNG>Vupxs*t@yr7eEtP{_(n^T0fzIb6QkBpgh&kI$#YNea=d2Iq>P#hW*MK zQ;AlAiDrAbognq&Agibv@=HTFp&Dq3SvJ^M)JS1>#?vqH>?|F|_d-jp z+Wc%IHV0{iT_u$k#rNn?AckTcQ2EuSwzW@Hk^S71awzTA11&{OSKBdQ zU7Im}^*qpL*3V7R@bf1RTV+tyfM2{3?s0dC4VN5*QWIY}HmF~57X);LHn;GcTnu5~ zV>LYk;mXHkQWH9{=r#qlYc%WNb>@;Ec~4B zk43t+K1Z+C=EmY5HP;C#H-2ktvQj}ov^3YJGfspeTDJYeIoh1;`-?dJe5?HI`mNG- zZ}<1?a)L~0{jxQ)DnXdI$ixcc1n5?PY+@?Rjum$pn}#0OmHw`_b8N=C}Q zrvd1W@Twge+>tJ*$;dzgGkd&eyF)VkO3Ch^6}dK4Kih48frx~4h4ZLjGvgUgpY!K} zHRTFY37=+0E^f+7r7IB2n{Vg4i5!y*&2QBG+LmU&TK{07P1VP7&KM)3^Sj}7E8ivm z!>gz@xX?f&ruL{%@uvn=Y9&Rsq<*LDZo`~HMJ2G@ zJFmbOf|J|CjWtuEsfCt@_npDV1eCE=zPBn4(@IrV+vpx3s&0;VPA{M23zAX7u_+1` zFQ?0Hb1ckjQ{WnxCgnnl8x@;DlU|DR(oj2k z7$EHEbNCQy?0*7~yOnPR>)ZwAt_C3QOz3SJzco(OSR$Stj?qbTleLOciMms7S`5be zn{r~P6GWd)RuTm^i^D?@e2UsuVTBH>4>{hb*deZ=P`e2r;I4^W7$Up$47BDJ>6=wX zQeH`cHlUg%n&{-X?jCn)OWIMlIg+JzOHD`5`XB~Yr8fTR@4YT4gWiY-kD)9)+2rW& zoOK+w6Ls8eAlxt0YNRcAk@_*(NP@vTZ;M$JjX@}=*z|_~l8ZL@p*!xGI=HMuA`X9p-^Qt z2mQZmzwtW@qRT^=tg7xh-0~@_4yr~!ky-eS;tpFLVhI{EM>Y5%NSWfRL>cY*lJL%)PSX96fT6LDA+UcnJGBFVlNWQ#~ zkovn?L#K9T?81(@K;z<77@1X|{8%*{n^%rzD<^s#-%Ru2?{-vy09 z`DVF$wl%Y9ik2w7fO73uDDmQB{>R^bja@qrK`jiuf-~P))i>Gomew%po=rO$+Fo?^k{Z1lul?rq|gM`RBx0~<#=HllnX=M%QP zaNsB}$c}UvMt8b(RfDT^;g4)FM7AsY^{p0(&Cjg9$aqnyNe@BaBmAG`YHWfyxd7be zO@2$R-|84Fy7Iw3BgCnCJmw8PC+44DB~nUB6>F6R82Fu@XR|KHCnuKIQ@!KbOyyIR zey=m5d3f-@%f?ECrpv+_HUVNfoD;48qj_o27qqYuu*j2$@!u{sKdz?RQk*y+`6vhu z(0!8Umd2MuU|Z>TS1hP8WCDjgr$x;)7VCgpWPPGrmtCg_xKhGb*B?xqE{~ed| z`yS6q??Na)TN>IrOP&8QugafYUrbv= zV)d%#-S;DzQFG*qD5||;hK5XX+J#zt?2OuS=Yb{s6eJOW<5bC5sn4+%ELQWf-KolN z=3-$h0Vv1SIkCxeOP?xn>0cGTi2sztlgMhLs6$*X>+t&y6+6Q6$;so6uxp_}O|x}U z(Uvy?$HW~VekV0h$Ya!;{YI;JC?YKdMmu+$ zIrTW&KswW4o%Jl=+aw>zxj9(zMda&$rJ75>GJe+{wwXJx{~>DfnTG>P*JqiyJmQmM zl7d=_>_ys9GubdJ)gBkT(4HhyMns=-5#x;1f1vE+*8m4e0VKz_`GECjM>NoNIgZlu z&-4{W5=<{fQ17lOR&%>9eIF15Y=?}fu;*(>1M#%a)##FL@@`y`DetUyIXE`=X|+)% zPtJBGBll^9Up=^{1a=Qfhon55aCC$xdyyoS*mvH-*>bNefZ8714>s`?RN}G{$6lUtj%aIH9zl4;NdH z(w66%fq;z3fCN$Ea~_3&5AEi=OBf*LHn?yW6DJ4p&Ips+J176wTs=X;p%TyKTD?#D zgx(KYgG_Zll|y`)sP!|Mr%$!I7(#8yK{l9*>f9J(Nlr}p=Mka3jUqRKsFFfj05&7r? zaz;r2RQ$I*jdn>HOnt8}ix-Ly5@ga%T$z$r=koL(JjMLaoY^CQ)C&|}6pm!N`NeJF zrc?L>;hXA!ZAQ8`sVh|*DZVRQPek+Iwmm}sBFXG`U;glV|C%eZQv4m-0oH3JXK32oAsfmY+t0xB2PAf* zB!<4KfQq|7r;1l+-=!jlINwvh`_%ov2FM6XD%SyWl`67zs!Zd^G&%txDV|jO$OD>( zBi6_0z27jcgF!qY*_bM6Nh~xL$5){K^Ih@{6aTfgl{c(FKUMM%z**q z0ip`Hc&?9RWuX(ZUj9*&SqklmAejI(9AI>#>(lLGg*e&-zPG<{EdjHRG>ef;w%;EC z4QCXY0Cv^l_0UX>CEA|JuGK}1#C@f>%;IkZ|KSV~rP9^jD9_@vyPFFFNP3Hfs3uPHN2^4;VnNBIY-86 z2$`3+_ck!t1cCPk0b`|q`J()LH)#()fMsT5b()-+I$}dfI4F$^p0f1m%p2BNV09q) zU9>~+cYb}zGwq8W%ae}*hvyza+9UkzVg(&mzS}r|;kh=;P|iM6 zTi7JQGesHTCgcDYF$&yabK4ZdMCMod`m4c>u6v&bsrEF>^xD54(;xf72m^EGnIt;*@oef>Cf7@OfgUOpCzwk#~y$nZ?N1pupYW&!S4qxqT3NR>0f-5Y4WSjQBLLNe&S9;-Jspv z+`PsY4Y!@G4T~lhqP?K4TklU)YNna4_qqFEJ#oFzBfiRp0S0FS|AMkOHC_1s-O5s0 zTx%#&ZwJ6Y6amt&$@~}bxPnstBXM+a+nbw%HrZvxL_kueKPUvnS5q$X!}+88u3 zk~|v85UFR}gB|CLdb+!h&VGGc3Gscol5l!H0qy+o$lzC2o;Z1eR^?QL}0 z1d0qk__CyAA=ng(JeI==rU!G4bWU*E7$>7?1l=XWQY|*MfSfWi4y?{PpPM~_rxJv7 zz=}k}=De-M$9X>nOoCZvJBBx~qomEv&C%Nq;!iF5KIljKV?O2np8i}pg*sdiQv`xN zy;yColp53M%E`*r2iz@#NKzvNW!(J`Z%(T+6nCl7=jG5Ulb&vHa7Wl%Fw}IVJ8WE_ zH&W;mmxSlJ@&*`+Cr5}W071Gr-^(l4|27`apxRv-xQV&hX@peguAe7|#YJpP_)H;I zGEyw4aXC{?hiK!Q)fjDOON1x>1$*;*Dz8JtC`z$68!`NTETYT}ZouwfB_`%w@!y-d z5)E!qqpXP{thy@KAX^gA8YTREuF*;Mb?+0#S32f$q3E5N!Y+SgByJA_%LD=CvC=SC z>ESfaI&m*DA+(GXnq36F3RwwxWx1x$Yc(o)o+<$&tg7|_NME(fO46tc80J6{8w)xk zCQ&W2e<9+NFf=h~cZ};U$dc6d@A?YHS_{6Lor<=kS9a+!tA{#YZ4zt6Y^OP;-SI?; zV5eL@?pmV)(q)wtTo2$pf9~+Q9OW**04a5#sQ#2-0h({#x)wmQBBe7qkLScK)tMOgvc_R3wX zl+JC3&hpjPXb!ZpD)dTnFvVY>oT5CU(N*UTzC2!O3~k)V^1W|_xE-Fh$5s*BvgiYz z{5Pc)t+ehc%J=BeJ))d)J6v7%UGALn5L}2QusTqvf;g8m{fryDZ(O+&>?I_Z^xMz; zs?d;;7e2n5Z$evupo&Tz1{qzVSAqBp&$491U1bOii9$~4JPa1^OP z;Wc=S5wPpZ@R(P=1a&6oU8acUr2W*=R=7xkb~>^GnfRtDOXQ3xhX&b(WxHe?NG2CK zwb05=%yoiQV1tig{63BS9yJmagmibcnPtM-F)f8882O|upi3mcLDEBB!kyX+Ov5jT zqsXc?foEY3TJ2*NjwEHg#w`nlF3oq?xRvQtS)FVQ<&x7)qTw)ha&jscL89e#50~0G zr5C^;V*zkf!0q);MKu*AmT2TslMaR`${}t$vT6BKPQR45a1SZg3X0Ak`@QAY?RWnC zFEd4%`hw3K_Y8nli4kopXLu4Fs&jJ#-Av7ONE2HQyj-iB2&g6%u_y1&Zlwj;WC z;szT>>@^e`aT-aKf8**N^bW5Sb2|8B<^}oUE@^+zW#4;tdVZe7Ddf)mH>v#3QPbW9 zL~EyDv`*0*q*jK@d^}^B6=uS3H_ICq3`askvm+v1K<^%dq6G$Eah1-)GMA71K3aS% z#JdjUWC|LREapX8Md}wJv}A;X#r#*oewxt1%7I%}`7zodO~<>YI(igB2TRX^bm4X| z3*)!ugqo~VjU2{O%b=sPLt;H@(#vXB^)(M4I$`) z<0R+XxJzd5O1}tBsf)^eANgcA&=JF*8>8bkJM_~L63>ze@Ll;6nc_XAR;10d_#aJ%T-tAwAaE13PlM=#u_)!wE&&!_tSecW=h;sHT zG)<85QaTdR-xD+i-h6WrnCPo#3BlrIHcIcH?t*aPK-3^Sm|C?lZ~aU;E!@lPM~ox@ z&ld1qr{@x~t?~4-s8P&YjAnbBPd5Y?s35sT;PA=Vn?3{I3HKz)Byu|FbeCx$!kkqV zzmjpZu@{eIdBpnvhnVyz9=8o#bh8wXY#nH7myJMVaQ~nYXq~8{Di@;w1D(Ayv^_kK zlNwej9ZBO4qhw!L`x8Vuc zyYpxo&P7Vh$s^#c^;ROIH#tV#DgeP17K0c2I6V# zJmh|fkEss6IvA1ACBHfFk_Dmn91A!&pq;wIn`k!WOZikNap|H$4nbLtpt%Z8d}X6&lk`#ccZw zOLh^ihCeObFX(y+fnvZh&gZ&@EWdiTS?^bA%kwc1 z4b2z%SYbt^p>_WY`hotrK)($I!I7`yasPp?f8##v$2r1wVsfVb-#I#YoTC#x7K-Bk eog+^0EfrnS{QX6YRu%&A^FsEeOu4jC!2biZ+-T(h literal 0 HcmV?d00001 diff --git a/helm/arborist/templates/db-init.yaml b/helm/arborist/templates/db-init.yaml index 56e1ea41..5ef14e87 100644 --- a/helm/arborist/templates/db-init.yaml +++ b/helm/arborist/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- diff --git a/helm/audit/templates/db-init.yaml b/helm/audit/templates/db-init.yaml index 56e1ea41..5ef14e87 100644 --- a/helm/audit/templates/db-init.yaml +++ b/helm/audit/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index d1f49c1f..af90d9e8 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -170,7 +170,6 @@ Create k8s secrets for connecting to postgres */}} # DB Secrets {{- define "common.db-secret" -}} -{{- if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -185,5 +184,4 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} -{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/fence/templates/db-init.yaml b/helm/fence/templates/db-init.yaml index 56e1ea41..5ef14e87 100644 --- a/helm/fence/templates/db-init.yaml +++ b/helm/fence/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index e50568ee..29d0df2e 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -1,4 +1,3 @@ -{{ if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -9,5 +8,4 @@ stringData: {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} ---- -{{- end }} \ No newline at end of file +--- \ No newline at end of file diff --git a/helm/indexd/templates/db-init.yaml b/helm/indexd/templates/db-init.yaml index d25e1779..0393aa73 100644 --- a/helm/indexd/templates/db-init.yaml +++ b/helm/indexd/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_sa" . }} --- diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index a970e9a1..12ab5364 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -6,7 +6,6 @@ type: Opaque data: {{ (.Files.Glob "indexd-settings/*").AsSecrets | indent 2 }} --- -{{ if not .Values.global.externalSecrets.deploy }} apiVersion: v1 kind: Secret metadata: @@ -14,5 +13,4 @@ metadata: type: Opaque data: fence: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.fence "indexd-service-creds" "fence" 20 .Release.Namespace) }} - sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} -{{- end }} \ No newline at end of file + sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} \ No newline at end of file diff --git a/helm/peregrine/templates/db-init.yaml b/helm/peregrine/templates/db-init.yaml index 56e1ea41..5ef14e87 100644 --- a/helm/peregrine/templates/db-init.yaml +++ b/helm/peregrine/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- diff --git a/helm/requestor/templates/db-init.yaml b/helm/requestor/templates/db-init.yaml index 56e1ea41..5ef14e87 100644 --- a/helm/requestor/templates/db-init.yaml +++ b/helm/requestor/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index cd0c77fd..bb94c74b 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -69,10 +69,10 @@ A Helm chart for gen3 Sheepdog Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"helm-test"}` | Docker image information. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | -| image.tag | string | `"helm-test"` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | indexdUrl | string | `"http://indexd-service"` | URL for the indexd service | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"sheepdog"}` | Annotations to add to the pod | diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 420d8ebf..30291645 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -168,7 +168,7 @@ image: # -- (string) Docker pull policy. pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "helm-test" + tag: "" # Environment Variables # -- (string) URL of the data dictionary. diff --git a/helm/wts/templates/db-init.yaml b/helm/wts/templates/db-init.yaml index 1e55878d..d99ca1b2 100644 --- a/helm/wts/templates/db-init.yaml +++ b/helm/wts/templates/db-init.yaml @@ -1,6 +1,4 @@ -{{- if not .Values.global.externalSecrets.deploy }} {{ include "common.db-secret" . }} -{{- end }} --- {{ include "common.db_setup_job" . }} --- From da2e79b78ff866fec98f1e8e5a5a6e12877e56f3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 08:31:35 -0700 Subject: [PATCH 115/279] removing empty values from gen3 values.yaml file --- .secrets.baseline | 4 +- helm/gen3/README.md | 71 +------------------- helm/gen3/values.yaml | 146 +----------------------------------------- 3 files changed, 4 insertions(+), 217 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a207dc07..02c4f488 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-02-27T19:51:16Z", + "generated_at": "2024-03-07T15:30:30Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 219, + "line_number": 164, "type": "Secret Keyword" } ], diff --git a/helm/gen3/README.md b/helm/gen3/README.md index da2afedb..36814cfc 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -48,41 +48,20 @@ Helm chart to deploy Gen3 Data Commons | Key | Type | Default | Description | |-----|------|---------|-------------| | ambassador.enabled | bool | `true` | Whether to deploy the ambassador subchart. | -| ambassador.image.repository | string | `nil` | The Docker image repository for the ambassador service. | -| ambassador.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | arborist.enabled | bool | `true` | Whether to deploy the arborist subchart. | -| arborist.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| arborist.image.repository | string | `nil` | The Docker image repository for the arborist service. | -| arborist.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | argo-wrapper.enabled | bool | `true` | Whether to deploy the argo-wrapper subchart. | -| argo-wrapper.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| argo-wrapper.image.repository | string | `nil` | The Docker image repository for the argo-wrapper service. | -| argo-wrapper.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | audit.enabled | bool | `true` | Whether to deploy the audit subchart. | -| audit.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| audit.image.repository | string | `nil` | The Docker image repository for the audit service. | -| audit.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | | aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | -| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | | elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | | elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | -| elasticsearch.esConfig."elasticsearch.yml" | string | `"# Here we can add elasticsearch config\n"` | | | elasticsearch.maxUnavailable | int | `0` | | | elasticsearch.replicas | int | `1` | | | elasticsearch.singleNode | bool | `true` | | | etl.enabled | bool | `true` | Whether to deploy the etl subchart. | -| fence.FENCE_CONFIG | map | `nil` | Configuration settings for Fence app | -| fence.USER_YAML | string | `nil` | USER YAML. Passed in as a multiline string. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | -| fence.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| fence.image.repository | string | `nil` | The Docker image repository for the fence service. | -| fence.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| fence.usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | | fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | -| fence.usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | | fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | | fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | @@ -90,12 +69,6 @@ Helm chart to deploy Gen3 Data Commons | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | -| gitops.createdby | string | `nil` | - createdby.png - base64 | -| gitops.css | string | `nil` | - multiline string - gitops.css | -| gitops.favicon | string | `nil` | - favicon in base64 | -| gitops.json | string | `nil` | multiline string - gitops.json | -| gitops.logo | string | `nil` | - logo in base64 | -| gitops.sponsors | string | `nil` | | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -123,9 +96,6 @@ Helm chart to deploy Gen3 Data Commons | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | -| guppy.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| guppy.image.repository | string | `nil` | The Docker image repository for the guppy service. | -| guppy.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | hatchery.enabled | bool | `true` | Whether to deploy the hatchery subchart. | | hatchery.hatchery.containers[0].args[0] | string | `"--NotebookApp.base_url=/lw-workspace/proxy/"` | | | hatchery.hatchery.containers[0].args[1] | string | `"--NotebookApp.default_url=/lab"` | | @@ -150,7 +120,6 @@ Helm chart to deploy Gen3 Data Commons | hatchery.hatchery.containers[0].use-tls | string | `"false"` | | | hatchery.hatchery.containers[0].user-uid | int | `1000` | | | hatchery.hatchery.containers[0].user-volume-location | string | `"/home/jovyan/pd"` | | -| hatchery.hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | | hatchery.hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | | hatchery.hatchery.sidecarContainer.env | map | `{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"}` | Environment variables to pass to the sidecar container | @@ -162,60 +131,22 @@ Helm chart to deploy Gen3 Data Commons | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[4] | string | `"/bin/sh"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[5] | string | `"root"` | | | hatchery.hatchery.sidecarContainer.memory-limit | string | `"256Mi"` | The maximum amount of memory the sidecar container can use | -| hatchery.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| hatchery.image.repository | string | `nil` | The Docker image repository for the hatchery service. | -| hatchery.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | indexd.defaultPrefix | string | `"PREFIX/"` | the default prefix for indexd records | | indexd.enabled | bool | `true` | Whether to deploy the indexd subchart. | -| indexd.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| indexd.image.repository | string | `nil` | The Docker image repository for the indexd service. | -| indexd.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | manifestservice.enabled | bool | `true` | Whether to deploy the manifest service subchart. | -| manifestservice.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| manifestservice.image.repository | string | `nil` | The Docker image repository for the manifest service service. | -| manifestservice.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | metadata.enabled | bool | `true` | Whether to deploy the metadata subchart. | -| metadata.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| metadata.image.repository | string | `nil` | The Docker image repository for the metadata service. | -| metadata.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | -| peregrine.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| peregrine.image.repository | string | `nil` | The Docker image repository for the peregrine service. | -| peregrine.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | -| pidgin.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| pidgin.image.repository | string | `nil` | The Docker image repository for the pidgin service. | -| pidgin.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | portal.enabled | bool | `true` | Whether to deploy the portal subchart. | -| portal.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| portal.image.repository | string | `nil` | The Docker image repository for the portal service. | -| portal.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | | requestor.enabled | bool | `false` | Whether to deploy the requestor subchart. | -| requestor.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| requestor.image.repository | string | `nil` | The Docker image repository for the requestor service. | -| requestor.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | revproxy.enabled | bool | `true` | Whether to deploy the revproxy subchart. | -| revproxy.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| revproxy.image.repository | string | `nil` | The Docker image repository for the revproxy service. | -| revproxy.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| revproxy.ingress.annotations | map | `{}` | Annotations to add to the ingress. | -| revproxy.ingress.className | string | `""` | The ingress class name. | | revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | | revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | | revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | | sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | -| sheepdog.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| sheepdog.image.repository | string | `nil` | The Docker image repository for the sheepdog service. | -| sheepdog.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | -| ssjdispatcher.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| ssjdispatcher.image.repository | string | `nil` | The Docker image repository for the ssjdispatcher service. | -| ssjdispatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | -| wts.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| wts.image.repository | string | `nil` | The Docker image repository for the wts service. | -| wts.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 0037d3ea..79eeb0a6 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -66,41 +66,18 @@ global: ambassador: # -- (bool) Whether to deploy the ambassador subchart. enabled: true - image: - # -- (string) The Docker image repository for the ambassador service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: arborist: # -- (bool) Whether to deploy the arborist subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the arborist service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: argo-wrapper: # -- (bool) Whether to deploy the argo-wrapper subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the argo-wrapper service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: audit: # -- (bool) Whether to deploy the audit subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the audit service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: aws-es-proxy: @@ -108,12 +85,6 @@ aws-es-proxy: enabled: false # -- (str) Elasticsearch endpoint in AWS esEndpoint: test.us-east-1.es.amazonaws.com - # -- (map) Secret information - secrets: - # -- (str) AWS access key ID for aws-es-proxy - awsAccessKeyId: "" - # -- (str) AWS secret access key for aws-es-proxy - awsSecretAccessKey: "" etl: # -- (bool) Whether to deploy the etl subchart. @@ -122,24 +93,12 @@ etl: fence: # -- (bool) Whether to deploy the fence subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the fence service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: - # -- (map) Configuration settings for Fence app - FENCE_CONFIG: - # -- (string) USER YAML. Passed in as a multiline string. - USER_YAML: # -- (map) Configuration options for usersync cronjob. usersync: # -- (bool) Whether to run Fence usersync or not. usersync: false # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. schedule: "*/30 * * * *" - # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. - custom_image: # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml @@ -156,22 +115,10 @@ fence: guppy: # -- (bool) Whether to deploy the guppy subchart. enabled: false - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the guppy service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: hatchery: # -- (bool) Whether to deploy the hatchery subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the hatchery service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: hatchery: sidecarContainer: @@ -185,8 +132,6 @@ hatchery: env: NAMESPACE: "{{ .Release.Namespace }}" HOSTNAME: "{{ .Values.global.hostname }}" - # -- (list) Arguments to pass to the sidecare container. - args: [] # -- (list) Commands to run for the sidecar container. command: - "/bin/bash" @@ -239,12 +184,6 @@ hatchery: indexd: # -- (bool) Whether to deploy the indexd subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the indexd service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: # -- (string) the default prefix for indexd records defaultPrefix: "PREFIX/" @@ -252,96 +191,35 @@ indexd: manifestservice: # -- (bool) Whether to deploy the manifest service subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the manifest service service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: metadata: # -- (bool) Whether to deploy the metadata subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the metadata service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: peregrine: # -- (bool) Whether to deploy the peregrine subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the peregrine service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: pidgin: # -- (bool) Whether to deploy the pidgin subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the pidgin service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: portal: # -- (bool) Whether to deploy the portal subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the portal service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: - # -- (map) GitOps configuration for portal -gitops: - # -- (string) multiline string - gitops.json - json: - # -- (string) - favicon in base64 - favicon: - # -- (string) - multiline string - gitops.css - css: - # -- (string) - logo in base64 - logo: - # -- (string) - createdby.png - base64 - createdby: - sponsors: requestor: # -- (bool) Whether to deploy the requestor subchart. enabled: false - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the requestor service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: revproxy: # -- (bool) Whether to deploy the revproxy subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the revproxy service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: ingress: # -- (bool) Whether to create the custom revproxy ingress enabled: false - # -- (string) The ingress class name. - className: "" - # -- (map) Annotations to add to the ingress. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" # -- (list) Where to route the traffic. hosts: - host: chart-example.local @@ -351,33 +229,14 @@ revproxy: sheepdog: # -- (bool) Whether to deploy the sheepdog subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the sheepdog service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: ssjdispatcher: # -- (bool) Whether to deploy the ssjdispatcher subchart. enabled: false - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the ssjdispatcher service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: - wts: # -- (bool) Whether to deploy the wts subchart. enabled: true - # -- (map) Docker image information. - image: - # -- (string) The Docker image repository for the wts service. - repository: - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: # Disable persistence by default so we can spin up and down ephemeral environments postgresql: @@ -391,7 +250,4 @@ elasticsearch: maxUnavailable: 0 singleNode: true replicas: 1 - clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" - esConfig: - elasticsearch.yml: | - # Here we can add elasticsearch config + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" \ No newline at end of file From 9bbdc9b0d33c29912c64092aaf3dda6eb719ab13 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 08:46:05 -0700 Subject: [PATCH 116/279] adding back empty values --- .secrets.baseline | 4 ++-- helm/gen3/README.md | 5 +++++ helm/gen3/values.yaml | 12 ++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 02c4f488..080394ac 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-07T15:30:30Z", + "generated_at": "2024-03-07T15:45:14Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 164, + "line_number": 172, "type": "Secret Keyword" } ], diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 36814cfc..2072cf58 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -53,6 +53,9 @@ Helm chart to deploy Gen3 Data Commons | audit.enabled | bool | `true` | Whether to deploy the audit subchart. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | | aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | +| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | +| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | | elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | | elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | | elasticsearch.maxUnavailable | int | `0` | | @@ -120,6 +123,7 @@ Helm chart to deploy Gen3 Data Commons | hatchery.hatchery.containers[0].use-tls | string | `"false"` | | | hatchery.hatchery.containers[0].user-uid | int | `1000` | | | hatchery.hatchery.containers[0].user-volume-location | string | `"/home/jovyan/pd"` | | +| hatchery.hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | | hatchery.hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | | hatchery.hatchery.sidecarContainer.env | map | `{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"}` | Environment variables to pass to the sidecar container | @@ -141,6 +145,7 @@ Helm chart to deploy Gen3 Data Commons | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | | requestor.enabled | bool | `false` | Whether to deploy the requestor subchart. | | revproxy.enabled | bool | `true` | Whether to deploy the revproxy subchart. | +| revproxy.ingress.annotations | map | `{}` | Annotations to add to the ingress. | | revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | | revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | | revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 79eeb0a6..a8aaaf7c 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -85,6 +85,12 @@ aws-es-proxy: enabled: false # -- (str) Elasticsearch endpoint in AWS esEndpoint: test.us-east-1.es.amazonaws.com + # -- (map) Secret information + secrets: + # -- (str) AWS access key ID for aws-es-proxy + awsAccessKeyId: "" + # -- (str) AWS secret access key for aws-es-proxy + awsSecretAccessKey: "" etl: # -- (bool) Whether to deploy the etl subchart. @@ -132,6 +138,8 @@ hatchery: env: NAMESPACE: "{{ .Release.Namespace }}" HOSTNAME: "{{ .Values.global.hostname }}" + # -- (list) Arguments to pass to the sidecare container. + args: [] # -- (list) Commands to run for the sidecar container. command: - "/bin/bash" @@ -220,6 +228,10 @@ revproxy: ingress: # -- (bool) Whether to create the custom revproxy ingress enabled: false + # -- (map) Annotations to add to the ingress. + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" # -- (list) Where to route the traffic. hosts: - host: chart-example.local From 9a065796660ea97680591f8f0c883421f2900b22 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 13:09:33 -0700 Subject: [PATCH 117/279] adding logic to allow users to run external secrets and the dbcreate job for testing purposes --- .secrets.baseline | 4 ++-- docs/external_secrets.md | 2 ++ helm/common/templates/_db_setup_job.tpl | 2 ++ helm/gen3/README.md | 3 ++- helm/gen3/values.yaml | 2 ++ 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 080394ac..f73a9b75 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-07T15:45:14Z", + "generated_at": "2024-03-07T20:08:55Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 172, + "line_number": 174, "type": "Secret Keyword" } ], diff --git a/docs/external_secrets.md b/docs/external_secrets.md index a93353c1..ac507fb9 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -89,6 +89,8 @@ For users requiring a more selective application of external secrets — targeti External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a `SecretSyncedError`, signaling the absence of the targeted resource within the Secrets Manager. This error is acceptable and helpful for users who want to enable the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. +However, if you wish to utilize External Secrets for managing non-database secrets while still automating the creation of your database secrets, you can configure this behavior explicitly. Set `.Values.global.externalSecrets.dbCreate` to true alongside `.Values.global.postgres.dbCreate` or `.Values.postgres.dbCreate` to initiate the database creation job. This configuration will result in the creation of the necessary databases with their credentials stored securely within Kubernetes Secrets. Subsequently, you also choose to create Secrets in Secrets manager with the values that were generated from teh dbCreate job if you wish to store these credentials long term. + #### Independent Subchart Deployment In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the `.Values.global.externalSecrets.deploy` directive within the `values.yaml` file for each specific service. diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index af90d9e8..e63bea0f 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -169,6 +169,7 @@ spec: Create k8s secrets for connecting to postgres */}} # DB Secrets +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.global.externalSecrets.dbCreate) }} {{- define "common.db-secret" -}} apiVersion: v1 kind: Secret @@ -184,4 +185,5 @@ data: {{- else }} host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 2072cf58..50b8b7cd 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -84,7 +84,8 @@ Helm chart to deploy Gen3 Data Commons | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | -| global.externalSecrets | map | `{"deploy":false}` | External Secrets settings. | +| global.externalSecrets | map | `{"dbCreate":false,"deploy":false}` | External Secrets settings. | +| global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index a8aaaf7c..e8878115 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -60,6 +60,8 @@ global: externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. deploy: false + # -- (bool) Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. + dbCreate: false # Dependancy Charts From 28ad27fc66ed6bbbb587d8c708dbdacc90b88c81 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 13:35:43 -0700 Subject: [PATCH 118/279] fixing the location of the define command for db secrets --- helm/common/templates/_db_setup_job.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl index e63bea0f..9ea67dbe 100644 --- a/helm/common/templates/_db_setup_job.tpl +++ b/helm/common/templates/_db_setup_job.tpl @@ -169,8 +169,8 @@ spec: Create k8s secrets for connecting to postgres */}} # DB Secrets -{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.global.externalSecrets.dbCreate) }} {{- define "common.db-secret" -}} +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.global.externalSecrets.dbCreate) }} apiVersion: v1 kind: Secret metadata: From 2fdb1ec1841ace324a3a4f5ce01221afd638d3e2 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 13:51:12 -0700 Subject: [PATCH 119/279] fixing the new line at the end of the values.yaml file --- helm/gen3/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index e8878115..b29b75f1 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -264,4 +264,4 @@ elasticsearch: maxUnavailable: 0 singleNode: true replicas: 1 - clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" \ No newline at end of file + clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" From 05d8700f133c115587ae804f4dac62bedfe8251d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 14:21:34 -0700 Subject: [PATCH 120/279] changing userysnc to use a role and rolebinding instead of a cluster role and cluster rolebinding --- helm/fence/templates/usersync-sa.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/fence/templates/usersync-sa.yaml b/helm/fence/templates/usersync-sa.yaml index 379271ce..f86ff821 100644 --- a/helm/fence/templates/usersync-sa.yaml +++ b/helm/fence/templates/usersync-sa.yaml @@ -5,7 +5,7 @@ metadata: name: usersync-job --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: name: usersync-job-role rules: @@ -14,12 +14,12 @@ rules: verbs: ["get", "list", "watch", "create", "update", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: usersync-job-role-binding roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: usersync-job-role subjects: - kind: ServiceAccount From 116098745d0e551872f33446e935c404a9639c10 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 7 Mar 2024 16:11:34 -0700 Subject: [PATCH 121/279] changing the default aws ingres security policy --- helm/revproxy/templates/ingress_aws.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/revproxy/templates/ingress_aws.yaml b/helm/revproxy/templates/ingress_aws.yaml index 530e276b..cd0f1da7 100644 --- a/helm/revproxy/templates/ingress_aws.yaml +++ b/helm/revproxy/templates/ingress_aws.yaml @@ -10,7 +10,7 @@ metadata: alb.ingress.kubernetes.io/group.name: {{ .Values.global.environment }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' - alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 + alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04 spec: ingressClassName: alb rules: From 1e3d7e1324fa55bf00f986d5f20c8e7f0b4054e5 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 11 Mar 2024 12:39:28 -0600 Subject: [PATCH 122/279] adding ability to conditionally include native helm secret creation with External Secrets. Also, adding the metadata-g3auto secret to External Secrets. Updating documentation and fixing small syntax error. --- .secrets.baseline | 14 ++++----- docs/external_secrets.md | 20 +++++++++++- helm/audit/README.md | 3 +- helm/audit/templates/secrets.yaml | 4 ++- helm/audit/values.yaml | 2 ++ helm/fence/README.md | 3 +- helm/fence/templates/fence-config.yaml | 4 ++- helm/fence/templates/fence-secret.yaml | 2 ++ helm/fence/templates/jwt-keys.yaml | 2 ++ helm/fence/values.yaml | 2 ++ helm/indexd/README.md | 3 +- helm/indexd/templates/indexd-secret.yaml | 4 ++- helm/indexd/values.yaml | 2 ++ helm/manifestservice/README.md | 3 +- .../templates/manifestservice-creds.yaml | 2 ++ helm/manifestservice/values.yaml | 2 ++ helm/metadata/README.md | 4 ++- helm/metadata/templates/_helpers.tpl | 7 +++++ helm/metadata/templates/external-secret.yaml | 31 +++++++++++++++++++ helm/metadata/templates/secrets.yaml | 4 ++- helm/metadata/values.yaml | 4 +++ 21 files changed, 105 insertions(+), 17 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index f73a9b75..97cb04f0 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-07T20:08:55Z", + "generated_at": "2024-03-11T18:38:21Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -220,28 +220,28 @@ "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 100, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 124, + "line_number": 125, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 151, + "line_number": 152, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 197, + "line_number": 198, "type": "Secret Keyword" } ], @@ -305,7 +305,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1955, + "line_number": 1957, "type": "Secret Keyword" } ], @@ -414,7 +414,7 @@ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", "is_secret": false, "is_verified": false, - "line_number": 12, + "line_number": 13, "type": "Secret Keyword" } ], diff --git a/docs/external_secrets.md b/docs/external_secrets.md index ac507fb9..cf4dd5ca 100644 --- a/docs/external_secrets.md +++ b/docs/external_secrets.md @@ -89,7 +89,25 @@ For users requiring a more selective application of external secrets — targeti External secret resources will only attempt to replace Kubernetes secrets when a corresponding secret is successfully located within the Secrets Manager. In instances where a specific secret is not found, the External Secrets resource will indicate a `SecretSyncedError`, signaling the absence of the targeted resource within the Secrets Manager. This error is acceptable and helpful for users who want to enable the use of AWS Secrets Manager for some, but not all the secrets in a specific Helm chart. -However, if you wish to utilize External Secrets for managing non-database secrets while still automating the creation of your database secrets, you can configure this behavior explicitly. Set `.Values.global.externalSecrets.dbCreate` to true alongside `.Values.global.postgres.dbCreate` or `.Values.postgres.dbCreate` to initiate the database creation job. This configuration will result in the creation of the necessary databases with their credentials stored securely within Kubernetes Secrets. Subsequently, you also choose to create Secrets in Secrets manager with the values that were generated from teh dbCreate job if you wish to store these credentials long term. +However, if you wish to utilize External Secrets for managing non-database secrets while still automating the creation of your database secrets, you can configure this behavior explicitly. Set `.Values.global.externalSecrets.dbCreate` to true alongside `.Values.global.postgres.dbCreate` or `.Values.postgres.dbCreate` to initiate the database creation job. This configuration will result in the creation of the necessary databases with their credentials stored securely within Kubernetes Secrets. Subsequently, you also choose to create Secrets in Secrets manager with the values that were generated from the dbCreate job if you wish to store these credentials long term. + +By default, the following services will not create the Helm internal secrets when Secrets Manager is enabled: +- Audit +- Fence +- Indexd +- Manifestservice +- Metadata + +This is because CD tools like Argocd will have trouble syncing resources if the K8s secret was generated via Helm and External Secrets continues to override it. You can configure Helm to still create these secrets with External Secrets enabled by setting the appropriate variable to true. + +For example, to ensure the "audit-g3auto" secret is still created by Helm, you would need to set the following in your values.yaml file: +``` +audit: + # -- (map) External Secrets settings. + externalSecrets: + # -- (string) Will create the Helm "audit-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sAuditSecret: true +``` #### Independent Subchart Deployment In scenarios where subcharts are deployed independently, outside the scope of the umbrella chart, it is crucial to set the `.Values.global.externalSecrets.deploy` directive within the `values.yaml` file for each specific service. diff --git a/helm/audit/README.md b/helm/audit/README.md index 03ff4421..96172b65 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -36,8 +36,9 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"auditG3auto":null,"dbcreds":null}` | External Secrets settings. | +| externalSecrets | map | `{"auditG3auto":null,"createK8sAuditSecret":false,"dbcreds":null}` | External Secrets settings. | | externalSecrets.auditG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "audit-g3auto" | +| externalSecrets.createK8sAuditSecret | string | `false` | Will create the Helm "audit-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/audit/templates/secrets.yaml b/helm/audit/templates/secrets.yaml index 03a39c51..b1073381 100644 --- a/helm/audit/templates/secrets.yaml +++ b/helm/audit/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sAuditSecret) }} apiVersion: v1 kind: Secret metadata: @@ -49,4 +50,5 @@ stringData: # whether to return usernames in query responses, # and to allow querying by username - QUERY_USERNAMES: true \ No newline at end of file + QUERY_USERNAMES: true +{{- end }} \ No newline at end of file diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index fe38164c..0112fb8a 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -67,6 +67,8 @@ global: # -- (map) External Secrets settings. externalSecrets: + # -- (string) Will create the Helm "audit-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sAuditSecret: false # -- (string) Will override the name of the aws secrets manager secret. Default is "audit-g3auto" auditG3auto: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/fence/README.md b/helm/fence/README.md index d4a3ef33..7179e211 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -89,7 +89,8 @@ A Helm chart for gen3 Fence | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | +| externalSecrets | map | `{"createK8sFenceSecrets":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | +| externalSecrets.createK8sFenceSecrets | string | `false` | Will create the Helm "fence-config", "fence-google-app-creds-secret", "fence-google-storage-creds-secret", and "fence-jwt-keys" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | externalSecrets.fenceConfig | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-config" | | externalSecrets.fenceGoogleAppCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" | diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 29d0df2e..cd7943d9 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} apiVersion: v1 kind: Secret metadata: @@ -8,4 +9,5 @@ stringData: {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} ---- \ No newline at end of file +--- +{{- end }} diff --git a/helm/fence/templates/fence-secret.yaml b/helm/fence/templates/fence-secret.yaml index 6ac60bde..0c1e0832 100644 --- a/helm/fence/templates/fence-secret.yaml +++ b/helm/fence/templates/fence-secret.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} apiVersion: v1 kind: Secret metadata: @@ -21,3 +22,4 @@ metadata: type: Opaque data: {{ (.Files.Glob "fence-google-creds/*").AsSecrets | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/jwt-keys.yaml b/helm/fence/templates/jwt-keys.yaml index 893a4488..68d72895 100644 --- a/helm/fence/templates/jwt-keys.yaml +++ b/helm/fence/templates/jwt-keys.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} apiVersion: v1 kind: Secret metadata: @@ -5,3 +6,4 @@ metadata: type: Opaque data: jwt_private_key.pem: {{ include "getOrCreatePrivateKey" . }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 2e611279..973bb815 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -80,6 +80,8 @@ global: # -- (map) External Secrets settings. externalSecrets: + # -- (string) Will create the Helm "fence-config", "fence-google-app-creds-secret", "fence-google-storage-creds-secret", and "fence-jwt-keys" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sFenceSecrets: false # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" fenceJwtKeys: # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 4f07b6ab..55098555 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -27,7 +27,8 @@ A Helm chart for gen3 indexd | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"dbcreds":null,"serviceCreds":"indexd-service-creds"}` | External Secrets settings. | +| externalSecrets | map | `{"createK8sServiceCredsSecret":false,"dbcreds":null,"serviceCreds":"indexd-service-creds"}` | External Secrets settings. | +| externalSecrets.createK8sServiceCredsSecret | string | `false` | Will create the Helm "indexd-service-creds" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index 12ab5364..d9fb1864 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sServiceCredsSecret) }} apiVersion: v1 kind: Secret metadata: @@ -13,4 +14,5 @@ metadata: type: Opaque data: fence: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.fence "indexd-service-creds" "fence" 20 .Release.Namespace) }} - sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} \ No newline at end of file + sheepdog: {{ include "common.getOrGenSecret" (list .Values.secrets.userdb.sheepdog "indexd-service-creds" "sheepdog" 20 .Release.Namespace) }} +{{- end }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 6d2bd52f..8c64335d 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -70,6 +70,8 @@ global: # -- (map) External Secrets settings. externalSecrets: + # -- (string) Will create the Helm "indexd-service-creds" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sServiceCredsSecret: false # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" dbcreds: serviceCreds: "indexd-service-creds" diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 7f120f2d..a854343d 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -33,7 +33,8 @@ A Helm chart for Kubernetes | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"manifestserviceG3auto":null}` | External Secrets settings. | +| externalSecrets | map | `{"createK8sManifestServiceSecret":false,"manifestserviceG3auto":null}` | External Secrets settings. | +| externalSecrets.createK8sManifestServiceSecret | string | `false` | Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.manifestserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "manifestservice-g3auto" | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/manifestservice/templates/manifestservice-creds.yaml b/helm/manifestservice/templates/manifestservice-creds.yaml index 5194515c..c1aedb9a 100644 --- a/helm/manifestservice/templates/manifestservice-creds.yaml +++ b/helm/manifestservice/templates/manifestservice-creds.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sManifestServiceSecret) }} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ stringData: "aws_secret_access_key": "{{ .Values.manifestserviceG3auto.awssecretkey }}", "prefix": "{{ .Values.manifestserviceG3auto.prefix }}" } +{{- end }} \ No newline at end of file diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index f4c1a2bd..09cd04f3 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -30,6 +30,8 @@ global: # -- (map) External Secrets settings. externalSecrets: + # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sManifestServiceSecret: false # -- (string) Will override the name of the aws secrets manager secret. Default is "manifestservice-g3auto" manifestserviceG3auto: # -- (map) Secret information for External Secrets. diff --git a/helm/metadata/README.md b/helm/metadata/README.md index d823f844..d533375e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -46,8 +46,10 @@ A Helm chart for gen3 Metadata Service | elasticsearch.separate | bool | `false` | | | elasticsearch.singleNode | bool | `true` | | | esEndpoint | string | `"http://gen3-elasticsearch-master:9200"` | Elasticsearch endpoint. | -| externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | +| externalSecrets | map | `{"createK8sMetadataSecret":false,"dbcreds":null,"metadataG3auto":null}` | External Secrets settings. | +| externalSecrets.createK8sMetadataSecret | string | `false` | Will create the Helm "metadata-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | +| externalSecrets.metadataG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "metadata-g3auto" | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/metadata/templates/_helpers.tpl b/helm/metadata/templates/_helpers.tpl index f8424983..91c790fd 100644 --- a/helm/metadata/templates/_helpers.tpl +++ b/helm/metadata/templates/_helpers.tpl @@ -77,3 +77,10 @@ Create the name of the service account to use {{- default .Values.postgres.password }} {{- end }} {{- end }} + +{{/* + Metadata g3 Auto Secrets Manager Name +*/}} +{{- define "metadata-g3auto" -}} +{{- default "metadata-g3auto" .Values.externalSecrets.metadataG3auto }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/templates/external-secret.yaml b/helm/metadata/templates/external-secret.yaml index 70c278fe..c3bb3465 100644 --- a/helm/metadata/templates/external-secret.yaml +++ b/helm/metadata/templates/external-secret.yaml @@ -1 +1,32 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: metadata-g3auto +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "common.SecretStore" .}} + kind: SecretStore + target: + name: metadata-g3auto + creationPolicy: Owner + data: + - secretKey: base64Authz.txt + remoteRef: + #name of secret in secrets manager + key: {{include "metadata-g3auto" .}} + property: base64Authz.txt + - secretKey: dbcreds.json + remoteRef: + #name of secret in secrets manager + key: {{include "metadata-g3auto" .}} + property: dbcreds.json + - secretKey: metadata.env + remoteRef: + #name of secret in secrets manager + key: {{include "metadata-g3auto" .}} + property: metadata.env +{{- end }} +--- {{ include "common.externalSecret.db" . }} \ No newline at end of file diff --git a/helm/metadata/templates/secrets.yaml b/helm/metadata/templates/secrets.yaml index fcde0e48..d9e22e27 100644 --- a/helm/metadata/templates/secrets.yaml +++ b/helm/metadata/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sMetadataSecret) }} apiVersion: v1 kind: Secret metadata: @@ -18,4 +19,5 @@ stringData: DB_USER={{ .Values.postgres.user }} DB_PASSWORD={{ include "metadata.postgres.password" . }} DB_DATABASE={{ .Values.postgres.dbname }} - ADMIN_LOGINS={{ $randomPass }} \ No newline at end of file + ADMIN_LOGINS={{ $randomPass }} +{{- end }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 84b26e0a..d3953808 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -68,6 +68,10 @@ global: # -- (map) External Secrets settings. externalSecrets: + # -- (string) Will create the Helm "metadata-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sMetadataSecret: false + # -- (string) Will override the name of the aws secrets manager secret. Default is "metadata-g3auto" + metadataG3auto: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" dbcreds: # -- (map) Secret information to access the db restore job S3 bucket. From 9800500dd8a4dc3f9fb121763b699f437324e080 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 11 Mar 2024 13:44:49 -0600 Subject: [PATCH 123/279] Refining the configuration to enable External Secrets with precision and granularity. --- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/fence-config.yaml | 2 +- helm/fence/templates/fence-secret.yaml | 2 +- helm/fence/templates/jwt-keys.yaml | 2 +- helm/gen3/Chart.yaml | 6 +++--- helm/gen3/README.md | 6 +++--- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/indexd/templates/indexd-secret.yaml | 2 +- 10 files changed, 14 insertions(+), 14 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index ed6d1d7e..4336627d 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 7179e211..1fa81050 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index cd7943d9..e594d072 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -1,4 +1,4 @@ -{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceConfigSecret) }} apiVersion: v1 kind: Secret metadata: diff --git a/helm/fence/templates/fence-secret.yaml b/helm/fence/templates/fence-secret.yaml index 0c1e0832..7bd3675a 100644 --- a/helm/fence/templates/fence-secret.yaml +++ b/helm/fence/templates/fence-secret.yaml @@ -1,4 +1,3 @@ -{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} apiVersion: v1 kind: Secret metadata: @@ -6,6 +5,7 @@ metadata: type: Opaque data: {{ (.Files.Glob "fence-secret/*").AsSecrets | indent 2 }} +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sGoogleAppSecrets) }} --- apiVersion: v1 kind: Secret diff --git a/helm/fence/templates/jwt-keys.yaml b/helm/fence/templates/jwt-keys.yaml index 68d72895..06d10f28 100644 --- a/helm/fence/templates/jwt-keys.yaml +++ b/helm/fence/templates/jwt-keys.yaml @@ -1,4 +1,4 @@ -{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sFenceSecrets) }} +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sJwtKeysSecret) }} apiVersion: v1 kind: Secret metadata: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 864b445e..a6d27e51 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -32,7 +32,7 @@ dependencies: repository: file://../etl condition: etl.enabled - name: fence - version: 0.1.15 + version: 0.1.16 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -44,7 +44,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.12 + version: 0.1.13 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.22 +version: 0.1.23 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 50b8b7cd..89789e7d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.22](https://img.shields.io/badge/Version-0.1.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,10 +25,10 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.8 | | file://../common | common | 0.1.9 | | file://../etl | etl | 0.1.0 | -| file://../fence | fence | 0.1.15 | +| file://../fence | fence | 0.1.16 | | file://../guppy | guppy | 0.1.10 | | file://../hatchery | hatchery | 0.1.8 | -| file://../indexd | indexd | 0.1.12 | +| file://../indexd | indexd | 0.1.13 | | file://../manifestservice | manifestservice | 0.1.12 | | file://../metadata | metadata | 0.1.10 | | file://../peregrine | peregrine | 0.1.11 | diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 41608207..18a5f053 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 55098555..d27514cb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/indexd/templates/indexd-secret.yaml b/helm/indexd/templates/indexd-secret.yaml index d9fb1864..5b296ccf 100644 --- a/helm/indexd/templates/indexd-secret.yaml +++ b/helm/indexd/templates/indexd-secret.yaml @@ -1,4 +1,3 @@ -{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sServiceCredsSecret) }} apiVersion: v1 kind: Secret metadata: @@ -7,6 +6,7 @@ type: Opaque data: {{ (.Files.Glob "indexd-settings/*").AsSecrets | indent 2 }} --- +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sServiceCredsSecret) }} apiVersion: v1 kind: Secret metadata: From f4f2194cd3277b5eabeb4e92addf7c97db4bd9d7 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Mon, 11 Mar 2024 13:52:16 -0600 Subject: [PATCH 124/279] adding updates to values.yaml for fence --- helm/fence/values.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 973bb815..80a02953 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -80,8 +80,12 @@ global: # -- (map) External Secrets settings. externalSecrets: - # -- (string) Will create the Helm "fence-config", "fence-google-app-creds-secret", "fence-google-storage-creds-secret", and "fence-jwt-keys" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. - createK8sFenceSecrets: false + # -- (string) Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sFenceConfigSecret: false + # -- (string) Will create the Helm "fence-jwt-keys" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sJwtKeysSecret: false + # -- (string) Will create the Helm "fence-google-app-creds-secret" and "fence-google-storage-creds-secret" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sGoogleAppSecrets: false # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-jwt-keys" fenceJwtKeys: # -- (string) Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" From 3cbfc6a80cc0205ce64fe49c0f4bdd7e7f249e07 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 11 Mar 2024 15:42:02 -0500 Subject: [PATCH 125/279] updates --- .secrets.baseline | 4 +- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 8 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 256 +++++++++++++++-------------- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- wip/acronymbot/README.md | 2 +- wip/auspice/README.md | 2 +- wip/cogwheel/README.md | 2 +- wip/gen3-test-data-job/README.md | 2 +- wip/terraform-runner-job/README.md | 2 +- 57 files changed, 190 insertions(+), 186 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 97cb04f0..257faed0 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-11T18:38:21Z", + "generated_at": "2024-03-11T20:29:27Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 174, + "line_number": 186, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index a1f18334..c8b882b8 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 22427743..9ece0b19 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -61,4 +61,4 @@ A Helm chart for deploying ambassador for gen3 | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index d845739c..cc739de3 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index c00df2fb..a998464e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 arborist | volumes | list | `[]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index de360706..8415ed58 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6fc88cd8..302260f0 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -65,4 +65,4 @@ A Helm chart for gen3 Argo Wrapper Service | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index efbd8361..e8ad970b 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index 96172b65..eb950e12 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -124,4 +124,4 @@ A Helm chart for Kubernetes | volumes | list | `[]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 7a28cc19..d7ab79ac 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 03d37b8d..9ff959b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -68,4 +68,4 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumes | list | `nil` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 0903cde4..93ebbc0f 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 80a13994..40d67902 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 44f89e8e..030cd0c8 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index b1fd0611..2f95d08e 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -54,4 +54,4 @@ A Helm chart for gen3 Dicom Server | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index b31017d6..a6d01019 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 28f7f590..c4c5c095 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -41,4 +41,4 @@ A Helm chart for gen3 Dicom Viewer | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 0f9e2fb9..c5b08a7b 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index f874e334..e5fd17b0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -104,4 +104,4 @@ A Helm chart for gen3 etl | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 4336627d..5da3f09e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 1fa81050..b75874e4 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -89,8 +89,10 @@ A Helm chart for gen3 Fence | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"createK8sFenceSecrets":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | -| externalSecrets.createK8sFenceSecrets | string | `false` | Will create the Helm "fence-config", "fence-google-app-creds-secret", "fence-google-storage-creds-secret", and "fence-jwt-keys" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets | map | `{"createK8sFenceConfigSecret":false,"createK8sGoogleAppSecrets":false,"createK8sJwtKeysSecret":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | +| externalSecrets.createK8sFenceConfigSecret | string | `false` | Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.createK8sGoogleAppSecrets | string | `false` | Will create the Helm "fence-google-app-creds-secret" and "fence-google-storage-creds-secret" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.createK8sJwtKeysSecret | string | `false` | Will create the Helm "fence-jwt-keys" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | externalSecrets.fenceConfig | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-config" | | externalSecrets.fenceGoogleAppCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" | @@ -198,4 +200,4 @@ A Helm chart for gen3 Fence | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index b8949d10..11e87d87 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -94,4 +94,4 @@ A Helm chart for the gen3 frontend framework | tolerations | list | `[]` | Tolerations to apply to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index c171ea26..6d8190d5 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.23 +version: 0.1.24 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 3c31a379..bef74b07 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,147 +18,149 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.8 | -| file://../arborist | arborist | 0.1.8 | -| file://../argo-wrapper | argo-wrapper | 0.1.4 | -| file://../audit | audit | 0.1.9 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.6 | -| file://../common | common | 0.1.7 | -| file://../elasticsearch | elasticsearch | 0.1.5 | -| file://../fence | fence | 0.1.13 | +| file://../ambassador | ambassador | 0.1.10 | +| file://../arborist | arborist | 0.1.10 | +| file://../argo-wrapper | argo-wrapper | 0.1.6 | +| file://../audit | audit | 0.1.11 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.8 | +| file://../common | common | 0.1.9 | +| file://../etl | etl | 0.1.0 | +| file://../fence | fence | 0.1.16 | | file://../frontend-framework | frontend-framework | 0.10.0 | -| file://../guppy | guppy | 0.1.8 | -| file://../hatchery | hatchery | 0.1.6 | -| file://../indexd | indexd | 0.1.10 | -| file://../manifestservice | manifestservice | 0.1.10 | -| file://../metadata | metadata | 0.1.8 | -| file://../peregrine | peregrine | 0.1.9 | -| file://../pidgin | pidgin | 0.1.7 | -| file://../portal | portal | 0.1.7 | -| file://../requestor | requestor | 0.1.8 | -| file://../revproxy | revproxy | 0.1.10 | -| file://../sheepdog | sheepdog | 0.1.10 | -| file://../sower | sower | 0.1.6 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.6 | -| file://../wts | wts | 0.1.10 | +| file://../guppy | guppy | 0.1.10 | +| file://../hatchery | hatchery | 0.1.8 | +| file://../indexd | indexd | 0.1.13 | +| file://../manifestservice | manifestservice | 0.1.12 | +| file://../metadata | metadata | 0.1.10 | +| file://../peregrine | peregrine | 0.1.11 | +| file://../pidgin | pidgin | 0.1.9 | +| file://../portal | portal | 0.1.9 | +| file://../requestor | requestor | 0.1.10 | +| file://../revproxy | revproxy | 0.1.13 | +| file://../sheepdog | sheepdog | 0.1.12 | +| file://../sower | sower | 0.1.8 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.8 | +| file://../wts | wts | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | ## Values -| Key | Type | Default | Description | -|---------------------------------------------------------|------|---------|-------------| -| ambassador.enabled | bool | `true` | Whether to deploy the ambassador subchart. | -| arborist.enabled | bool | `true` | Whether to deploy the arborist subchart. | -| argo-wrapper.enabled | bool | `true` | Whether to deploy the argo-wrapper subchart. | -| audit.enabled | bool | `true` | Whether to deploy the audit subchart. | -| aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | -| aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | -| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | -| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | -| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | -| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | -| elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | -| elasticsearch.maxUnavailable | int | `0` | | -| elasticsearch.replicas | int | `1` | | -| elasticsearch.singleNode | bool | `true` | | -| etl.enabled | bool | `true` | Whether to deploy the etl subchart. | -| fence.enabled | bool | `true` | Whether to deploy the fence subchart. | -| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | -| fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | -| fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | -| fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | -| fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | -| fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | -| fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | -| fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | -| frontend-framework | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for frontend-framework chart. | -| frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | -| frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | -| frontend-framework.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | -| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | -| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | -| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | -| global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | -| global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | -| global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | -| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | -| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | -| global.externalSecrets | map | `{"dbCreate":false,"deploy":false}` | External Secrets settings. | -| global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | -| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | -| global.hostname | string | `"localhost"` | Hostname for the deployment. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | -| global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | -| global.postgres.master.host | string | `nil` | global postgres master host | -| global.postgres.master.password | string | `nil` | global postgres master password | -| global.postgres.master.port | string | `"5432"` | global postgres master port | -| global.postgres.master.username | string | `"postgres"` | global postgres master username | -| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | -| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | -| hatchery.enabled | bool | `true` | Whether to deploy the hatchery subchart. | -| hatchery.hatchery.containers[0].args[0] | string | `"--NotebookApp.base_url=/lw-workspace/proxy/"` | | -| hatchery.hatchery.containers[0].args[1] | string | `"--NotebookApp.default_url=/lab"` | | -| hatchery.hatchery.containers[0].args[2] | string | `"--NotebookApp.password=''"` | | -| hatchery.hatchery.containers[0].args[3] | string | `"--NotebookApp.token=''"` | | -| hatchery.hatchery.containers[0].args[4] | string | `"--NotebookApp.shutdown_no_activity_timeout=5400"` | | -| hatchery.hatchery.containers[0].args[5] | string | `"--NotebookApp.quit_button=False"` | | -| hatchery.hatchery.containers[0].command[0] | string | `"start-notebook.sh"` | | -| hatchery.hatchery.containers[0].cpu-limit | string | `"1.0"` | cpu limit of workspace container | -| hatchery.hatchery.containers[0].env | object | `{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"}` | environment variables for workspace container | -| hatchery.hatchery.containers[0].fs-gid | int | `100` | | -| hatchery.hatchery.containers[0].gen3-volume-location | string | `"/home/jovyan/.gen3"` | | -| hatchery.hatchery.containers[0].image | string | `"quay.io/cdis/heal-notebooks:combined_tutorials__latest"` | docker image for workspace | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ambassador.enabled | bool | `true` | Whether to deploy the ambassador subchart. | +| arborist.enabled | bool | `true` | Whether to deploy the arborist subchart. | +| argo-wrapper.enabled | bool | `true` | Whether to deploy the argo-wrapper subchart. | +| audit.enabled | bool | `true` | Whether to deploy the audit subchart. | +| aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | +| aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | +| aws-es-proxy.secrets | map | `{"awsAccessKeyId":"","awsSecretAccessKey":""}` | Secret information | +| aws-es-proxy.secrets.awsAccessKeyId | str | `""` | AWS access key ID for aws-es-proxy | +| aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | +| elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | +| elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | +| elasticsearch.maxUnavailable | int | `0` | | +| elasticsearch.replicas | int | `1` | | +| elasticsearch.singleNode | bool | `true` | | +| etl.enabled | bool | `true` | Whether to deploy the etl subchart. | +| fence.enabled | bool | `true` | Whether to deploy the fence subchart. | +| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | +| fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | +| fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | +| fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | +| fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | +| fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | +| fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | +| fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | +| frontend-framework | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for frontend-framework chart. | +| frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | +| frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | +| frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | +| frontend-framework.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | +| global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | +| global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | +| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | +| global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | +| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | +| global.externalSecrets | map | `{"dbCreate":false,"deploy":false}` | External Secrets settings. | +| global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | +| global.hostname | string | `"localhost"` | Hostname for the deployment. | +| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.portalApp | string | `"gitops"` | Portal application name. | +| global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | +| global.postgres.master.host | string | `nil` | global postgres master host | +| global.postgres.master.password | string | `nil` | global postgres master password | +| global.postgres.master.port | string | `"5432"` | global postgres master port | +| global.postgres.master.username | string | `"postgres"` | global postgres master username | +| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | +| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| guppy | map | `{"enabled":false}` | Configurations for guppy chart. | +| guppy.enabled | bool | `false` | Whether to deploy the guppy subchart. | +| hatchery.enabled | bool | `true` | Whether to deploy the hatchery subchart. | +| hatchery.hatchery.containers[0].args[0] | string | `"--NotebookApp.base_url=/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].args[1] | string | `"--NotebookApp.default_url=/lab"` | | +| hatchery.hatchery.containers[0].args[2] | string | `"--NotebookApp.password=''"` | | +| hatchery.hatchery.containers[0].args[3] | string | `"--NotebookApp.token=''"` | | +| hatchery.hatchery.containers[0].args[4] | string | `"--NotebookApp.shutdown_no_activity_timeout=5400"` | | +| hatchery.hatchery.containers[0].args[5] | string | `"--NotebookApp.quit_button=False"` | | +| hatchery.hatchery.containers[0].command[0] | string | `"start-notebook.sh"` | | +| hatchery.hatchery.containers[0].cpu-limit | string | `"1.0"` | cpu limit of workspace container | +| hatchery.hatchery.containers[0].env | object | `{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"}` | environment variables for workspace container | +| hatchery.hatchery.containers[0].fs-gid | int | `100` | | +| hatchery.hatchery.containers[0].gen3-volume-location | string | `"/home/jovyan/.gen3"` | | +| hatchery.hatchery.containers[0].image | string | `"quay.io/cdis/heal-notebooks:combined_tutorials__latest"` | docker image for workspace | | hatchery.hatchery.containers[0].lifecycle-post-start[0] | string | `"/bin/sh"` | | | hatchery.hatchery.containers[0].lifecycle-post-start[1] | string | `"-c"` | | | hatchery.hatchery.containers[0].lifecycle-post-start[2] | string | `"export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"` | | -| hatchery.hatchery.containers[0].memory-limit | string | `"2Gi"` | memory limit of workspace container | -| hatchery.hatchery.containers[0].name | string | `"(Tutorials) Example Analysis Jupyter Lab Notebooks"` | name of workspace | -| hatchery.hatchery.containers[0].path-rewrite | string | `"/lw-workspace/proxy/"` | | -| hatchery.hatchery.containers[0].ready-probe | string | `"/lw-workspace/proxy/"` | | -| hatchery.hatchery.containers[0].target-port | int | `8888` | port to proxy traffic to in docker contaniner | -| hatchery.hatchery.containers[0].use-tls | string | `"false"` | | -| hatchery.hatchery.containers[0].user-uid | int | `1000` | | -| hatchery.hatchery.containers[0].user-volume-location | string | `"/home/jovyan/pd"` | | -| hatchery.hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | -| hatchery.hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | -| hatchery.hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | -| hatchery.hatchery.sidecarContainer.env | map | `{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"}` | Environment variables to pass to the sidecar container | -| hatchery.hatchery.sidecarContainer.image | string | `"quay.io/cdis/ecs-ws-sidecar:master"` | The sidecar image. | +| hatchery.hatchery.containers[0].memory-limit | string | `"2Gi"` | memory limit of workspace container | +| hatchery.hatchery.containers[0].name | string | `"(Tutorials) Example Analysis Jupyter Lab Notebooks"` | name of workspace | +| hatchery.hatchery.containers[0].path-rewrite | string | `"/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].ready-probe | string | `"/lw-workspace/proxy/"` | | +| hatchery.hatchery.containers[0].target-port | int | `8888` | port to proxy traffic to in docker contaniner | +| hatchery.hatchery.containers[0].use-tls | string | `"false"` | | +| hatchery.hatchery.containers[0].user-uid | int | `1000` | | +| hatchery.hatchery.containers[0].user-volume-location | string | `"/home/jovyan/pd"` | | +| hatchery.hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | +| hatchery.hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | +| hatchery.hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | +| hatchery.hatchery.sidecarContainer.env | map | `{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"}` | Environment variables to pass to the sidecar container | +| hatchery.hatchery.sidecarContainer.image | string | `"quay.io/cdis/ecs-ws-sidecar:master"` | The sidecar image. | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[0] | string | `"su"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[1] | string | `"-c"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[2] | string | `"echo test"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[3] | string | `"-s"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[4] | string | `"/bin/sh"` | | | hatchery.hatchery.sidecarContainer.lifecycle-pre-stop[5] | string | `"root"` | | -| hatchery.hatchery.sidecarContainer.memory-limit | string | `"256Mi"` | The maximum amount of memory the sidecar container can use | -| indexd.defaultPrefix | string | `"PREFIX/"` | the default prefix for indexd records | -| indexd.enabled | bool | `true` | Whether to deploy the indexd subchart. | -| manifestservice.enabled | bool | `true` | Whether to deploy the manifest service subchart. | -| metadata.enabled | bool | `true` | Whether to deploy the metadata subchart. | -| peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | -| pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | -| portal.enabled | bool | `true` | Whether to deploy the portal subchart. | -| postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | -| requestor.enabled | bool | `false` | Whether to deploy the requestor subchart. | -| revproxy.enabled | bool | `true` | Whether to deploy the revproxy subchart. | -| revproxy.ingress.annotations | map | `{}` | Annotations to add to the ingress. | -| revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | -| revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | -| revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | -| sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | -| ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | -| wts.enabled | bool | `true` | Whether to deploy the wts subchart. | +| hatchery.hatchery.sidecarContainer.memory-limit | string | `"256Mi"` | The maximum amount of memory the sidecar container can use | +| indexd.defaultPrefix | string | `"PREFIX/"` | the default prefix for indexd records | +| indexd.enabled | bool | `true` | Whether to deploy the indexd subchart. | +| manifestservice.enabled | bool | `true` | Whether to deploy the manifest service subchart. | +| metadata.enabled | bool | `true` | Whether to deploy the metadata subchart. | +| peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | +| pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | +| portal.enabled | bool | `true` | Whether to deploy the portal subchart. | +| postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | To configure postgresql subchart Disable persistence by default so we can spin up and down ephemeral environments | +| postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | +| requestor.enabled | bool | `false` | Whether to deploy the requestor subchart. | +| revproxy.enabled | bool | `true` | Whether to deploy the revproxy subchart. | +| revproxy.ingress.annotations | map | `{}` | Annotations to add to the ingress. | +| revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | +| revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | +| revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | +| sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | +| ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | +| wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 8da72671..edfb712b 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f04bf9ca..77cdd993 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -97,4 +97,4 @@ A Helm chart for gen3 Guppy Service | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 466cb09b..c57ad0e6 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 583c3ac7..e0423a97 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -87,4 +87,4 @@ A Helm chart for gen3 Hatchery | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 18a5f053..8c5dd73d 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index d27514cb..555e987e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -108,4 +108,4 @@ A Helm chart for gen3 indexd | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 8557818e..921228cc 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index a854343d..4733169c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -86,4 +86,4 @@ A Helm chart for Kubernetes | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 0e130ab4..240e3913 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index d533375e..164c896e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -125,4 +125,4 @@ A Helm chart for gen3 Metadata Service | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index eaf74f03..46504b0d 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8c83b684..421e5ddd 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -103,4 +103,4 @@ A Helm chart for gen3 Peregrine service | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index f80d38b0..5dd361eb 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 1a34c4d7..095e3b84 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -83,4 +83,4 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 4f90c0ff..04100233 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 542d4bc2..b1fb8995 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -100,4 +100,4 @@ A Helm chart for gen3 data-portal | tolerations | list | `[]` | Tolerations to apply to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index e3b94a13..3e855149 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 9b4dddec..49ce77db 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -118,4 +118,4 @@ A Helm chart for gen3 Requestor Service | volumeMounts | list | `nil` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index efa3c3bc..dd9c4974 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index ddb426a3..1ee8c270 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -105,4 +105,4 @@ A Helm chart for gen3 revproxy | userhelperEnabled | bool | `false` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 46a7945d..79cf8269 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index bb94c74b..cddb752a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -124,4 +124,4 @@ A Helm chart for gen3 Sheepdog Service | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 78f30033..2efaa70d 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 1217b1c3..828699af 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -151,4 +151,4 @@ A Helm chart for gen3 sower | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 34b92d4a..2016e15b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 12c85819..db9e1194 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -113,4 +113,4 @@ A Helm chart for gen3 ssjdispatcher | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index c84c4d76..85a6dde9 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index b54a6358..c5fa341a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 workspace token service | tolerations | list | `[]` | Tolerations for the pods | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/wip/acronymbot/README.md b/wip/acronymbot/README.md index 63a37446..6027799a 100644 --- a/wip/acronymbot/README.md +++ b/wip/acronymbot/README.md @@ -44,4 +44,4 @@ A Helm chart for gen3 acronymbot | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/wip/auspice/README.md b/wip/auspice/README.md index 9f139584..74ab49b1 100644 --- a/wip/auspice/README.md +++ b/wip/auspice/README.md @@ -42,4 +42,4 @@ A Helm chart for Kubernetes | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/wip/cogwheel/README.md b/wip/cogwheel/README.md index 6b4a71e0..6bf24d15 100644 --- a/wip/cogwheel/README.md +++ b/wip/cogwheel/README.md @@ -78,4 +78,4 @@ A Helm chart for gen3 cogwheel | volumes[0].secret.secretName | string | `"cogwheel-g3auto"` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/wip/gen3-test-data-job/README.md b/wip/gen3-test-data-job/README.md index 71dd6632..6d2b4944 100644 --- a/wip/gen3-test-data-job/README.md +++ b/wip/gen3-test-data-job/README.md @@ -16,4 +16,4 @@ A Helm chart for generating dummy data in gen3 | gentestdata.test_project | string | `"test"` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/wip/terraform-runner-job/README.md b/wip/terraform-runner-job/README.md index 15c24c77..ee303b8a 100644 --- a/wip/terraform-runner-job/README.md +++ b/wip/terraform-runner-job/README.md @@ -17,4 +17,4 @@ A Helm chart for provisioning prequisites cloud resources for gen3 | terraform.workspace_name | string | `""` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) From f233a9558fbde0be808f4c386ee5862542d6a97f Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 11 Mar 2024 15:42:26 -0500 Subject: [PATCH 126/279] updates --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/gen3/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/portal/README.md | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9ece0b19..d2a06c72 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index a998464e..1a47d5c3 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 302260f0..ef83a411 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index eb950e12..6dfea331 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9ff959b5..47099452 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/README.md b/helm/common/README.md index 40d67902..d4d6f2e0 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 2f95d08e..f4380b1b 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index c4c5c095..caec0f07 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/README.md b/helm/etl/README.md index e5fd17b0..87b2e537 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index b75874e4..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bef74b07..cc5698aa 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 77cdd993..ba51faf9 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index e0423a97..c98175e5 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 555e987e..33065b4e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4733169c..058d32fd 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 164c896e..75a49ce2 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 421e5ddd..c0286b44 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 095e3b84..94495379 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/portal/README.md b/helm/portal/README.md index b1fb8995..2b8d7253 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 49ce77db..bde0842e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 1ee8c270..fcb27c0e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index cddb752a..3523d763 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 828699af..4c5fe5d8 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index db9e1194..e9f5cfe0 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index c5fa341a..d6cc9d2d 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From e9d1ef8574e5834f59a14302ab906f938390747d Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 12 Mar 2024 12:37:09 -0600 Subject: [PATCH 127/279] bumping portal version --- helm/fence/README.md | 6 ++++-- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/helm/fence/README.md b/helm/fence/README.md index 1fa81050..8bfa006d 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -89,8 +89,10 @@ A Helm chart for gen3 Fence | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | -| externalSecrets | map | `{"createK8sFenceSecrets":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | -| externalSecrets.createK8sFenceSecrets | string | `false` | Will create the Helm "fence-config", "fence-google-app-creds-secret", "fence-google-storage-creds-secret", and "fence-jwt-keys" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets | map | `{"createK8sFenceConfigSecret":false,"createK8sGoogleAppSecrets":false,"createK8sJwtKeysSecret":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | +| externalSecrets.createK8sFenceConfigSecret | string | `false` | Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.createK8sGoogleAppSecrets | string | `false` | Will create the Helm "fence-google-app-creds-secret" and "fence-google-storage-creds-secret" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.createK8sJwtKeysSecret | string | `false` | Will create the Helm "fence-jwt-keys" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | externalSecrets.fenceConfig | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-config" | | externalSecrets.fenceGoogleAppCredsSecret | string | `nil` | Will override the name of the aws secrets manager secret. Default is "fence-google-app-creds-secret" | diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index a6d27e51..ff986f1c 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -64,7 +64,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.9 + version: 0.1.10 repository: "file://../portal" condition: portal.enabled - name: requestor diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 89789e7d..c9e2f412 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -33,7 +33,7 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.10 | | file://../peregrine | peregrine | 0.1.11 | | file://../pidgin | pidgin | 0.1.9 | -| file://../portal | portal | 0.1.9 | +| file://../portal | portal | 0.1.10 | | file://../requestor | requestor | 0.1.10 | | file://../revproxy | revproxy | 0.1.13 | | file://../sheepdog | sheepdog | 0.1.12 | diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 4f90c0ff..04100233 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 39c789ff..00c6bf07 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal From 4cdc478a471929d05e92823477e0e1f4f169997b Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 12 Mar 2024 12:40:11 -0600 Subject: [PATCH 128/279] bumping fence and gen3 versions --- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 4336627d..5da3f09e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 8bfa006d..a8e510bc 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index ff986f1c..20b04b9d 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -32,7 +32,7 @@ dependencies: repository: file://../etl condition: etl.enabled - name: fence - version: 0.1.16 + version: 0.1.17 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.23 +version: 0.1.24 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index c9e2f412..46b928f0 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.8 | | file://../common | common | 0.1.9 | | file://../etl | etl | 0.1.0 | -| file://../fence | fence | 0.1.16 | +| file://../fence | fence | 0.1.17 | | file://../guppy | guppy | 0.1.10 | | file://../hatchery | hatchery | 0.1.8 | | file://../indexd | indexd | 0.1.13 | From 82cf366b8ec8aa3462e17a403a308a0daec47b58 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Thu, 14 Mar 2024 12:25:32 -0500 Subject: [PATCH 129/279] restore versions from master --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/gen3/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/portal/README.md | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index d2a06c72..9ece0b19 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 1a47d5c3..a998464e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index ef83a411..302260f0 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index 6dfea331..eb950e12 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 47099452..9ff959b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/README.md b/helm/common/README.md index d4d6f2e0..40d67902 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f4380b1b..2f95d08e 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index caec0f07..c4c5c095 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/README.md b/helm/etl/README.md index 87b2e537..e5fd17b0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index 1bb9a688..b75874e4 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/gen3/README.md b/helm/gen3/README.md index cc5698aa..bef74b07 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/guppy/README.md b/helm/guppy/README.md index ba51faf9..77cdd993 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index c98175e5..e0423a97 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 33065b4e..555e987e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 058d32fd..4733169c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 75a49ce2..164c896e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c0286b44..421e5ddd 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 94495379..095e3b84 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/portal/README.md b/helm/portal/README.md index 2b8d7253..b1fb8995 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/requestor/README.md b/helm/requestor/README.md index bde0842e..49ce77db 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index fcb27c0e..1ee8c270 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 3523d763..cddb752a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 4c5fe5d8..828699af 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index e9f5cfe0..db9e1194 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index d6cc9d2d..c5fa341a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From 7e0461cd2bb9004b1a2df75703eb3976743f87cc Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 15 Mar 2024 12:23:42 -0600 Subject: [PATCH 130/279] allowing for extra values to be added to the manifest global in the gen3 umbrella chart --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 3 ++- helm/gen3/templates/global-manifest.yaml | 7 ++++++- helm/gen3/values.yaml | 2 ++ 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 3e2f037c..b2328594 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-11T18:38:21Z", + "generated_at": "2024-03-15T18:22:32Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,7 +330,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 174, + "line_number": 176, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 20b04b9d..d06ea3e4 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.24 +version: 0.1.25 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 46b928f0..4c12848b 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -88,6 +88,7 @@ Helm chart to deploy Gen3 Data Commons | global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | +| global.manifestGlobalExtraValues | map | `nil` | If you would like to add any extra values to the manifest-global configmap. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index 945088d5..0699a195 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -16,4 +16,9 @@ data: "dd_enabled": {{ .Values.global.ddEnabled | quote }} {{- with .Values.global.origins_allow_credentials }} "origins_allow_credentials": {{ . | toJson | quote }} - {{- end -}} \ No newline at end of file + {{- end -}} + {{- with .Values.global.manifestGlobalExtraValues }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index b29b75f1..ea2644ab 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -56,6 +56,8 @@ global: dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (map) If you would like to add any extra values to the manifest-global configmap. + manifestGlobalExtraValues: # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. From ddb6fe009820e0ed7fe683942e5b1767577aced3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Fri, 15 Mar 2024 12:39:52 -0600 Subject: [PATCH 131/279] correctly adding value as an empty map --- helm/gen3/README.md | 2 +- helm/gen3/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 4c12848b..3cbd2f8b 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -88,7 +88,7 @@ Helm chart to deploy Gen3 Data Commons | global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | -| global.manifestGlobalExtraValues | map | `nil` | If you would like to add any extra values to the manifest-global configmap. | +| global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index ea2644ab..6dcc3cdf 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -57,7 +57,7 @@ global: # -- (bool) Whether Datadog is enabled. ddEnabled: false # -- (map) If you would like to add any extra values to the manifest-global configmap. - manifestGlobalExtraValues: + manifestGlobalExtraValues: {} # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. From baf24fd29e9c03a9f491b0f1f2c37c7aa23a4e79 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Sat, 16 Mar 2024 14:40:59 -0500 Subject: [PATCH 132/279] test rev proxy --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 3 +- helm/gen3/Chart.yaml | 48 +++++++++++------------ helm/gen3/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/portal/README.md | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/revproxy/templates/configMaps.yaml | 21 ++++------ helm/revproxy/templates/deployment.yaml | 52 ++++++++++++++----------- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 30 files changed, 89 insertions(+), 87 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9ece0b19..d2a06c72 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index a998464e..1a47d5c3 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 302260f0..ef83a411 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index eb950e12..6dfea331 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9ff959b5..47099452 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/README.md b/helm/common/README.md index 40d67902..d4d6f2e0 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 2f95d08e..f4380b1b 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index c4c5c095..caec0f07 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/README.md b/helm/etl/README.md index e5fd17b0..87b2e537 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index b75874e4..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index a2243c80..7edc494a 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -25,5 +25,6 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.7 + version: 0.1.10 repository: file://../common + diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 6d8190d5..ffb0833a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,94 +5,94 @@ description: Helm chart to deploy Gen3 Data Commons # Dependancies dependencies: - name: ambassador - version: 0.1.10 + version: 0.1.11 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.10 + version: 0.1.11 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.6 + version: 0.1.7 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.11 + version: 0.1.12 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.8 + version: 0.1.9 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: etl - version: 0.1.0 + version: 0.1.1 repository: file://../etl condition: etl.enabled - name: frontend-framework - version: "0.10.0" + version: 0.10.0 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.16 + version: 0.1.17 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.10 + version: 0.1.11 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.8 + version: 0.1.9 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.13 + version: 0.1.14 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.12 + version: 0.1.13 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.10 + version: 0.1.11 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.11 + version: 0.1.12 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: 0.1.9 + version: 0.1.10 repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.9 + version: 0.1.10 repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.10 + version: 0.1.11 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.13 + version: 0.1.19 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.12 + version: 0.1.13 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.8 + version: 0.1.9 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.8 + version: 0.1.9 condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.12 + version: 0.1.13 repository: "file://../wts" condition: wts.enabled @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.24 +version: 0.1.25 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bef74b07..cc5698aa 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 77cdd993..ba51faf9 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index e0423a97..c98175e5 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 555e987e..33065b4e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4733169c..058d32fd 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 164c896e..75a49ce2 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 421e5ddd..c0286b44 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 095e3b84..94495379 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/portal/README.md b/helm/portal/README.md index b1fb8995..2b8d7253 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 49ce77db..bde0842e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index dd9c4974..a628c685 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 1ee8c270..fcb27c0e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index e6a48f2c..8bd334ea 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -4,22 +4,17 @@ metadata: name: revproxy-nginx-subconf data: {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/*.conf" }} - {{ ($a := split "/" $path)._1 }}: | + {{ ($a := split "/" $path)._1 }}: |- {{- $bytes | toString | nindent 4 }} {{- end}} {{- if eq "portal" .Values.global.frontendRoot }} - {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/portal-as-root/*.conf" }} - {{ ($a := split "/" $path)._2 }}: | - {{- $bytes | toString | nindent 4 }} - {{ $path }} - {{- end}} -{{- end}} + frontend-framework-service.conf: {{ .Files.Get "gen3.nginx.conf/portal-as-root/frontend-framework-service.conf"}} + portal-service.conf: {{ .Files.Get "gen3.nginx.conf/portal-as-root/portal-service.conf" }} +{{- end }} {{- if eq "gen3ff" .Values.global.frontendRoot }} - {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/gen3ff-as-root/*.conf" }} - {{ ($a := split "/" $path)._2 }}: | - {{- $bytes | toString | nindent 4 }} - {{- end}} -{{- end}} + frontend-framework-service.conf: {{ .Files.Get "gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf" }} + portal-service.conf: {{ .Files.Get "gen3.nginx.conf/gen3ff-as-root/portal-service.conf" }} +{{- end }} --- apiVersion: v1 kind: ConfigMap @@ -29,4 +24,4 @@ data: {{- range $path, $bytes := .Files.Glob "nginx/*" }} {{ ($a := split "/" $path)._1 }}: | {{- $bytes | toString | nindent 4 }} -{{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index b9e391ee..18c089a2 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -75,7 +75,7 @@ spec: path: /_status port: 80 initialDelaySeconds: 5 - periodSeconds: 30 + periodSeconds: 3000 readinessProbe: httpGet: path: /_status @@ -144,12 +144,12 @@ spec: - name: "revproxy-subconf" readOnly: true mountPath: "/etc/nginx/gen3.conf" - - name: "revproxy-subconf" - readOnly: true - mountPath: "/etc/nginx/gen3.conf/portal-as-root" - - name: "revproxy-subconf" - readOnly: true - mountPath: "/etc/nginx/gen3.conf/gen3ff-as-root" +{{/* - name: "revproxy-subconf"*/}} +{{/* readOnly: true*/}} +{{/* mountPath: "/etc/nginx/gen3.conf/portal-as-root"*/}} +{{/* - name: "revproxy-subconf"*/}} +{{/* readOnly: true*/}} +{{/* mountPath: "/etc/nginx/gen3.conf/gen3ff-as-root"*/}} # - name: "modsec-conf" # readOnly: true # mountPath: "/etc/nginx/modsec" @@ -183,23 +183,29 @@ spec: # readOnly: true # mountPath: "/usr/local/share/ca-certificates/cdis/cdis-ca.crt" # subPath: "ca.pem" - command: ["/bin/sh" ] + # name: + # {{ .Values.global.frontend_root }} + command: ["/usr/bin/tail"] args: - - "-c" - # Script always succeeds if it runs (echo exits with 0) - # Launch script handles different nginx versions, etc - - | - for name in ngx_http_perl_module.so ngx_http_js_module.so ngx_http_headers_more_filter_module.so ngx_http_modsecurity_module.so; do - if [ -f /etc/nginx/modules/$name ]; then - echo "load_module modules/$name;" >> /etc/nginx/gen3_modules.conf - fi - done - if [ -f /etc/nginx/modules/ngx_http_modsecurity_module.so -a -f /etc/nginx/modsec/main.conf ]; then - echo "modsecurity on;" >> /etc/nginx/gen3_server_modsec.conf - echo "modsecurity_rules_file /etc/nginx/modsec/main.conf;" >> /etc/nginx/gen3_server_modsec.conf - fi - - exec nginx -g 'daemon off;' + - "-f" + - "/dev/null" +{{/* command: ["/bin/sh" ]*/}} +{{/* args:*/}} +{{/* - "-c"*/}} +{{/* # Script always succeeds if it runs (echo exits with 0)*/}} +{{/* # Launch script handles different nginx versions, etc*/}} +{{/* - |*/}} +{{/* for name in ngx_http_perl_module.so ngx_http_js_module.so ngx_http_headers_more_filter_module.so ngx_http_modsecurity_module.so; do*/}} +{{/* if [ -f /etc/nginx/modules/$name ]; then*/}} +{{/* echo "load_module modules/$name;" >> /etc/nginx/gen3_modules.conf*/}} +{{/* fi*/}} +{{/* done*/}} +{{/* if [ -f /etc/nginx/modules/ngx_http_modsecurity_module.so -a -f /etc/nginx/modsec/main.conf ]; then*/}} +{{/* echo "modsecurity on;" >> /etc/nginx/gen3_server_modsec.conf*/}} +{{/* echo "modsecurity_rules_file /etc/nginx/modsec/main.conf;" >> /etc/nginx/gen3_server_modsec.conf*/}} +{{/* fi*/}} +{{/* */}} +{{/* exec nginx -g 'daemon off;'*/}} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index cddb752a..3523d763 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 828699af..4c5fe5d8 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index db9e1194..e9f5cfe0 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index c5fa341a..d6cc9d2d 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From b1e43635a1f64f3d641836972f2a293d475770d5 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Sat, 16 Mar 2024 14:41:41 -0500 Subject: [PATCH 133/279] test rev proxy --- helm/gen3/README.md | 46 ++++++++++++++++++++--------------------- helm/revproxy/README.md | 2 +- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index cc5698aa..3e5266dc 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,29 +18,29 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.10 | -| file://../arborist | arborist | 0.1.10 | -| file://../argo-wrapper | argo-wrapper | 0.1.6 | -| file://../audit | audit | 0.1.11 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.8 | -| file://../common | common | 0.1.9 | -| file://../etl | etl | 0.1.0 | -| file://../fence | fence | 0.1.16 | +| file://../ambassador | ambassador | 0.1.11 | +| file://../arborist | arborist | 0.1.11 | +| file://../argo-wrapper | argo-wrapper | 0.1.7 | +| file://../audit | audit | 0.1.12 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.9 | +| file://../common | common | 0.1.10 | +| file://../etl | etl | 0.1.1 | +| file://../fence | fence | 0.1.17 | | file://../frontend-framework | frontend-framework | 0.10.0 | -| file://../guppy | guppy | 0.1.10 | -| file://../hatchery | hatchery | 0.1.8 | -| file://../indexd | indexd | 0.1.13 | -| file://../manifestservice | manifestservice | 0.1.12 | -| file://../metadata | metadata | 0.1.10 | -| file://../peregrine | peregrine | 0.1.11 | -| file://../pidgin | pidgin | 0.1.9 | -| file://../portal | portal | 0.1.9 | -| file://../requestor | requestor | 0.1.10 | -| file://../revproxy | revproxy | 0.1.13 | -| file://../sheepdog | sheepdog | 0.1.12 | -| file://../sower | sower | 0.1.8 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.8 | -| file://../wts | wts | 0.1.12 | +| file://../guppy | guppy | 0.1.11 | +| file://../hatchery | hatchery | 0.1.9 | +| file://../indexd | indexd | 0.1.14 | +| file://../manifestservice | manifestservice | 0.1.13 | +| file://../metadata | metadata | 0.1.11 | +| file://../peregrine | peregrine | 0.1.12 | +| file://../pidgin | pidgin | 0.1.10 | +| file://../portal | portal | 0.1.10 | +| file://../requestor | requestor | 0.1.11 | +| file://../revproxy | revproxy | 0.1.19 | +| file://../sheepdog | sheepdog | 0.1.13 | +| file://../sower | sower | 0.1.9 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.9 | +| file://../wts | wts | 0.1.13 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index fcb27c0e..6b9dd736 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From 470ffbac5629e06b6b2044ceb0f00e9111b6e2a9 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Sat, 16 Mar 2024 14:41:53 -0500 Subject: [PATCH 134/279] test rev proxy --- helm/frontend-framework/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 11e87d87..afed39e9 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.7 | +| file://../common | common | 0.1.10 | ## Values From 907702eae51c2f06782fca7fde9f5d7c53bac1c7 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Sat, 16 Mar 2024 23:14:05 -0500 Subject: [PATCH 135/279] refactor configMaps for revproxy --- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/revproxy/nginx/nginx.conf | 12 ++++++------ helm/revproxy/templates/configMaps.yaml | 17 ++++++++++------- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index a628c685..dadba010 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 6b9dd736..e74d9019 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf index d2be4bd3..341f8d4e 100644 --- a/helm/revproxy/nginx/nginx.conf +++ b/helm/revproxy/nginx/nginx.conf @@ -320,12 +320,12 @@ http { if ($document_url_env != "") { include /etc/nginx/gen3.conf/documentation-site/*.conf; } - if ($frontend_root_service = "portal") { - include /etc/nginx/gen3.conf/portal-as-root/*.conf; - } - if ($frontend_root_service = "gen3ff") { - include /etc/nginx/gen3.conf/gen3ff-as-root/*.conf; - } + #if ($frontend_root_service = "portal") { + # include /etc/nginx/gen3.conf/portal-as-root/*.conf; + #} + #if ($frontend_root_service = "gen3ff") { + # include /etc/nginx/gen3.conf/gen3ff-as-root/*.conf; + #} location @errorworkspace { # if ($frontend_root_service = "gen3ff") { diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index 8bd334ea..306617cc 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -4,16 +4,19 @@ metadata: name: revproxy-nginx-subconf data: {{- range $path, $bytes := .Files.Glob "gen3.nginx.conf/*.conf" }} - {{ ($a := split "/" $path)._1 }}: |- + {{ ($a := split "/" $path)._1 }}: | {{- $bytes | toString | nindent 4 }} {{- end}} -{{- if eq "portal" .Values.global.frontendRoot }} - frontend-framework-service.conf: {{ .Files.Get "gen3.nginx.conf/portal-as-root/frontend-framework-service.conf"}} - portal-service.conf: {{ .Files.Get "gen3.nginx.conf/portal-as-root/portal-service.conf" }} -{{- end }} {{- if eq "gen3ff" .Values.global.frontendRoot }} - frontend-framework-service.conf: {{ .Files.Get "gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf" }} - portal-service.conf: {{ .Files.Get "gen3.nginx.conf/gen3ff-as-root/portal-service.conf" }} + {{ "frontend-framework-service.conf" }}: | + {{- .Files.Get "gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf" | nindent 4}} + {{ "portal-service.conf" }}: | + {{- .Files.Get "gen3.nginx.conf/gen3ff-as-root/portal-service.conf" | nindent 4}} +{{- else }} + {{ "frontend-framework-service.conf" }}: | + {{- .Files.Get "gen3.nginx.conf/portal-as-root/frontend-framework-service.conf"| nindent 4}} + {{ "portal-service.conf" }}: | + {{- .Files.Get "gen3.nginx.conf/portal-as-root/portal-service.conf" | nindent 4}} {{- end }} --- apiVersion: v1 From 503837026b38aa380bdbca9e55c0e662ea835488 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 18 Mar 2024 09:37:42 -0500 Subject: [PATCH 136/279] remove commented config from nginx.conf --- helm/revproxy/nginx/nginx.conf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf index 341f8d4e..0d352578 100644 --- a/helm/revproxy/nginx/nginx.conf +++ b/helm/revproxy/nginx/nginx.conf @@ -320,12 +320,6 @@ http { if ($document_url_env != "") { include /etc/nginx/gen3.conf/documentation-site/*.conf; } - #if ($frontend_root_service = "portal") { - # include /etc/nginx/gen3.conf/portal-as-root/*.conf; - #} - #if ($frontend_root_service = "gen3ff") { - # include /etc/nginx/gen3.conf/gen3ff-as-root/*.conf; - #} location @errorworkspace { # if ($frontend_root_service = "gen3ff") { From fa873703975ed7f5c2c36a6472c96d501d90e2b8 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 18 Mar 2024 09:49:17 -0500 Subject: [PATCH 137/279] cleanup --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 48 +++++++++++++++--------------- helm/gen3/README.md | 46 ++++++++++++++-------------- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 4 +-- helm/revproxy/README.md | 4 +-- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 28 files changed, 75 insertions(+), 75 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index d2a06c72..9ece0b19 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 1a47d5c3..a998464e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index ef83a411..302260f0 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index 6dfea331..eb950e12 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 47099452..9ff959b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/README.md b/helm/common/README.md index d4d6f2e0..40d67902 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f4380b1b..2f95d08e 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index caec0f07..c4c5c095 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/README.md b/helm/etl/README.md index 87b2e537..e5fd17b0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index 1bb9a688..b75874e4 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 7edc494a..a19b5ae5 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index afed39e9..dfd138c1 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index ffb0833a..b11035b3 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -2,69 +2,69 @@ apiVersion: v2 name: gen3 description: Helm chart to deploy Gen3 Data Commons -# Dependancies +# Dependencies dependencies: - name: ambassador - version: 0.1.11 + version: 0.1.10 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.11 + version: 0.1.10 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.7 + version: 0.1.6 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.12 + version: 0.1.11 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.9 + version: 0.1.8 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.10 + version: 0.1.9 repository: file://../common - name: etl - version: 0.1.1 + version: 0.1.0 repository: file://../etl condition: etl.enabled - name: frontend-framework - version: 0.10.0 + version: 0.1.1 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.17 + version: 0.1.16 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.11 + version: 0.1.10 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.9 + version: 0.1.8 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.14 + version: 0.1.13 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.13 + version: 0.1.12 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.11 + version: 0.1.10 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.12 + version: 0.1.11 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: 0.1.10 + version: 0.1.9 repository: "file://../pidgin" condition: pidgin.enabled - name: portal @@ -72,27 +72,27 @@ dependencies: repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.11 + version: 0.1.10 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.19 + version: 0.1.13 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.13 + version: 0.1.12 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.9 + version: 0.1.8 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.9 + version: 0.1.8 condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.13 + version: 0.1.12 repository: "file://../wts" condition: wts.enabled @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.25 +version: 0.1.24 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 3e5266dc..c7921538 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,29 +18,29 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.11 | -| file://../arborist | arborist | 0.1.11 | -| file://../argo-wrapper | argo-wrapper | 0.1.7 | -| file://../audit | audit | 0.1.12 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.9 | -| file://../common | common | 0.1.10 | -| file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.17 | -| file://../frontend-framework | frontend-framework | 0.10.0 | -| file://../guppy | guppy | 0.1.11 | -| file://../hatchery | hatchery | 0.1.9 | -| file://../indexd | indexd | 0.1.14 | -| file://../manifestservice | manifestservice | 0.1.13 | -| file://../metadata | metadata | 0.1.11 | -| file://../peregrine | peregrine | 0.1.12 | -| file://../pidgin | pidgin | 0.1.10 | +| file://../ambassador | ambassador | 0.1.10 | +| file://../arborist | arborist | 0.1.10 | +| file://../argo-wrapper | argo-wrapper | 0.1.6 | +| file://../audit | audit | 0.1.11 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.8 | +| file://../common | common | 0.1.9 | +| file://../etl | etl | 0.1.0 | +| file://../fence | fence | 0.1.16 | +| file://../frontend-framework | frontend-framework | 0.1.1 | +| file://../guppy | guppy | 0.1.10 | +| file://../hatchery | hatchery | 0.1.8 | +| file://../indexd | indexd | 0.1.13 | +| file://../manifestservice | manifestservice | 0.1.12 | +| file://../metadata | metadata | 0.1.10 | +| file://../peregrine | peregrine | 0.1.11 | +| file://../pidgin | pidgin | 0.1.9 | | file://../portal | portal | 0.1.10 | -| file://../requestor | requestor | 0.1.11 | -| file://../revproxy | revproxy | 0.1.19 | -| file://../sheepdog | sheepdog | 0.1.13 | -| file://../sower | sower | 0.1.9 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.9 | -| file://../wts | wts | 0.1.13 | +| file://../requestor | requestor | 0.1.10 | +| file://../revproxy | revproxy | 0.1.13 | +| file://../sheepdog | sheepdog | 0.1.12 | +| file://../sower | sower | 0.1.8 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.8 | +| file://../wts | wts | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/guppy/README.md b/helm/guppy/README.md index ba51faf9..77cdd993 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index c98175e5..e0423a97 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 33065b4e..555e987e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 058d32fd..4733169c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 75a49ce2..164c896e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c0286b44..421e5ddd 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 94495379..095e3b84 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/requestor/README.md b/helm/requestor/README.md index bde0842e..49ce77db 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index dadba010..dd9c4974 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.9 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index e74d9019..fcb27c0e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 3523d763..cddb752a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 4c5fe5d8..828699af 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index e9f5cfe0..db9e1194 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index d6cc9d2d..c5fa341a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From f3a3770119aa3f83f71d44af6076c9b803301d5f Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Mon, 18 Mar 2024 09:50:04 -0500 Subject: [PATCH 138/279] cleanup --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9ece0b19..d2a06c72 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index a998464e..1a47d5c3 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 302260f0..ef83a411 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index eb950e12..6dfea331 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9ff959b5..47099452 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/README.md b/helm/common/README.md index 40d67902..d4d6f2e0 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 2f95d08e..f4380b1b 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index c4c5c095..caec0f07 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/README.md b/helm/etl/README.md index e5fd17b0..87b2e537 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index b75874e4..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 77cdd993..ba51faf9 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index e0423a97..c98175e5 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 555e987e..33065b4e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4733169c..058d32fd 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 164c896e..75a49ce2 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 421e5ddd..c0286b44 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 095e3b84..94495379 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 49ce77db..bde0842e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index cddb752a..3523d763 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 828699af..4c5fe5d8 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index db9e1194..e9f5cfe0 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index c5fa341a..d6cc9d2d 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From 019f8042ed19d526f21c22ce9ddcdaf15e392274 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 22 Mar 2024 13:23:37 -0500 Subject: [PATCH 139/279] version number --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 4 ++-- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 25 files changed, 28 insertions(+), 28 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index d2a06c72..9ece0b19 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 1a47d5c3..a998464e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index ef83a411..302260f0 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index 6dfea331..eb950e12 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 47099452..9ff959b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 93ebbc0f..0903cde4 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index d4d6f2e0..80a13994 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/README.md b/helm/etl/README.md index 87b2e537..e5fd17b0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index 5d0fc1fb..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index a19b5ae5..310e3ae9 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -25,6 +25,6 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.10 + version: 0.1.9 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index dfd138c1..bfea2a23 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.9 | ## Values diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 6af00a31..51ba1b54 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.10 + version: 0.1.11 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -76,7 +76,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.13 + version: 0.1.14 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ac83ddf8..68f9cd56 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -34,9 +34,9 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.10 | | file://../peregrine | peregrine | 0.1.11 | | file://../pidgin | pidgin | 0.1.9 | -| file://../portal | portal | 0.1.10 | +| file://../portal | portal | 0.1.11 | | file://../requestor | requestor | 0.1.10 | -| file://../revproxy | revproxy | 0.1.13 | +| file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.12 | | file://../sower | sower | 0.1.8 | | file://../ssjdispatcher | ssjdispatcher | 0.1.8 | diff --git a/helm/guppy/README.md b/helm/guppy/README.md index ba51faf9..77cdd993 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index c98175e5..e0423a97 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 33065b4e..555e987e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 058d32fd..4733169c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 75a49ce2..164c896e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c0286b44..421e5ddd 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 94495379..095e3b84 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/requestor/README.md b/helm/requestor/README.md index bde0842e..49ce77db 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 3523d763..cddb752a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 4c5fe5d8..828699af 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index e9f5cfe0..db9e1194 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index d6cc9d2d..c5fa341a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From 8f19a7bd554db36405ec16421205aadcaa97d851 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 22 Mar 2024 13:24:17 -0500 Subject: [PATCH 140/279] version number --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9ece0b19..d2a06c72 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index a998464e..1a47d5c3 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 302260f0..ef83a411 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/README.md b/helm/audit/README.md index eb950e12..6dfea331 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9ff959b5..47099452 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 0903cde4..93ebbc0f 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 80a13994..40d67902 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/etl/README.md b/helm/etl/README.md index e5fd17b0..87b2e537 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/fence/README.md b/helm/fence/README.md index 1bb9a688..5d0fc1fb 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 77cdd993..ba51faf9 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index e0423a97..c98175e5 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 555e987e..33065b4e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4733169c..058d32fd 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 164c896e..75a49ce2 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 421e5ddd..c0286b44 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 095e3b84..94495379 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 49ce77db..bde0842e 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index cddb752a..3523d763 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/README.md b/helm/sower/README.md index 828699af..4c5fe5d8 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index db9e1194..e9f5cfe0 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/README.md b/helm/wts/README.md index c5fa341a..d6cc9d2d 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From 476d5099835f5afb21ff97eb9e1b8be13027925d Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 22 Mar 2024 13:34:16 -0500 Subject: [PATCH 141/279] version number --- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 4 ++-- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 4 ++-- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 4 ++-- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 4 ++-- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 4 ++-- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 4 ++-- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 4 ++-- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/gen3/README.md | 4 ++-- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 4 ++-- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 4 ++-- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 4 ++-- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 4 ++-- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 4 ++-- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 4 ++-- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 4 ++-- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 4 ++-- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 4 ++-- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 4 ++-- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 4 ++-- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 4 ++-- 45 files changed, 66 insertions(+), 66 deletions(-) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index c8b882b8..a1f18334 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index d2a06c72..22427743 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -61,4 +61,4 @@ A Helm chart for deploying ambassador for gen3 | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index cc739de3..d845739c 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 1a47d5c3..c00df2fb 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -106,4 +106,4 @@ A Helm chart for gen3 arborist | volumes | list | `[]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 8415ed58..de360706 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index ef83a411..6fc88cd8 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -65,4 +65,4 @@ A Helm chart for gen3 Argo Wrapper Service | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index e8ad970b..efbd8361 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index 6dfea331..96172b65 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -124,4 +124,4 @@ A Helm chart for Kubernetes | volumes | list | `[]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index d7ab79ac..7a28cc19 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 47099452..03d37b8d 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -68,4 +68,4 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumes | list | `nil` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 93ebbc0f..0903cde4 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 40d67902..80a13994 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 030cd0c8..44f89e8e 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f4380b1b..b1fd0611 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -54,4 +54,4 @@ A Helm chart for gen3 Dicom Server | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index a6d01019..b31017d6 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index caec0f07..28f7f590 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -41,4 +41,4 @@ A Helm chart for gen3 Dicom Viewer | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index c5b08a7b..0f9e2fb9 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index 87b2e537..f874e334 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -104,4 +104,4 @@ A Helm chart for gen3 etl | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index ce17c170..5da3f09e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 5d0fc1fb..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 68f9cd56..1e924ced 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -164,4 +164,4 @@ Helm chart to deploy Gen3 Data Commons | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index edfb712b..8da72671 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index ba51faf9..f04bf9ca 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -97,4 +97,4 @@ A Helm chart for gen3 Guppy Service | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index c57ad0e6..466cb09b 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index c98175e5..583c3ac7 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -87,4 +87,4 @@ A Helm chart for gen3 Hatchery | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 8c5dd73d..18a5f053 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 33065b4e..d27514cb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -108,4 +108,4 @@ A Helm chart for gen3 indexd | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 921228cc..8557818e 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 058d32fd..a854343d 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -86,4 +86,4 @@ A Helm chart for Kubernetes | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 240e3913..0e130ab4 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 75a49ce2..d533375e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -125,4 +125,4 @@ A Helm chart for gen3 Metadata Service | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 46504b0d..eaf74f03 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c0286b44..8c83b684 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -103,4 +103,4 @@ A Helm chart for gen3 Peregrine service | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 5dd361eb..f80d38b0 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 94495379..1a34c4d7 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -83,4 +83,4 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 3e855149..e3b94a13 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index bde0842e..9b4dddec 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -118,4 +118,4 @@ A Helm chart for gen3 Requestor Service | volumeMounts | list | `nil` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 79cf8269..46a7945d 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 3523d763..bb94c74b 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -124,4 +124,4 @@ A Helm chart for gen3 Sheepdog Service | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 2efaa70d..78f30033 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 4c5fe5d8..1217b1c3 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -151,4 +151,4 @@ A Helm chart for gen3 sower | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 2016e15b..34b92d4a 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index e9f5cfe0..12c85819 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -113,4 +113,4 @@ A Helm chart for gen3 ssjdispatcher | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 85a6dde9..c84c4d76 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index d6cc9d2d..b54a6358 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -106,4 +106,4 @@ A Helm chart for gen3 workspace token service | tolerations | list | `[]` | Tolerations for the pods | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 9d5534b11efa9ea49652da74e1bfd2b56996d114 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 22 Mar 2024 13:36:46 -0500 Subject: [PATCH 142/279] version number --- helm/fence/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/README.md b/helm/fence/README.md index 1bb9a688..a8e510bc 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -200,4 +200,4 @@ A Helm chart for gen3 Fence | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 3cf3a5091cf05a2e073a94a80f3e2b765c4626af Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 22 Mar 2024 13:40:21 -0500 Subject: [PATCH 143/279] Update Chart.yaml --- helm/frontend-framework/Chart.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 310e3ae9..1c24f05b 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -9,7 +9,7 @@ description: A Helm chart for the gen3 frontend framework # # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. +# pipeline. Library charts do not define any templates and, therefore, cannot be deployed. type: application # This is the chart version. This version number should be incremented each time you make changes @@ -27,4 +27,3 @@ dependencies: - name: common version: 0.1.9 repository: file://../common - From 805dd0068f7515952b880864f3314d582acf281b Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Tue, 2 Apr 2024 15:57:46 -0500 Subject: [PATCH 144/279] Update peregrine and sheepdog charts --- .secrets.baseline | 105 ++++++++++-------- helm/gen3/Chart.yaml | 6 +- helm/gen3/README.md | 8 +- helm/gen3/values.yaml | 2 +- helm/peregrine/Chart.yaml | 4 +- helm/peregrine/README.md | 4 +- helm/peregrine/values.yaml | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 21 +--- .../sheepdog-secret/{wsgi.py => settings.py} | 0 helm/sheepdog/values.yaml | 29 +---- 11 files changed, 75 insertions(+), 108 deletions(-) rename helm/sheepdog/sheepdog-secret/{wsgi.py => settings.py} (100%) diff --git a/.secrets.baseline b/.secrets.baseline index b2328594..51a33818 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-03-15T18:22:32Z", + "generated_at": "2024-04-02T20:57:28Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -108,6 +108,15 @@ "type": "Secret Keyword" } ], + "docs/kubernetes-in-docker.md": [ + { + "hashed_secret": "5320294d100314ce19330d99abada8c26c4993a3", + "is_secret": false, + "is_verified": false, + "line_number": 96, + "type": "Secret Keyword" + } + ], "examples/gke_dev_values.yaml": [ { "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", @@ -143,18 +152,25 @@ } ], "helm/audit/README.md": [ + { + "hashed_secret": "a04a85e28ae4f699c0f8d014ad41160c9b9206f0", + "is_secret": false, + "is_verified": false, + "line_number": 39, + "type": "Secret Keyword" + }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 64, + "line_number": 65, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 84, + "line_number": 85, "type": "Secret Keyword" } ], @@ -210,7 +226,7 @@ ], "helm/fence/README.md": [ { - "hashed_secret": "4d10c0e4e0b7e73c9e709a15b81dbfa7ed3d91cc", + "hashed_secret": "7f57cb0116aa983d9844a39f6da9244cf98036b1", "is_secret": false, "is_verified": false, "line_number": 92, @@ -220,28 +236,28 @@ "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", "is_secret": false, "is_verified": false, - "line_number": 100, + "line_number": 102, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 125, + "line_number": 127, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 152, + "line_number": 154, "type": "Secret Keyword" }, { "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", "is_secret": false, "is_verified": false, - "line_number": 198, + "line_number": 200, "type": "Secret Keyword" } ], @@ -305,23 +321,23 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1957, + "line_number": 1961, "type": "Secret Keyword" } ], "helm/gen3/README.md": [ { - "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", + "hashed_secret": "7422c958ec5a8e5f87c9e81cdf426ef0e193332c", "is_secret": false, "is_verified": false, - "line_number": 99, + "line_number": 75, "type": "Secret Keyword" }, { "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 133, + "line_number": 107, "type": "Secret Keyword" } ], @@ -369,25 +385,32 @@ } ], "helm/indexd/README.md": [ + { + "hashed_secret": "167402961a8c8a8b3764e865e865efa9ada95369", + "is_secret": false, + "is_verified": false, + "line_number": 30, + "type": "Secret Keyword" + }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 73, + "line_number": 74, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 107, + "line_number": 108, "type": "Secret Keyword" } ], @@ -401,11 +424,18 @@ } ], "helm/manifestservice/README.md": [ + { + "hashed_secret": "cc524de4657898e872ff46e0a9256f4e186cdfe6", + "is_secret": false, + "is_verified": false, + "line_number": 36, + "type": "Secret Keyword" + }, { "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 85, + "line_number": 86, "type": "Secret Keyword" } ], @@ -419,18 +449,25 @@ } ], "helm/metadata/README.md": [ + { + "hashed_secret": "cbdb7939a61698c9c866ea614399ef7eb7770c68", + "is_secret": false, + "is_verified": false, + "line_number": 49, + "type": "Secret Keyword" + }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 72, + "line_number": 74, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 91, + "line_number": 93, "type": "Secret Keyword" } ], @@ -583,27 +620,6 @@ "is_verified": false, "line_number": 79, "type": "Secret Keyword" - }, - { - "hashed_secret": "c2c4e52c03a03ce3efeb21eb202d301018d4548e", - "is_secret": false, - "is_verified": false, - "line_number": 100, - "type": "Secret Keyword" - }, - { - "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", - "is_secret": false, - "is_verified": false, - "line_number": 109, - "type": "Secret Keyword" - }, - { - "hashed_secret": "fa4497447699cdb0a81c66a7f21af28a75170195", - "is_secret": false, - "is_verified": false, - "line_number": 111, - "type": "Secret Keyword" } ], "helm/sheepdog/sheepdog-secret/config_helper.py": [ @@ -615,7 +631,7 @@ "type": "Basic Auth Credentials" } ], - "helm/sheepdog/sheepdog-secret/wsgi.py": [ + "helm/sheepdog/sheepdog-secret/settings.py": [ { "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", "is_secret": false, @@ -624,15 +640,6 @@ "type": "Basic Auth Credentials" } ], - "helm/sheepdog/values.yaml": [ - { - "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", - "is_secret": false, - "is_verified": false, - "line_number": 243, - "type": "Secret Keyword" - } - ], "helm/sower/README.md": [ { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d06ea3e4..6efdaff5 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -56,7 +56,7 @@ dependencies: repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.11 + version: 0.1.12 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin @@ -76,7 +76,7 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.12 + version: 0.1.13 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.25 +version: 0.1.26 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 3cbd2f8b..88882bd9 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -31,12 +31,12 @@ Helm chart to deploy Gen3 Data Commons | file://../indexd | indexd | 0.1.13 | | file://../manifestservice | manifestservice | 0.1.12 | | file://../metadata | metadata | 0.1.10 | -| file://../peregrine | peregrine | 0.1.11 | +| file://../peregrine | peregrine | 0.1.12 | | file://../pidgin | pidgin | 0.1.9 | | file://../portal | portal | 0.1.10 | | file://../requestor | requestor | 0.1.10 | | file://../revproxy | revproxy | 0.1.13 | -| file://../sheepdog | sheepdog | 0.1.12 | +| file://../sheepdog | sheepdog | 0.1.13 | | file://../sower | sower | 0.1.8 | | file://../ssjdispatcher | ssjdispatcher | 0.1.8 | | file://../wts | wts | 0.1.12 | @@ -49,7 +49,7 @@ Helm chart to deploy Gen3 Data Commons |-----|------|---------|-------------| | ambassador.enabled | bool | `true` | Whether to deploy the ambassador subchart. | | arborist.enabled | bool | `true` | Whether to deploy the arborist subchart. | -| argo-wrapper.enabled | bool | `true` | Whether to deploy the argo-wrapper subchart. | +| argo-wrapper.enabled | bool | `false` | Whether to deploy the argo-wrapper subchart. | | audit.enabled | bool | `true` | Whether to deploy the audit subchart. | | aws-es-proxy.enabled | bool | `false` | Whether to deploy the aws-es-proxy subchart. | | aws-es-proxy.esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 6dcc3cdf..8c2a3bbd 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -77,7 +77,7 @@ arborist: argo-wrapper: # -- (bool) Whether to deploy the argo-wrapper subchart. - enabled: true + enabled: false audit: # -- (bool) Whether to deploy the audit subchart. diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index eaf74f03..a7eac451 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,13 +15,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2023.01" +appVersion: "master" dependencies: diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8c83b684..a5910fd1 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.01](https://img.shields.io/badge/AppVersion-2023.01-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -61,7 +61,7 @@ A Helm chart for gen3 Peregrine service | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/peregrine"` | The Docker image repository for the fence service | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `"feat_jq-audience"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 2cec6c4a..46086658 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -113,7 +113,7 @@ image: # -- (string) When to pull the image. pullPolicy: IfNotPresent # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: "feat_jq-audience" # -- (list) Docker image pull secrets. imagePullSecrets: [] diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 46a7945d..79cf8269 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index bb94c74b..8325744c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -69,10 +69,10 @@ A Helm chart for gen3 Sheepdog Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":""}` | Docker image information. | +| image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"bug_auth-audience"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `"bug_auth-audience"` | Overrides the image tag whose default is the chart appVersion. | | indexdUrl | string | `"http://indexd-service"` | URL for the indexd service | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"sheepdog"}` | Annotations to add to the pod | @@ -97,22 +97,9 @@ A Helm chart for gen3 Sheepdog Service | resources.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.requests.memory | string | `"12Mi"` | The amount of memory requested | | revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"fence":{"database":"fence","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"},"gdcapi":{"secretKey":null},"indexd":{"password":"postgres"},"sheepdog":{"database":"sheepdog","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}}` | Values for sheepdog secret. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Values for sheepdog secret. | | secrets.awsAccessKeyId | str | `nil` | AWS access key ID to access the db restore job S3 bucket. Overrides global key. | | secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. | -| secrets.fence | map | `{"database":"fence","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}` | Values for sheepdog's access to the fence database. | -| secrets.fence.database | string | `"fence"` | Database name for fence's db. | -| secrets.fence.host | string | `"postgres-postgresql.postgres.svc.cluster.local"` | Host for fence's db. | -| secrets.fence.password | string | `"postgres"` | Password to fence's db. | -| secrets.fence.user | string | `"postgres"` | User for fence's db. | -| secrets.gdcapi.secretKey | string | `nil` | GDCAPI token. | -| secrets.indexd | map | `{"password":"postgres"}` | Values for sheepdog's access to indexd database. | -| secrets.indexd.password | string | `"postgres"` | Password to indexd's db. | -| secrets.sheepdog | map | `{"database":"sheepdog","host":"postgres-postgresql.postgres.svc.cluster.local","password":"postgres","user":"postgres"}` | Values for sheepdog's database. | -| secrets.sheepdog.database | string | `"sheepdog"` | Database name for sheepdog's db. | -| secrets.sheepdog.host | string | `"postgres-postgresql.postgres.svc.cluster.local"` | Host for sheepdog's db. | -| secrets.sheepdog.password | string | `"postgres"` | Password to sheepdog's db. | -| secrets.sheepdog.user | string | `"postgres"` | User for sheepdog's db. | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | diff --git a/helm/sheepdog/sheepdog-secret/wsgi.py b/helm/sheepdog/sheepdog-secret/settings.py similarity index 100% rename from helm/sheepdog/sheepdog-secret/wsgi.py rename to helm/sheepdog/sheepdog-secret/settings.py diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 30291645..59b0841f 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -168,7 +168,7 @@ image: # -- (string) Docker pull policy. pullPolicy: Always # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" + tag: "bug_auth-audience" # Environment Variables # -- (string) URL of the data dictionary. @@ -214,33 +214,6 @@ service: # Secrets # -- (map) Values for sheepdog secret. secrets: - # -- (map) Values for sheepdog's access to the fence database. - fence: - # -- (string) Host for fence's db. - host: postgres-postgresql.postgres.svc.cluster.local - # -- (string) User for fence's db. - user: postgres - # -- (string) Password to fence's db. - password: postgres - # -- (string) Database name for fence's db. - database: fence - # -- (map) Values for sheepdog's database. - sheepdog: - # -- (string) Host for sheepdog's db. - host: postgres-postgresql.postgres.svc.cluster.local - # -- (string) Password to sheepdog's db. - password: postgres - # -- (string) User for sheepdog's db. - user: postgres - # -- (string) Database name for sheepdog's db. - database: sheepdog - gdcapi: - # -- (string) GDCAPI token. - secretKey: - # -- (map) Values for sheepdog's access to indexd database. - indexd: - # -- (string) Password to indexd's db. - password: postgres # -- (str) AWS access key ID to access the db restore job S3 bucket. Overrides global key. awsAccessKeyId: # -- (str) AWS secret access key ID to access the db restore job S3 bucket. Overrides global key. From e6eea1ba9c9d080f3faa4c1b27b0707fee2ecf57 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Wed, 10 Apr 2024 10:05:12 -0600 Subject: [PATCH 145/279] fixing indentation of pelican creds for Sower chart --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/sower/templates/pelican-creds.yaml | 16 ++++++++-------- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 6efdaff5..99f99898 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -84,7 +84,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.8 + version: 0.1.9 condition: sower.enabled repository: "file://../sower" - name: wts @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.26 +version: 0.1.27 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 88882bd9..ce007050 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.27](https://img.shields.io/badge/Version-0.1.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.10 | | file://../revproxy | revproxy | 0.1.13 | | file://../sheepdog | sheepdog | 0.1.13 | -| file://../sower | sower | 0.1.8 | +| file://../sower | sower | 0.1.9 | | file://../ssjdispatcher | ssjdispatcher | 0.1.8 | | file://../wts | wts | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 78f30033..2efaa70d 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 1217b1c3..2ca77e81 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index cc6f526c..d4ab607f 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -5,11 +5,11 @@ metadata: type: Opaque {{- if .Values.global.aws.enabled }} stringData: - config.json: |- -{ - "manifest_bucket_name": "{{ .Values.pelican.bucket }}", - "hostname": "{{ .Values.global.hostname }}", - "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", - "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" -} -{{- end }} + config.json: | + { + "manifest_bucket_name": "{{ .Values.pelican.bucket }}", + "hostname": "{{ .Values.global.hostname }}", + "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", + "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" + } +{{- end }} \ No newline at end of file From fa2ce9ebc1c1590176393648bebf5378d322412b Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 11 Apr 2024 11:02:02 -0500 Subject: [PATCH 146/279] Read manifestservice hostname from global values --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/manifestservice/templates/manifestservice-creds.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 99f99898..e97bc142 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -48,7 +48,7 @@ dependencies: repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.12 + version: 0.1.13 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.27 +version: 0.1.28 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ce007050..648b23ff 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.27](https://img.shields.io/badge/Version-0.1.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.28](https://img.shields.io/badge/Version-0.1.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -29,7 +29,7 @@ Helm chart to deploy Gen3 Data Commons | file://../guppy | guppy | 0.1.10 | | file://../hatchery | hatchery | 0.1.8 | | file://../indexd | indexd | 0.1.13 | -| file://../manifestservice | manifestservice | 0.1.12 | +| file://../manifestservice | manifestservice | 0.1.13 | | file://../metadata | metadata | 0.1.10 | | file://../peregrine | peregrine | 0.1.12 | | file://../pidgin | pidgin | 0.1.9 | diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 8557818e..921228cc 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index a854343d..3b745415 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/manifestservice/templates/manifestservice-creds.yaml b/helm/manifestservice/templates/manifestservice-creds.yaml index c1aedb9a..54c5f29a 100644 --- a/helm/manifestservice/templates/manifestservice-creds.yaml +++ b/helm/manifestservice/templates/manifestservice-creds.yaml @@ -8,7 +8,7 @@ stringData: config.json: |- { "manifest_bucket_name": "{{ .Values.manifestserviceG3auto.bucketName }}", - "hostname": "{{ .Values.manifestserviceG3auto.hostname }}", + "hostname": "{{ .Values.global.hostname }}", "aws_access_key_id": "{{ .Values.manifestserviceG3auto.awsaccesskey }}", "aws_secret_access_key": "{{ .Values.manifestserviceG3auto.awssecretkey }}", "prefix": "{{ .Values.manifestserviceG3auto.prefix }}" From 0dcaa3abef7a3793f0f4591e218bd6d325baf06b Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 11 Apr 2024 13:37:32 -0500 Subject: [PATCH 147/279] Make sure metadata gateway creds are consistent --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/metadata/templates/secrets.yaml | 9 +-------- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e97bc142..e65d4f31 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -52,7 +52,7 @@ dependencies: repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.10 + version: 0.1.11 repository: "file://../metadata" condition: metadata.enabled - name: peregrine @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.28 +version: 0.1.29 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 648b23ff..1e590c50 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.28](https://img.shields.io/badge/Version-0.1.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -30,7 +30,7 @@ Helm chart to deploy Gen3 Data Commons | file://../hatchery | hatchery | 0.1.8 | | file://../indexd | indexd | 0.1.13 | | file://../manifestservice | manifestservice | 0.1.13 | -| file://../metadata | metadata | 0.1.10 | +| file://../metadata | metadata | 0.1.11 | | file://../peregrine | peregrine | 0.1.12 | | file://../pidgin | pidgin | 0.1.9 | | file://../portal | portal | 0.1.10 | diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 0e130ab4..240e3913 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index d533375e..8dad1804 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/metadata/templates/secrets.yaml b/helm/metadata/templates/secrets.yaml index d9e22e27..0bd639d7 100644 --- a/helm/metadata/templates/secrets.yaml +++ b/helm/metadata/templates/secrets.yaml @@ -5,14 +5,7 @@ metadata: name: metadata-g3auto stringData: {{- $randomPass := printf "%s%s" "gateway:" (randAlphaNum 32) }} - base64Authz.txt: {{ $randomPass | b64enc | quote }} - dbcreds.json: | - { - "db_host": {{ .Values.postgres.host | quote }}, - "db_username": {{ .Values.postgres.user | quote}}, - "db_password": {{ include "metadata.postgres.password" . | quote }}, - "db_database": {{ .Values.postgres.dbname | quote }} - } + base64Authz.txt: {{ $randomPass | quote | b64enc }} metadata.env: | DEBUG={{ .Values.debug}} DB_HOST={{ .Values.postgres.host }} From d1caf524707fc81da98a65ec4775b353cf766888 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 12 Apr 2024 12:28:18 -0500 Subject: [PATCH 148/279] fix frontend and nginx deployment --- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- .../templates/deployment.yaml | 2 +- .../frontend-framework/templates/service.yaml | 4 +- helm/gen3/README.md | 4 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- .../frontend-framework-service.conf | 2 +- .../frontend-framework-service.conf | 2 +- helm/revproxy/templates/deployment.yaml | 44 +++++++------------ helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 50 files changed, 67 insertions(+), 79 deletions(-) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index a1f18334..c8b882b8 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 22427743..9ece0b19 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -61,4 +61,4 @@ A Helm chart for deploying ambassador for gen3 | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index d845739c..cc739de3 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index c00df2fb..a998464e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 arborist | volumes | list | `[]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index de360706..8415ed58 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6fc88cd8..302260f0 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -65,4 +65,4 @@ A Helm chart for gen3 Argo Wrapper Service | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index efbd8361..e8ad970b 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index 96172b65..eb950e12 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -124,4 +124,4 @@ A Helm chart for Kubernetes | volumes | list | `[]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 7a28cc19..d7ab79ac 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 03d37b8d..9ff959b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -68,4 +68,4 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumes | list | `nil` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 0903cde4..93ebbc0f 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 80a13994..40d67902 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 44f89e8e..030cd0c8 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index b1fd0611..2f95d08e 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -54,4 +54,4 @@ A Helm chart for gen3 Dicom Server | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index b31017d6..a6d01019 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 28f7f590..c4c5c095 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -41,4 +41,4 @@ A Helm chart for gen3 Dicom Viewer | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 0f9e2fb9..c5b08a7b 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index f874e334..e5fd17b0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -104,4 +104,4 @@ A Helm chart for gen3 etl | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 5da3f09e..ce17c170 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index a8e510bc..1bb9a688 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -200,4 +200,4 @@ A Helm chart for gen3 Fence | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 8124c43a..ccb18398 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -52,7 +52,7 @@ spec: {{- else }} path: / {{- end }} - port: 80 + port: 3000 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 30 diff --git a/helm/frontend-framework/templates/service.yaml b/helm/frontend-framework/templates/service.yaml index 772f352b..c8742312 100644 --- a/helm/frontend-framework/templates/service.yaml +++ b/helm/frontend-framework/templates/service.yaml @@ -8,11 +8,11 @@ spec: ports: - protocol: TCP port: 80 - targetPort: 80 + targetPort: 3000 name: http - protocol: TCP port: 443 - targetPort: 80 + targetPort: 3000 name: https type: ClusterIP selector: diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 1e924ced..68f9cd56 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -164,4 +164,4 @@ Helm chart to deploy Gen3 Data Commons | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 8da72671..edfb712b 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f04bf9ca..77cdd993 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -97,4 +97,4 @@ A Helm chart for gen3 Guppy Service | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 466cb09b..c57ad0e6 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 583c3ac7..e0423a97 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -87,4 +87,4 @@ A Helm chart for gen3 Hatchery | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 18a5f053..8c5dd73d 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index d27514cb..555e987e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -108,4 +108,4 @@ A Helm chart for gen3 indexd | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 8557818e..921228cc 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index a854343d..4733169c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -86,4 +86,4 @@ A Helm chart for Kubernetes | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 0e130ab4..240e3913 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index d533375e..164c896e 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -125,4 +125,4 @@ A Helm chart for gen3 Metadata Service | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index eaf74f03..46504b0d 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8c83b684..421e5ddd 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -103,4 +103,4 @@ A Helm chart for gen3 Peregrine service | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index f80d38b0..5dd361eb 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 1a34c4d7..095e3b84 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -83,4 +83,4 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index e3b94a13..3e855149 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 9b4dddec..49ce77db 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -118,4 +118,4 @@ A Helm chart for gen3 Requestor Service | volumeMounts | list | `nil` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf b/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf index 212e3b75..1e2259b9 100644 --- a/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf +++ b/helm/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf @@ -7,7 +7,7 @@ proxy_pass $upstream; } - location /api/auth/sessionToken { + location /api/auth/ { set $proxy_service "frontend-framework"; set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; proxy_pass $upstream; diff --git a/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf b/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf index 3531a5b7..d3e13507 100644 --- a/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf +++ b/helm/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf @@ -12,7 +12,7 @@ proxy_pass $upstream; } - location /ff/api/auth/sessionToken { + location /ff/api/auth/ { set $proxy_service "frontend-framework"; set $upstream http://frontend-framework-service.$namespace.svc.cluster.local; proxy_pass $upstream; diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 18c089a2..7be59ba4 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -144,12 +144,6 @@ spec: - name: "revproxy-subconf" readOnly: true mountPath: "/etc/nginx/gen3.conf" -{{/* - name: "revproxy-subconf"*/}} -{{/* readOnly: true*/}} -{{/* mountPath: "/etc/nginx/gen3.conf/portal-as-root"*/}} -{{/* - name: "revproxy-subconf"*/}} -{{/* readOnly: true*/}} -{{/* mountPath: "/etc/nginx/gen3.conf/gen3ff-as-root"*/}} # - name: "modsec-conf" # readOnly: true # mountPath: "/etc/nginx/modsec" @@ -183,29 +177,23 @@ spec: # readOnly: true # mountPath: "/usr/local/share/ca-certificates/cdis/cdis-ca.crt" # subPath: "ca.pem" - # name: - # {{ .Values.global.frontend_root }} - command: ["/usr/bin/tail"] + command: ["/bin/sh" ] args: - - "-f" - - "/dev/null" -{{/* command: ["/bin/sh" ]*/}} -{{/* args:*/}} -{{/* - "-c"*/}} -{{/* # Script always succeeds if it runs (echo exits with 0)*/}} -{{/* # Launch script handles different nginx versions, etc*/}} -{{/* - |*/}} -{{/* for name in ngx_http_perl_module.so ngx_http_js_module.so ngx_http_headers_more_filter_module.so ngx_http_modsecurity_module.so; do*/}} -{{/* if [ -f /etc/nginx/modules/$name ]; then*/}} -{{/* echo "load_module modules/$name;" >> /etc/nginx/gen3_modules.conf*/}} -{{/* fi*/}} -{{/* done*/}} -{{/* if [ -f /etc/nginx/modules/ngx_http_modsecurity_module.so -a -f /etc/nginx/modsec/main.conf ]; then*/}} -{{/* echo "modsecurity on;" >> /etc/nginx/gen3_server_modsec.conf*/}} -{{/* echo "modsecurity_rules_file /etc/nginx/modsec/main.conf;" >> /etc/nginx/gen3_server_modsec.conf*/}} -{{/* fi*/}} -{{/* */}} -{{/* exec nginx -g 'daemon off;'*/}} + - "-c" + # Script always succeeds if it runs (echo exits with 0) + # Launch script handles different nginx versions, etc + - | + for name in ngx_http_perl_module.so ngx_http_js_module.so ngx_http_headers_more_filter_module.so ngx_http_modsecurity_module.so; do + if [ -f /etc/nginx/modules/$name ]; then + echo "load_module modules/$name;" >> /etc/nginx/gen3_modules.conf + fi + done + if [ -f /etc/nginx/modules/ngx_http_modsecurity_module.so -a -f /etc/nginx/modsec/main.conf ]; then + echo "modsecurity on;" >> /etc/nginx/gen3_server_modsec.conf + echo "modsecurity_rules_file /etc/nginx/modsec/main.conf;" >> /etc/nginx/gen3_server_modsec.conf + fi + + exec nginx -g 'daemon off;' {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 46a7945d..79cf8269 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index bb94c74b..cddb752a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -124,4 +124,4 @@ A Helm chart for gen3 Sheepdog Service | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 78f30033..2efaa70d 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 1217b1c3..828699af 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -151,4 +151,4 @@ A Helm chart for gen3 sower | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 34b92d4a..2016e15b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 12c85819..db9e1194 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -113,4 +113,4 @@ A Helm chart for gen3 ssjdispatcher | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index c84c4d76..85a6dde9 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index b54a6358..c5fa341a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 workspace token service | tolerations | list | `[]` | Tolerations for the pods | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) From ca1ebe3571c09af482af4eb98abf532ff449723d Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 12 Apr 2024 12:54:42 -0500 Subject: [PATCH 149/279] merge from master --- helm/ambassador/Chart.yaml | 2 +- helm/arborist/Chart.yaml | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/audit/Chart.yaml | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/common/Chart.yaml | 2 +- helm/etl/Chart.yaml | 2 +- helm/fence/Chart.yaml | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 4 ++-- helm/guppy/Chart.yaml | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/indexd/Chart.yaml | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/requestor/Chart.yaml | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/wts/Chart.yaml | 2 +- 17 files changed, 18 insertions(+), 18 deletions(-) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index c8b882b8..a1f18334 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index cc739de3..d845739c 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 8415ed58..de360706 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index e8ad970b..efbd8361 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index d7ab79ac..7a28cc19 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 93ebbc0f..0903cde4 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index c5b08a7b..0f9e2fb9 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index ce17c170..5da3f09e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e9731924..9279b829 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.29 +version: 0.1.30 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 417dee5c..d4211532 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -36,7 +36,7 @@ Helm chart to deploy Gen3 Data Commons | file://../pidgin | pidgin | 0.1.9 | | file://../portal | portal | 0.1.11 | | file://../requestor | requestor | 0.1.10 | -| file://../revproxy | revproxy | 0.1.13 | +| file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.13 | | file://../sower | sower | 0.1.9 | | file://../ssjdispatcher | ssjdispatcher | 0.1.8 | @@ -164,4 +164,4 @@ Helm chart to deploy Gen3 Data Commons | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index edfb712b..8da72671 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index c57ad0e6..466cb09b 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 8c5dd73d..18a5f053 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 5dd361eb..f80d38b0 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 3e855149..e3b94a13 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 2016e15b..34b92d4a 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 85a6dde9..c84c4d76 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From beaee1953569705caf300057e07566aae8f95091 Mon Sep 17 00:00:00 2001 From: craigrbarnes Date: Fri, 12 Apr 2024 13:02:07 -0500 Subject: [PATCH 150/279] reset to match master --- helm/ambassador/README.md | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/README.md | 2 +- helm/fence/README.md | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/README.md | 2 +- helm/requestor/README.md | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/README.md | 2 +- wip/acronymbot/README.md | 2 +- wip/auspice/README.md | 2 +- wip/cogwheel/README.md | 2 +- wip/gen3-test-data-job/README.md | 2 +- wip/terraform-runner-job/README.md | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 9ece0b19..22427743 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -61,4 +61,4 @@ A Helm chart for deploying ambassador for gen3 | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/arborist/README.md b/helm/arborist/README.md index a998464e..c00df2fb 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 arborist | volumes | list | `[]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 302260f0..6fc88cd8 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -65,4 +65,4 @@ A Helm chart for gen3 Argo Wrapper Service | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/audit/README.md b/helm/audit/README.md index eb950e12..96172b65 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -124,4 +124,4 @@ A Helm chart for Kubernetes | volumes | list | `[]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 9ff959b5..03d37b8d 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -68,4 +68,4 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumes | list | `nil` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/README.md b/helm/common/README.md index 40d67902..80a13994 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -30,4 +30,4 @@ A Helm chart for provisioning databases in gen3 | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 030cd0c8..44f89e8e 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 2f95d08e..b1fd0611 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -54,4 +54,4 @@ A Helm chart for gen3 Dicom Server | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index a6d01019..b31017d6 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index c4c5c095..28f7f590 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -41,4 +41,4 @@ A Helm chart for gen3 Dicom Viewer | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/README.md b/helm/etl/README.md index e5fd17b0..f874e334 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -104,4 +104,4 @@ A Helm chart for gen3 etl | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/fence/README.md b/helm/fence/README.md index 1bb9a688..a8e510bc 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -200,4 +200,4 @@ A Helm chart for gen3 Fence | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 77cdd993..f04bf9ca 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -97,4 +97,4 @@ A Helm chart for gen3 Guppy Service | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index e0423a97..583c3ac7 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -87,4 +87,4 @@ A Helm chart for gen3 Hatchery | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 555e987e..d27514cb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -108,4 +108,4 @@ A Helm chart for gen3 indexd | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 058d32fd..3b745415 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -86,4 +86,4 @@ A Helm chart for Kubernetes | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 75a49ce2..8dad1804 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -125,4 +125,4 @@ A Helm chart for gen3 Metadata Service | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index abeb66f9..a5910fd1 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -103,4 +103,4 @@ A Helm chart for gen3 Peregrine service | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 095e3b84..1a34c4d7 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -83,4 +83,4 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 49ce77db..9b4dddec 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -118,4 +118,4 @@ A Helm chart for gen3 Requestor Service | volumeMounts | list | `nil` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 0a3e4b83..8325744c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -111,4 +111,4 @@ A Helm chart for gen3 Sheepdog Service | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/README.md b/helm/sower/README.md index 4c5fe5d8..2ca77e81 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -151,4 +151,4 @@ A Helm chart for gen3 sower | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index db9e1194..12c85819 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -113,4 +113,4 @@ A Helm chart for gen3 ssjdispatcher | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/wts/README.md b/helm/wts/README.md index c5fa341a..b54a6358 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -106,4 +106,4 @@ A Helm chart for gen3 workspace token service | tolerations | list | `[]` | Tolerations for the pods | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/wip/acronymbot/README.md b/wip/acronymbot/README.md index 6027799a..63a37446 100644 --- a/wip/acronymbot/README.md +++ b/wip/acronymbot/README.md @@ -44,4 +44,4 @@ A Helm chart for gen3 acronymbot | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/wip/auspice/README.md b/wip/auspice/README.md index 74ab49b1..9f139584 100644 --- a/wip/auspice/README.md +++ b/wip/auspice/README.md @@ -42,4 +42,4 @@ A Helm chart for Kubernetes | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/wip/cogwheel/README.md b/wip/cogwheel/README.md index 6bf24d15..6b4a71e0 100644 --- a/wip/cogwheel/README.md +++ b/wip/cogwheel/README.md @@ -78,4 +78,4 @@ A Helm chart for gen3 cogwheel | volumes[0].secret.secretName | string | `"cogwheel-g3auto"` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/wip/gen3-test-data-job/README.md b/wip/gen3-test-data-job/README.md index 6d2b4944..71dd6632 100644 --- a/wip/gen3-test-data-job/README.md +++ b/wip/gen3-test-data-job/README.md @@ -16,4 +16,4 @@ A Helm chart for generating dummy data in gen3 | gentestdata.test_project | string | `"test"` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/wip/terraform-runner-job/README.md b/wip/terraform-runner-job/README.md index ee303b8a..15c24c77 100644 --- a/wip/terraform-runner-job/README.md +++ b/wip/terraform-runner-job/README.md @@ -17,4 +17,4 @@ A Helm chart for provisioning prequisites cloud resources for gen3 | terraform.workspace_name | string | `""` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 6de4231f5303a28e63da2b0474df865046a3dbef Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 18 Apr 2024 10:24:36 -0600 Subject: [PATCH 151/279] Adding pelican-creds to external secrets and using peregrine-dbcreds environment variables instead of mounting the json secret file. I had to make changes to the pelican-export image in order to do this, so I am also changing the default pelican-export image as well. --- .secrets.baseline | 4 +- helm/gen3/Chart.yaml | 4 +- helm/gen3/README.md | 4 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 53 +++++++++++--- helm/sower/templates/_helpers.tpl | 7 ++ helm/sower/templates/aws-config.yaml | 3 + helm/sower/templates/external-secret.yaml | 19 +++++ helm/sower/templates/pelican-creds.yaml | 6 +- helm/sower/templates/secret-store.yaml | 3 + helm/sower/values.yaml | 84 +++++++++++++++++++---- 11 files changed, 157 insertions(+), 32 deletions(-) create mode 100644 helm/sower/templates/aws-config.yaml create mode 100644 helm/sower/templates/external-secret.yaml create mode 100644 helm/sower/templates/secret-store.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 51a33818..5a76599f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-04-02T20:57:28Z", + "generated_at": "2024-04-18T16:22:22Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -654,7 +654,7 @@ "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", "is_secret": false, "is_verified": false, - "line_number": 13, + "line_number": 14, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e65d4f31..7a4107f9 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -84,7 +84,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.9 + version: 0.1.10 condition: sower.enabled repository: "file://../sower" - name: wts @@ -115,7 +115,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.29 +version: 0.1.30 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 1e590c50..21adf9b9 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.30](https://img.shields.io/badge/Version-0.1.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.10 | | file://../revproxy | revproxy | 0.1.13 | | file://../sheepdog | sheepdog | 0.1.13 | -| file://../sower | sower | 0.1.9 | +| file://../sower | sower | 0.1.10 | | file://../ssjdispatcher | ssjdispatcher | 0.1.8 | | file://../wts | wts | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 2efaa70d..b273c98b 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 2ca77e81..c2a050f4 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -31,6 +31,9 @@ A Helm chart for gen3 sower | awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| externalSecrets | map | `{"createK8sPelicanServiceSecret":false,"pelicanserviceG3auto":null}` | External Secrets settings. | +| externalSecrets.createK8sPelicanServiceSecret | string | `false` | Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.pelicanserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto" | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | @@ -42,6 +45,9 @@ A Helm chart for gen3 sower | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -76,6 +82,9 @@ A Helm chart for gen3 sower | resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `"100m"` | The amount of CPU requested | | resources.requests.memory | string | `"20Mi"` | The amount of memory requested | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for Usersync and External Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | | selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | @@ -95,7 +104,22 @@ A Helm chart for gen3 sower | sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | | | sowerConfig[0].container.env[2].name | string | `"ROOT_NODE"` | | | sowerConfig[0].container.env[2].value | string | `"subject"` | | -| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[0].container.env[3].name | string | `"DB_HOST"` | | +| sowerConfig[0].container.env[3].valueFrom.secretKeyRef.key | string | `"host"` | | +| sowerConfig[0].container.env[3].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[0].container.env[4].name | string | `"DB_DATABASE"` | | +| sowerConfig[0].container.env[4].valueFrom.secretKeyRef.key | string | `"database"` | | +| sowerConfig[0].container.env[4].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[0].container.env[5].name | string | `"DB_USER"` | | +| sowerConfig[0].container.env[5].valueFrom.secretKeyRef.key | string | `"username"` | | +| sowerConfig[0].container.env[5].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[0].container.env[6].name | string | `"DB_PASS"` | | +| sowerConfig[0].container.env[6].valueFrom.secretKeyRef.key | string | `"password"` | | +| sowerConfig[0].container.env[6].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[0].container.env[7].name | string | `"SHEEPDOG"` | | +| sowerConfig[0].container.env[7].valueFrom.secretKeyRef.key | string | `"sheepdog"` | | +| sowerConfig[0].container.env[7].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | | +| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | | | sowerConfig[0].container.memory-limit | string | `"12Gi"` | | | sowerConfig[0].container.name | string | `"job-task"` | | | sowerConfig[0].container.pull_policy | string | `"Always"` | | @@ -103,16 +127,10 @@ A Helm chart for gen3 sower | sowerConfig[0].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | | | sowerConfig[0].container.volumeMounts[0].readOnly | bool | `true` | | | sowerConfig[0].container.volumeMounts[0].subPath | string | `"config.json"` | | -| sowerConfig[0].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | | -| sowerConfig[0].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | | -| sowerConfig[0].container.volumeMounts[1].readOnly | bool | `true` | | -| sowerConfig[0].container.volumeMounts[1].subPath | string | `"creds.json"` | | | sowerConfig[0].name | string | `"pelican-export"` | | | sowerConfig[0].restart_policy | string | `"Never"` | | | sowerConfig[0].volumes[0].name | string | `"pelican-creds-volume"` | | | sowerConfig[0].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | -| sowerConfig[0].volumes[1].name | string | `"peregrine-creds-volume"` | | -| sowerConfig[0].volumes[1].secret.secretName | string | `"peregrine-creds"` | | | sowerConfig[1].action | string | `"export-files"` | | | sowerConfig[1].container.cpu-limit | string | `"1"` | | | sowerConfig[1].container.env[0].name | string | `"DICTIONARY_URL"` | | @@ -125,7 +143,22 @@ A Helm chart for gen3 sower | sowerConfig[1].container.env[2].value | string | `"file"` | | | sowerConfig[1].container.env[3].name | string | `"EXTRA_NODES"` | | | sowerConfig[1].container.env[3].value | string | `""` | | -| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:master"` | | +| sowerConfig[1].container.env[4].name | string | `"DB_HOST"` | | +| sowerConfig[1].container.env[4].valueFrom.secretKeyRef.key | string | `"host"` | | +| sowerConfig[1].container.env[4].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[1].container.env[5].name | string | `"DB_DATABASE"` | | +| sowerConfig[1].container.env[5].valueFrom.secretKeyRef.key | string | `"database"` | | +| sowerConfig[1].container.env[5].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[1].container.env[6].name | string | `"DB_USER"` | | +| sowerConfig[1].container.env[6].valueFrom.secretKeyRef.key | string | `"username"` | | +| sowerConfig[1].container.env[6].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[1].container.env[7].name | string | `"DB_PASS"` | | +| sowerConfig[1].container.env[7].valueFrom.secretKeyRef.key | string | `"password"` | | +| sowerConfig[1].container.env[7].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | | +| sowerConfig[1].container.env[8].name | string | `"SHEEPDOG"` | | +| sowerConfig[1].container.env[8].valueFrom.secretKeyRef.key | string | `"sheepdog"` | | +| sowerConfig[1].container.env[8].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | | +| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | | | sowerConfig[1].container.memory-limit | string | `"12Gi"` | | | sowerConfig[1].container.name | string | `"job-task"` | | | sowerConfig[1].container.pull_policy | string | `"Always"` | | @@ -141,8 +174,6 @@ A Helm chart for gen3 sower | sowerConfig[1].restart_policy | string | `"Never"` | | | sowerConfig[1].volumes[0].name | string | `"pelican-creds-volume"` | | | sowerConfig[1].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | -| sowerConfig[1].volumes[1].name | string | `"peregrine-creds-volume"` | | -| sowerConfig[1].volumes[1].secret.secretName | string | `"peregrine-creds"` | | | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | diff --git a/helm/sower/templates/_helpers.tpl b/helm/sower/templates/_helpers.tpl index e9a7c298..1815359e 100644 --- a/helm/sower/templates/_helpers.tpl +++ b/helm/sower/templates/_helpers.tpl @@ -66,3 +66,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* + Pelicanservice g3 Auto Secrets Manager Name +*/}} +{{- define "pelicanservice-g3auto" -}} +{{- default "pelicanservice-g3auto" .Values.externalSecrets.pelicanserviceG3auto }} +{{- end }} \ No newline at end of file diff --git a/helm/sower/templates/aws-config.yaml b/helm/sower/templates/aws-config.yaml new file mode 100644 index 00000000..398770d3 --- /dev/null +++ b/helm/sower/templates/aws-config.yaml @@ -0,0 +1,3 @@ +{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }} +{{ include "common.awsconfig" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/sower/templates/external-secret.yaml b/helm/sower/templates/external-secret.yaml new file mode 100644 index 00000000..43132663 --- /dev/null +++ b/helm/sower/templates/external-secret.yaml @@ -0,0 +1,19 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pelicanservice-g3auto +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "common.SecretStore" .}} + kind: SecretStore + target: + name: pelicanservice-g3auto + creationPolicy: Owner + data: + - secretKey: config.json + remoteRef: + #name of secret in secrets manager + key: {{include "pelicanservice-g3auto" .}} +{{- end }} \ No newline at end of file diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml index d4ab607f..0d3420f5 100644 --- a/helm/sower/templates/pelican-creds.yaml +++ b/helm/sower/templates/pelican-creds.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sPelicanServiceSecret) }} apiVersion: v1 kind: Secret metadata: @@ -9,7 +10,8 @@ stringData: { "manifest_bucket_name": "{{ .Values.pelican.bucket }}", "hostname": "{{ .Values.global.hostname }}", - "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}", - "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}" + "aws_access_key_id": "{{ .Values.secrets.awsAccessKeyId | default .Values.global.aws.awsAccessKeyId }}", + "aws_secret_access_key": "{{ .Values.secrets.awsSecretAccessKey | default .Values.global.aws.awsSecretAccessKey }}" } +{{- end }} {{- end }} \ No newline at end of file diff --git a/helm/sower/templates/secret-store.yaml b/helm/sower/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/sower/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 3bc59048..7cdd7af6 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -55,7 +55,27 @@ global: dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. ddEnabled: false + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. + deploy: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false +# -- (map) External Secrets settings. +externalSecrets: + # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sPelicanServiceSecret: false + # -- (string) Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto" + pelicanserviceG3auto: + +# -- (map) Secret information for Usersync and External Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS access key ID. Overrides global key. + awsSecretAccessKey: + # -- (int) Number of replicas for the deployment. replicaCount: 1 @@ -190,7 +210,7 @@ sowerConfig: action: export container: name: job-task - image: quay.io/cdis/pelican-export:master + image: quay.io/cdis/pelican-export:GPE-1252 pull_policy: Always env: - name: DICTIONARY_URL @@ -205,30 +225,48 @@ sowerConfig: key: hostname - name: ROOT_NODE value: subject + - name: DB_HOST + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: host + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: username + - name: DB_PASS + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: password + - name: SHEEPDOG + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: sheepdog volumeMounts: - name: pelican-creds-volume readOnly: true mountPath: "/pelican-creds.json" subPath: config.json - - name: peregrine-creds-volume - readOnly: true - mountPath: "/peregrine-creds.json" - subPath: creds.json cpu-limit: '1' memory-limit: 12Gi volumes: - name: pelican-creds-volume secret: secretName: pelicanservice-g3auto - - name: peregrine-creds-volume - secret: - secretName: peregrine-creds restart_policy: Never - name: pelican-export-files action: export-files container: name: job-task - image: quay.io/cdis/pelican-export:master + image: quay.io/cdis/pelican-export:GPE-1252 pull_policy: Always env: - name: DICTIONARY_URL @@ -245,6 +283,31 @@ sowerConfig: value: file - name: EXTRA_NODES value: '' + - name: DB_HOST + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: host + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: username + - name: DB_PASS + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: password + - name: SHEEPDOG + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: sheepdog volumeMounts: - name: pelican-creds-volume readOnly: true @@ -260,9 +323,6 @@ sowerConfig: - name: pelican-creds-volume secret: secretName: pelicanservice-g3auto - - name: peregrine-creds-volume - secret: - secretName: peregrine-creds restart_policy: Never From 0754f410be5ecafa62fc8637b3f0d8c6b04648da Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Thu, 18 Apr 2024 10:31:08 -0600 Subject: [PATCH 152/279] removing trailing spaces --- helm/sower/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 7cdd7af6..48f36db2 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -75,7 +75,7 @@ secrets: awsAccessKeyId: # -- (str) AWS access key ID. Overrides global key. awsSecretAccessKey: - + # -- (int) Number of replicas for the deployment. replicaCount: 1 From 1c7021dadf46b940ec2bd971dcba9b85e5998ee1 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Wed, 1 May 2024 09:33:10 -0500 Subject: [PATCH 153/279] Add global value to gen3 chart, and default image for fefw. --- .pre-commit-config.yaml | 2 +- .secrets.baseline | 24 ++++++++++++--- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 4 +-- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 4 +-- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 4 +-- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 4 +-- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 4 +-- helm/common/Chart.yaml | 2 +- helm/common/README.md | 4 +-- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 4 +-- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 4 +-- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 4 +-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 4 +-- helm/frontend-framework/README.md | 2 -- helm/gen3/Chart.yaml | 40 ++++++++++++------------ helm/gen3/README.md | 51 +++++++++++++++---------------- helm/gen3/values.yaml | 8 +++-- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 4 +-- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 4 +-- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 4 +-- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 4 +-- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 4 +-- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 4 +-- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 4 +-- helm/portal/README.md | 2 -- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 4 +-- helm/revproxy/README.md | 2 -- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 4 +-- helm/sower/README.md | 2 -- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 4 +-- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 4 +-- 51 files changed, 113 insertions(+), 146 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3a8a8714..3e2d2565 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,7 +18,7 @@ repos: - repo: local hooks: - id: helm-docs - args: [] + args: ["-c", "helm"] description: Uses 'helm-docs' to create documentation from the Helm chart's 'values.yaml' file, and inserts the result into a corresponding 'README.md' file. entry: git-hook/helm-docs.sh language: script diff --git a/.secrets.baseline b/.secrets.baseline index 029826bd..91bcce7a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-04-02T20:57:28Z", + "generated_at": "2024-05-01T14:33:00Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -325,19 +325,35 @@ "type": "Secret Keyword" } ], + "helm/frontend-framework/README.md": [ + { + "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", + "is_secret": false, + "is_verified": false, + "line_number": 51, + "type": "Secret Keyword" + }, + { + "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", + "is_secret": false, + "is_verified": false, + "line_number": 53, + "type": "Secret Keyword" + } + ], "helm/gen3/README.md": [ { "hashed_secret": "7422c958ec5a8e5f87c9e81cdf426ef0e193332c", "is_secret": false, "is_verified": false, - "line_number": 75, + "line_number": 81, "type": "Secret Keyword" }, { "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 107, + "line_number": 115, "type": "Secret Keyword" } ], @@ -346,7 +362,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 188, + "line_number": 190, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index a1f18334..c8b882b8 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 22427743..a1b78894 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -60,5 +60,3 @@ A Helm chart for deploying ambassador for gen3 | tolerations | list | `[]` | Tolerations to use for the deployment. | | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index d845739c..cc739de3 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index c00df2fb..b808b30e 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -105,5 +105,3 @@ A Helm chart for gen3 arborist | volumeMounts | list | `[]` | Volume mounts to attach to the container | | volumes | list | `[]` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index de360706..8415ed58 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6fc88cd8..f857cb50 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -64,5 +64,3 @@ A Helm chart for gen3 Argo Wrapper Service | volumeMounts | list | `[{"mountPath":"/argo.json","name":"argo-config","readOnly":true,"subPath":"argo.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index efbd8361..e8ad970b 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index 96172b65..eb347970 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -123,5 +123,3 @@ A Helm chart for Kubernetes | volumeMounts | list | `[]` | Volumes to mount to the container. | | volumes | list | `[]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 7a28cc19..d7ab79ac 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 03d37b8d..f88ddebd 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -67,5 +67,3 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | | volumes | list | `nil` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 0903cde4..93ebbc0f 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 80a13994..75e6a5d7 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 @@ -29,5 +29,3 @@ A Helm chart for provisioning databases in gen3 | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 44f89e8e..030cd0c8 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index b1fd0611..0f515393 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -53,5 +53,3 @@ A Helm chart for gen3 Dicom Server | volumeMounts | list | `[{"mountPath":"/etc/orthanc/orthanc_config_overwrites.json","name":"config-volume-g3auto","readOnly":true,"subPath":"orthanc_config_overwrites.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index b31017d6..a6d01019 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 28f7f590..0167e45f 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -40,5 +40,3 @@ A Helm chart for gen3 Dicom Viewer | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 0f9e2fb9..c5b08a7b 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index f874e334..faa4d2f2 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -103,5 +103,3 @@ A Helm chart for gen3 etl | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 5da3f09e..ce17c170 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index a8e510bc..54e9a856 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -199,5 +199,3 @@ A Helm chart for gen3 Fence | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index bfea2a23..9cb935cf 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -93,5 +93,3 @@ A Helm chart for the gen3 frontend framework | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9279b829..bcb7418c 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,30 +5,30 @@ description: Helm chart to deploy Gen3 Data Commons # Dependencies dependencies: - name: ambassador - version: 0.1.10 + version: 0.1.11 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.10 + version: 0.1.11 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.6 + version: 0.1.7 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.11 + version: 0.1.12 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.8 + version: 0.1.9 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: etl - version: 0.1.0 + version: 0.1.1 repository: file://../etl condition: etl.enabled - name: frontend-framework @@ -36,35 +36,35 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.17 + version: 0.1.18 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.10 + version: 0.1.11 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.8 + version: 0.1.9 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.13 + version: 0.1.14 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.13 + version: 0.1.14 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.11 + version: 0.1.12 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.12 + version: 0.1.13 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: 0.1.9 + version: 0.1.10 repository: "file://../pidgin" condition: pidgin.enabled - name: portal @@ -72,7 +72,7 @@ dependencies: repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.10 + version: 0.1.11 repository: "file://../requestor" condition: requestor.enabled - name: revproxy @@ -80,11 +80,11 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.13 + version: 0.1.14 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.8 + version: 0.1.9 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower @@ -92,7 +92,7 @@ dependencies: condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.12 + version: 0.1.13 repository: "file://../wts" condition: wts.enabled @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.30 +version: 0.1.31 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d4211532..bbada97c 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.31](https://img.shields.io/badge/Version-0.1.31-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,29 +18,29 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.10 | -| file://../arborist | arborist | 0.1.10 | -| file://../argo-wrapper | argo-wrapper | 0.1.6 | -| file://../audit | audit | 0.1.11 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.8 | -| file://../common | common | 0.1.9 | -| file://../etl | etl | 0.1.0 | -| file://../fence | fence | 0.1.17 | +| file://../ambassador | ambassador | 0.1.11 | +| file://../arborist | arborist | 0.1.11 | +| file://../argo-wrapper | argo-wrapper | 0.1.7 | +| file://../audit | audit | 0.1.12 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.9 | +| file://../common | common | 0.1.10 | +| file://../etl | etl | 0.1.1 | +| file://../fence | fence | 0.1.18 | | file://../frontend-framework | frontend-framework | 0.1.1 | -| file://../guppy | guppy | 0.1.10 | -| file://../hatchery | hatchery | 0.1.8 | -| file://../indexd | indexd | 0.1.13 | -| file://../manifestservice | manifestservice | 0.1.13 | -| file://../metadata | metadata | 0.1.11 | -| file://../peregrine | peregrine | 0.1.12 | -| file://../pidgin | pidgin | 0.1.9 | +| file://../guppy | guppy | 0.1.11 | +| file://../hatchery | hatchery | 0.1.9 | +| file://../indexd | indexd | 0.1.14 | +| file://../manifestservice | manifestservice | 0.1.14 | +| file://../metadata | metadata | 0.1.12 | +| file://../peregrine | peregrine | 0.1.13 | +| file://../pidgin | pidgin | 0.1.10 | | file://../portal | portal | 0.1.11 | -| file://../requestor | requestor | 0.1.10 | +| file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | -| file://../sheepdog | sheepdog | 0.1.13 | +| file://../sheepdog | sheepdog | 0.1.14 | | file://../sower | sower | 0.1.9 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.8 | -| file://../wts | wts | 0.1.12 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.9 | +| file://../wts | wts | 0.1.13 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | @@ -73,11 +73,11 @@ Helm chart to deploy Gen3 Data Commons | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | -| frontend-framework | map | `{"enabled":true,"image":{"repository":null,"tag":null}}` | Configurations for frontend-framework chart. | +| frontend-framework | map | `{"enabled":true,"image":{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}}` | Configurations for frontend-framework chart. | | frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | -| frontend-framework.image | map | `{"repository":null,"tag":null}` | Docker image information. | -| frontend-framework.image.repository | string | `nil` | The Docker image repository for the guppy service. | -| frontend-framework.image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | +| frontend-framework.image | map | `{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | +| frontend-framework.image.repository | string | `"quay.io/cdis/frontend-framework"` | The Docker image repository for the frontend-framework. | +| frontend-framework.image.tag | string | `"develop"` | Overrides the image tag whose default is the chart appVersion. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -93,6 +93,7 @@ Helm chart to deploy Gen3 Data Commons | global.externalSecrets | map | `{"dbCreate":false,"deploy":false}` | External Secrets settings. | | global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | +| global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | @@ -163,5 +164,3 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index b9d183f9..4ff88423 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -58,6 +58,8 @@ global: ddEnabled: false # -- (map) If you would like to add any extra values to the manifest-global configmap. manifestGlobalExtraValues: {} + # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. + frontendRoot: "portal" # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. @@ -128,10 +130,10 @@ frontend-framework: enabled: true # -- (map) Docker image information. image: - # -- (string) The Docker image repository for the guppy service. - repository: + # -- (string) The Docker image repository for the frontend-framework. + repository: "quay.io/cdis/frontend-framework" # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: + tag: "develop" # -- (map) Configurations for guppy chart. guppy: diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 8da72671..edfb712b 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f04bf9ca..0a2f23de 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -96,5 +96,3 @@ A Helm chart for gen3 Guppy Service | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 466cb09b..c57ad0e6 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 583c3ac7..c3f3c539 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -86,5 +86,3 @@ A Helm chart for gen3 Hatchery | volumeMounts | list | `[{"mountPath":"/hatchery.json","name":"hatchery-config","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 18a5f053..8c5dd73d 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index d27514cb..223be8ea 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -107,5 +107,3 @@ A Helm chart for gen3 indexd | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 921228cc..201f305e 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 3b745415..efcb9c48 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -85,5 +85,3 @@ A Helm chart for Kubernetes | volumeMounts | list | `[{"mountPath":"/var/gen3/config/","name":"config-volume","readOnly":true}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 240e3913..79267d44 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 8dad1804..924fd9bb 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -124,5 +124,3 @@ A Helm chart for gen3 Metadata Service | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index a7eac451..a881d0e5 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index a5910fd1..28ccd305 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -102,5 +102,3 @@ A Helm chart for gen3 Peregrine service | volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index f80d38b0..5dd361eb 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 1a34c4d7..802fd750 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -82,5 +82,3 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/portal/README.md b/helm/portal/README.md index aae804b7..a243d67a 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -100,5 +100,3 @@ A Helm chart for gen3 data-portal | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index e3b94a13..3e855149 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 9b4dddec..6a226726 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -117,5 +117,3 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index fcb27c0e..c7005f24 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -104,5 +104,3 @@ A Helm chart for gen3 revproxy | tolerations | list | `[]` | Tolerations to use for the deployment. | | userhelperEnabled | bool | `false` | | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 79cf8269..293c0201 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 8325744c..2da88d6c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -110,5 +110,3 @@ A Helm chart for gen3 Sheepdog Service | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/README.md b/helm/sower/README.md index 2ca77e81..11d78588 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -150,5 +150,3 @@ A Helm chart for gen3 sower | volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 34b92d4a..2016e15b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 12c85819..19f91bc5 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -112,5 +112,3 @@ A Helm chart for gen3 ssjdispatcher | volumeMounts | list | `[{"mountPath":"/credentials.json","name":"ssjdispatcher-creds-volume","readOnly":true,"subPath":"credentials.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index c84c4d76..85a6dde9 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index b54a6358..d2f62516 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -105,5 +105,3 @@ A Helm chart for gen3 workspace token service | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 7662f0949d03805e6b34d508be7ead2fbfde1c9c Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Wed, 1 May 2024 09:43:03 -0500 Subject: [PATCH 154/279] bump common chart --- .secrets.baseline | 11 +++++++++-- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 4 ++-- helm/sower/README.md | 4 ++-- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 49 files changed, 59 insertions(+), 52 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index db8e8724..69ff47fc 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-05-01T14:33:00Z", + "generated_at": "2024-05-01T14:42:54Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -657,11 +657,18 @@ } ], "helm/sower/README.md": [ + { + "hashed_secret": "3d4368cd822c4a36144c2bcc8cb8e90b63c7e5fe", + "is_secret": false, + "is_verified": false, + "line_number": 34, + "type": "Secret Keyword" + }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 58, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index c8b882b8..b525c4d0 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index a1b78894..2e684849 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index cc739de3..39696872 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index b808b30e..74cb57d6 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 8415ed58..57d20124 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index f857cb50..d6ce7750 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index e8ad970b..2295c602 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index eb347970..8d4ffa2c 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index d7ab79ac..7fea05b3 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index f88ddebd..873a0e41 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 030cd0c8..4741141b 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 0f515393..f95924f0 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index a6d01019..4835cfea 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 0167e45f..28eec517 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index ce17c170..a8e6edc3 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index 54e9a856..ea03a462 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 1c24f05b..a86f9eb1 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 9cb935cf..8c515bb3 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index f13988e4..7adfaa2b 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -88,7 +88,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.10 + version: 0.1.11 condition: sower.enabled repository: "file://../sower" - name: wts diff --git a/helm/gen3/README.md b/helm/gen3/README.md index bbada97c..ebc401e4 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -38,7 +38,7 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.14 | -| file://../sower | sower | 0.1.9 | +| file://../sower | sower | 0.1.11 | | file://../ssjdispatcher | ssjdispatcher | 0.1.9 | | file://../wts | wts | 0.1.13 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index edfb712b..12fd56ed 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 0a2f23de..7cf3ec1c 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index c57ad0e6..8e4c05c1 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index c3f3c539..3ebadfc2 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 8c5dd73d..19e78126 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 223be8ea..8d7057cb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 201f305e..382e0165 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index efcb9c48..11fc1f39 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 79267d44..d38d06e5 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 924fd9bb..c9553ba9 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.17.1 | diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index a881d0e5..10f79b5d 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 28ccd305..8d9884c5 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 5dd361eb..be9c2086 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 802fd750..21914338 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index ec3b63d8..8106cae3 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index a243d67a..8bbe12b5 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 3e855149..e0c06a88 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 6a226726..85792b12 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index dd9c4974..37c50386 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index c7005f24..59baa504 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 293c0201..ea4bcc32 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 2da88d6c..afbdd189 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index b273c98b..a48e3910 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 38ba58c1..9644ad2e 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 2016e15b..ac668287 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 19f91bc5..3bb1ab0a 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 85a6dde9..6d9533e4 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.9 + version: 0.1.10 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index d2f62516..f755b799 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.9 | +| file://../common | common | 0.1.10 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From 1d6d5f1a18ac23c0f8903a9665c8c4473378eea9 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Wed, 1 May 2024 11:37:54 -0500 Subject: [PATCH 155/279] Set portal as root on default --- .secrets.baseline | 8 ++++---- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 8 ++++---- helm/gen3/values.yaml | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 3 ++- helm/portal/templates/deployment.yaml | 8 ++++---- helm/portal/values.yaml | 2 ++ 8 files changed, 20 insertions(+), 17 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 69ff47fc..1b97c1c2 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-05-01T14:42:54Z", + "generated_at": "2024-05-01T16:37:41Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -563,7 +563,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 62, "type": "Secret Keyword" } ], @@ -571,13 +571,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 478, + "line_number": 480, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 481, + "line_number": 483, "type": "Base64 High Entropy String" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 7adfaa2b..e8dd4e97 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.11 + version: 0.1.12 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.31 +version: 0.1.32 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ebc401e4..40c2dd42 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.31](https://img.shields.io/badge/Version-0.1.31-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.32](https://img.shields.io/badge/Version-0.1.32-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -34,7 +34,7 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.12 | | file://../peregrine | peregrine | 0.1.13 | | file://../pidgin | pidgin | 0.1.10 | -| file://../portal | portal | 0.1.11 | +| file://../portal | portal | 0.1.12 | | file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.14 | @@ -73,8 +73,8 @@ Helm chart to deploy Gen3 Data Commons | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | fence.usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | fence.usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | -| frontend-framework | map | `{"enabled":true,"image":{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}}` | Configurations for frontend-framework chart. | -| frontend-framework.enabled | bool | `true` | Whether to deploy the frontend-framework subchart. | +| frontend-framework | map | `{"enabled":false,"image":{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}}` | Configurations for frontend-framework chart. | +| frontend-framework.enabled | bool | `false` | Whether to deploy the frontend-framework subchart. | | frontend-framework.image | map | `{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | | frontend-framework.image.repository | string | `"quay.io/cdis/frontend-framework"` | The Docker image repository for the frontend-framework. | | frontend-framework.image.tag | string | `"develop"` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 4ff88423..0d375e91 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -127,7 +127,7 @@ fence: # -- (map) Configurations for frontend-framework chart. frontend-framework: # -- (bool) Whether to deploy the frontend-framework subchart. - enabled: true + enabled: false # -- (map) Docker image information. image: # -- (string) The Docker image repository for the frontend-framework. diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 8106cae3..52eed637 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 8bbe12b5..49220d24 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -49,6 +49,7 @@ A Helm chart for gen3 data-portal | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 3ba483dd..691aef6f 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -82,10 +82,10 @@ spec: # failureThreshold: 30 readinessProbe: httpGet: - {{- if eq "portal" .Values.global.frontendRoot }} - path: / - {{- else }} + {{- if eq "gen3ff" .Values.global.frontendRoot }} path: /portal + {{- else }} + path: / {{- end }} port: 80 initialDelaySeconds: 30 @@ -197,7 +197,7 @@ spec: - name: DATA_UPLOAD_BUCKET value: {{ . }} {{- end }} - {{- if eq "portal" .Values.global.frontendRoot }} + {{- if eq "gen3ff" .Values.global.frontendRoot }} - name: BASENAME value: /portal {{- end }} diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index c45a5b02..7e0c6723 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -60,6 +60,8 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. + frontendRoot: "portal" # -- (int) Number of replicas for the deployment. replicaCount: 1 From f499001aef06e4285ce3dd9040b399fe846c29b9 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 17:27:15 +1100 Subject: [PATCH 156/279] yaml merge --- helm/fence/scripts/yaml_merge.py | 55 +++++++++++++++++++ helm/fence/templates/fence-public-config.yaml | 11 ++++ helm/fence/templates/fence-scripts.yaml | 6 ++ helm/fence/values.yaml | 20 +++---- 4 files changed, 82 insertions(+), 10 deletions(-) create mode 100644 helm/fence/scripts/yaml_merge.py create mode 100644 helm/fence/templates/fence-public-config.yaml create mode 100644 helm/fence/templates/fence-scripts.yaml diff --git a/helm/fence/scripts/yaml_merge.py b/helm/fence/scripts/yaml_merge.py new file mode 100644 index 00000000..4698df9b --- /dev/null +++ b/helm/fence/scripts/yaml_merge.py @@ -0,0 +1,55 @@ +import sys +import yaml + +''' +Helper script to merge arbitraly number of yaml files + +Usage: python yaml_merge.py file1.yaml file2.yaml ... fence-config.yaml + +Example: python yaml_merge.py file1.yaml file2.yaml fence-config.yaml +file1.yaml key(s) will overriden by items in file2.yaml if they exist, + +''' +def merge_yaml_files(file_paths): + merged_data = {} + + for file_path in file_paths: + try: + with open(file_path, 'r') as file: + data = yaml.safe_load(file) + merged_data = merge_dicts(merged_data, data) + except FileNotFoundError as e: + print('WARNING! File not found: {}. Will be ignored!'.format(file_path)) + + return merged_data + +def merge_dicts(dict1, dict2): + for key, value in dict2.items(): + if key in dict1 and isinstance(dict1[key], dict) and isinstance(value, dict): + dict1[key] = merge_dicts(dict1[key], value) + else: + dict1[key] = value + + return dict1 + +def save_merged_file(merged_data, output_file_path): + with open(output_file_path, 'w') as output_file: + yaml.dump(merged_data, output_file, default_flow_style=False) + +if __name__ == "__main__": + # Check if at least two arguments are provided (including the script name) + if len(sys.argv) < 3: + print("Usage: python yaml_merge.py config-file1.yaml config-file2.yaml ... fence-config.yaml") + sys.exit(1) + + # Extract input file paths and output file path + input_files = sys.argv[1:-1] + output_file = sys.argv[-1] + + # Merge YAML files + merged_data = merge_yaml_files(input_files) + + # Save the merged data to the output file + save_merged_file(merged_data, output_file) + + print(f"Merged Configuration saved to {output_file}") diff --git a/helm/fence/templates/fence-public-config.yaml b/helm/fence/templates/fence-public-config.yaml new file mode 100644 index 00000000..e623da63 --- /dev/null +++ b/helm/fence/templates/fence-public-config.yaml @@ -0,0 +1,11 @@ +{{- if hasKey .Values "FENCE_PUBLIC_CONFIG" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: fence-public-config +stringData: + fence-public-config.yaml: | + {{- with .Values.FENCE_PUBLIC_CONFIG }} + {{- toYaml . | nindent 4 }} + {{ end }} +{{- end }} \ No newline at end of file diff --git a/helm/fence/templates/fence-scripts.yaml b/helm/fence/templates/fence-scripts.yaml new file mode 100644 index 00000000..bbf1be8f --- /dev/null +++ b/helm/fence/templates/fence-scripts.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fence-scripts +data: +{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 80a02953..db517658 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -362,6 +362,9 @@ volumes: - name: config-volume secret: secretName: "fence-config" + - name: public-config-volume + configMap: + name: "fence-public-config" - name: fence-google-app-creds-secret-volume secret: secretName: "fence-google-app-creds-secret" @@ -374,10 +377,9 @@ volumes: - name: privacy-policy configMap: name: "privacy-policy" - - name: yaml-merge + - name: fence-scripts configMap: - name: "fence-yaml-merge" - optional: true + name: "fence-scripts" # -- (list) Volumes to mount to the container. volumeMounts: @@ -409,7 +411,11 @@ volumeMounts: readOnly: true mountPath: "/var/www/fence/fence-config.yaml" subPath: fence-config.yaml - - name: "yaml-merge" + - name: "public-config-volume" + readOnly: true + mountPath: "/var/www/fence/fence-public-config.yaml" + subPath: fence-public-config.yaml + - name: "fence-scripts" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py @@ -483,12 +489,6 @@ initEnv: value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: PYTHONPATH value: /var/www/fence - - name: FENCE_PUBLIC_CONFIG - valueFrom: - configMapKeyRef: - name: manifest-fence - key: fence-config-public.yaml - optional: true # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". From 870e3c92e312f58f5f0197163db8afdd56d0a267 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 18:59:25 +1100 Subject: [PATCH 157/279] update volume mount --- helm/fence/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index db517658..f8e58935 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -438,7 +438,7 @@ initVolumeMounts: readOnly: true mountPath: "/var/www/fence/fence-config.yaml" subPath: fence-config.yaml - - name: "yaml-merge" + - name: "fence-scripts" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py From df2817617c89406c0a7ac09f638a2208578b27cf Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 19:12:20 +1100 Subject: [PATCH 158/279] update configmap --- helm/fence/templates/fence-public-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-public-config.yaml b/helm/fence/templates/fence-public-config.yaml index e623da63..b00ba1c6 100644 --- a/helm/fence/templates/fence-public-config.yaml +++ b/helm/fence/templates/fence-public-config.yaml @@ -1,11 +1,11 @@ -{{- if hasKey .Values "FENCE_PUBLIC_CONFIG" }} apiVersion: v1 kind: ConfigMap metadata: name: fence-public-config stringData: fence-public-config.yaml: | +{{- if hasKey .Values "FENCE_PUBLIC_CONFIG" }} {{- with .Values.FENCE_PUBLIC_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} -{{- end }} \ No newline at end of file +{{- end }} From 274572a2438c00891b21e3ba2601768132681c03 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 19:19:08 +1100 Subject: [PATCH 159/279] update configmap --- helm/fence/templates/fence-deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 2fe2c6ec..a30968c0 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -94,8 +94,7 @@ spec: args: - "-c" - | - # echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - # python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" From 850c785f45dce3a82c8022fc8a97ebc1e1c7acd6 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 20:02:36 +1100 Subject: [PATCH 160/279] update configmap --- helm/fence/templates/fence-config.yaml | 2 +- helm/fence/templates/fence-deployment.yaml | 4 ++-- helm/fence/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index e594d072..95c08b94 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: fence-config stringData: - fence-config.yaml: | + fence-config-secret.yaml: | BASE_URL: https://{{ .Values.global.hostname }}/user {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index a30968c0..a2e7d6c8 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -62,7 +62,7 @@ spec: - "-c" - | echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -94,7 +94,7 @@ spec: args: - "-c" - | - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then echo "Running db migration: fence-create migrate" diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index f8e58935..a1a3584d 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -409,8 +409,8 @@ volumeMounts: subPath: "privacy_policy.md" - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config.yaml" - subPath: fence-config.yaml + mountPath: "/var/www/fence/fence-config-secret.yaml" + subPath: fence-config-secret.yaml - name: "public-config-volume" readOnly: true mountPath: "/var/www/fence/fence-public-config.yaml" From ff19b5cde4ebe0fa2399bef5d96a1d659acc33c0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 20:07:57 +1100 Subject: [PATCH 161/279] update configmap --- helm/fence/templates/fence-deployment.yaml | 1 - helm/fence/values.yaml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index a2e7d6c8..51622041 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,6 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index a1a3584d..9ce841da 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -436,8 +436,8 @@ volumeMounts: initVolumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config.yaml" - subPath: fence-config.yaml + mountPath: "/var/www/fence/fence-config-secret.yaml" + subPath: fence-config-secret.yaml - name: "fence-scripts" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" From efe5e95a5222655b39ff5451eed42ef819e50efe Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 20:28:00 +1100 Subject: [PATCH 162/279] public config tmp location --- helm/fence/templates/fence-deployment.yaml | 2 +- helm/fence/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 51622041..7ef3a41f 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,7 @@ spec: args: - "-c" - | - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/tmp/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 9ce841da..dd67d457 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -409,7 +409,7 @@ volumeMounts: subPath: "privacy_policy.md" - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config-secret.yaml" + mountPath: "/var/tmp/fence/fence-config-secret.yaml" subPath: fence-config-secret.yaml - name: "public-config-volume" readOnly: true @@ -436,7 +436,7 @@ volumeMounts: initVolumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/www/fence/fence-config-secret.yaml" + mountPath: "/var/tmp/fence-config-secret.yaml" subPath: fence-config-secret.yaml - name: "fence-scripts" readOnly: true From 477df0ac614c5b634836c18486063de8e6d784ac Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 7 May 2024 10:54:30 +1000 Subject: [PATCH 163/279] version bump --- helm/fence/Chart.yaml | 2 +- helm/fence/scripts/yaml_merge.py | 11 +++++----- helm/fence/templates/fence-deployment.yaml | 2 +- helm/fence/templates/fence-public-config.yaml | 5 ++--- helm/fence/templates/presigned-url-fence.yaml | 3 +-- helm/fence/values.yaml | 22 ++++++++++--------- helm/gen3/Chart.yaml | 4 ++-- helm/guppy/Chart.yaml | 2 +- helm/guppy/templates/guppy_config.yaml | 4 +--- 9 files changed, 27 insertions(+), 28 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index a8e6edc3..1b06cb7d 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/scripts/yaml_merge.py b/helm/fence/scripts/yaml_merge.py index 4698df9b..5223f9f4 100644 --- a/helm/fence/scripts/yaml_merge.py +++ b/helm/fence/scripts/yaml_merge.py @@ -24,11 +24,12 @@ def merge_yaml_files(file_paths): return merged_data def merge_dicts(dict1, dict2): - for key, value in dict2.items(): - if key in dict1 and isinstance(dict1[key], dict) and isinstance(value, dict): - dict1[key] = merge_dicts(dict1[key], value) - else: - dict1[key] = value + if dict2 is not None: #Fix AttributeError + for key, value in dict2.items(): + if key in dict1 and isinstance(dict1[key], dict) and isinstance(value, dict): + dict1[key] = merge_dicts(dict1[key], value) + else: + dict1[key] = value return dict1 diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 7ef3a41f..c00c8120 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,7 @@ spec: args: - "-c" - | - python /var/www/fence/yaml_merge.py /var/tmp/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/tmp/fence-public-config.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi diff --git a/helm/fence/templates/fence-public-config.yaml b/helm/fence/templates/fence-public-config.yaml index b00ba1c6..be2753ea 100644 --- a/helm/fence/templates/fence-public-config.yaml +++ b/helm/fence/templates/fence-public-config.yaml @@ -2,10 +2,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: fence-public-config -stringData: +data: fence-public-config.yaml: | -{{- if hasKey .Values "FENCE_PUBLIC_CONFIG" }} {{- with .Values.FENCE_PUBLIC_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} -{{- end }} + diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index 534c81e9..68315342 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -54,8 +54,7 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" - python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml + python /var/www/fence/yaml_merge.py /var/tmp/fence-public-config.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index dd67d457..2b222c0b 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -291,12 +291,12 @@ env: value: /var/www/fence - name: GEN3_DEBUG value: "False" - - name: FENCE_PUBLIC_CONFIG - valueFrom: - configMapKeyRef: - name: manifest-fence - key: fence-config-public.yaml - optional: true + # - name: FENCE_PUBLIC_CONFIG + # valueFrom: + # configMapKeyRef: + # name: manifest-fence + # key: fence-config-public.yaml + # optional: true - name: PGHOST valueFrom: secretKeyRef: @@ -409,11 +409,11 @@ volumeMounts: subPath: "privacy_policy.md" - name: "config-volume" readOnly: true - mountPath: "/var/tmp/fence/fence-config-secret.yaml" + mountPath: "/var/www/fence/fence-config-secret.yaml" subPath: fence-config-secret.yaml - name: "public-config-volume" readOnly: true - mountPath: "/var/www/fence/fence-public-config.yaml" + mountPath: "/var/tmp/fence-public-config.yaml" subPath: fence-public-config.yaml - name: "fence-scripts" readOnly: true @@ -436,7 +436,7 @@ volumeMounts: initVolumeMounts: - name: "config-volume" readOnly: true - mountPath: "/var/tmp/fence-config-secret.yaml" + mountPath: "/var/www/fence/fence-config-secret.yaml" subPath: fence-config-secret.yaml - name: "fence-scripts" readOnly: true @@ -1393,7 +1393,6 @@ USER_YAML: | - auth_id: jnkns privilege: [create, read, update, delete, upload, read-storage] - # -- (map) Configuration settings for Fence app FENCE_CONFIG: # -- (string) Name of the Fence app @@ -2284,3 +2283,6 @@ FENCE_CONFIG: visa_types: ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' +# -- (map) Public Configuration settings for Fence app +# NOTE: Remove the {} and supply additional configuration if needed. +FENCE_PUBLIC_CONFIG: {} diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e8dd4e97..b24116f7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -36,11 +36,11 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.18 + version: 0.1.19 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.11 + version: 0.1.12 repository: "file://../guppy" condition: guppy.enabled - name: hatchery diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 12fd56ed..d935079b 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/templates/guppy_config.yaml b/helm/guppy/templates/guppy_config.yaml index ff7ab9be..ad8bcd40 100644 --- a/helm/guppy/templates/guppy_config.yaml +++ b/helm/guppy/templates/guppy_config.yaml @@ -6,9 +6,7 @@ data: guppy_config.json: | { "indices": {{ .Values.indices | toJson }}, - {{- with .Values.configIndex }} - "config_index": {{ . | quote }}, - {{- end }} + "config_index": {{ .Values.configIndex | toJson }}, "auth_filter_field": {{ .Values.authFilterField | quote }}, "enable_encrypt_whitelist": {{ .Values.enableEncryptWhitelist | quote }}, "encrypt_whitelist": {{ .Values.encryptWhitelist | quote }} From ef2f4461c83d16ec86f1e3bb04ce9f2ccd31c847 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 7 May 2024 10:59:50 +1000 Subject: [PATCH 164/279] gen3 chart version bump --- helm/gen3/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index b24116f7..b0a91d07 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.32 +version: 0.1.33 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 59bc470a99843deae8afc061ba4bdb0646318d7e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 9 May 2024 11:26:44 +1000 Subject: [PATCH 165/279] fence public config --- helm/fence/templates/fence-deployment.yaml | 6 ++++-- helm/fence/templates/fence-public-config.yaml | 4 ++-- .../templates/{fence-scripts.yaml => fence-yaml-merge.yaml} | 2 +- helm/fence/values.yaml | 3 --- 4 files changed, 7 insertions(+), 8 deletions(-) rename helm/fence/templates/{fence-scripts.yaml => fence-yaml-merge.yaml} (79%) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index c00c8120..a8c2d37b 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,8 @@ spec: args: - "-c" - | - python /var/www/fence/yaml_merge.py /var/tmp/fence-public-config.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml + echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi @@ -93,6 +94,7 @@ spec: args: - "-c" - | + echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then @@ -120,4 +122,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/fence/templates/fence-public-config.yaml b/helm/fence/templates/fence-public-config.yaml index be2753ea..c0de6214 100644 --- a/helm/fence/templates/fence-public-config.yaml +++ b/helm/fence/templates/fence-public-config.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: fence-public-config + name: manifest-fence data: fence-public-config.yaml: | - {{- with .Values.FENCE_PUBLIC_CONFIG }} + {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} diff --git a/helm/fence/templates/fence-scripts.yaml b/helm/fence/templates/fence-yaml-merge.yaml similarity index 79% rename from helm/fence/templates/fence-scripts.yaml rename to helm/fence/templates/fence-yaml-merge.yaml index bbf1be8f..4ec22b51 100644 --- a/helm/fence/templates/fence-scripts.yaml +++ b/helm/fence/templates/fence-yaml-merge.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: fence-scripts + name: fence-yaml-merge data: {{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 2b222c0b..a42728ac 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -362,9 +362,6 @@ volumes: - name: config-volume secret: secretName: "fence-config" - - name: public-config-volume - configMap: - name: "fence-public-config" - name: fence-google-app-creds-secret-volume secret: secretName: "fence-google-app-creds-secret" From 9a08b2f7006974ff0abea7174f02923b97d97d3a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 9 May 2024 11:40:50 +1000 Subject: [PATCH 166/279] fence public config --- helm/fence/values.yaml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index a42728ac..4124542d 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -374,9 +374,10 @@ volumes: - name: privacy-policy configMap: name: "privacy-policy" - - name: fence-scripts + - name: yaml-merge configMap: - name: "fence-scripts" + name: "fence-yaml-merge" + optional: false # -- (list) Volumes to mount to the container. volumeMounts: @@ -407,12 +408,8 @@ volumeMounts: - name: "config-volume" readOnly: true mountPath: "/var/www/fence/fence-config-secret.yaml" - subPath: fence-config-secret.yaml - - name: "public-config-volume" - readOnly: true - mountPath: "/var/tmp/fence-public-config.yaml" - subPath: fence-public-config.yaml - - name: "fence-scripts" + subPath: fence-config.yaml + - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py @@ -434,8 +431,8 @@ initVolumeMounts: - name: "config-volume" readOnly: true mountPath: "/var/www/fence/fence-config-secret.yaml" - subPath: fence-config-secret.yaml - - name: "fence-scripts" + subPath: fence-config.yaml + - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" subPath: yaml_merge.py From e85506c03766b84e163bdb9ecabe485c096c82b0 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 9 May 2024 12:11:59 +1000 Subject: [PATCH 167/279] cleanup --- helm/fence/values.yaml | 3 --- helm/gen3/Chart.yaml | 2 -- 2 files changed, 5 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 4124542d..530b831e 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -2277,6 +2277,3 @@ FENCE_CONFIG: visa_types: ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' -# -- (map) Public Configuration settings for Fence app -# NOTE: Remove the {} and supply additional configuration if needed. -FENCE_PUBLIC_CONFIG: {} diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index b0a91d07..e068e9e2 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -95,8 +95,6 @@ dependencies: version: 0.1.13 repository: "file://../wts" condition: wts.enabled - - - name: elasticsearch version: 7.10.2 repository: "https://helm.elastic.co" From 4b7747ff6b6e7c824fc5413c16c1021d1e40d2d5 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Fri, 19 Jan 2024 17:27:15 +1100 Subject: [PATCH 168/279] yaml merge version bump gen3 chart version bump fence public config --- helm/fence/values.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 530b831e..99a5f688 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -374,7 +374,7 @@ volumes: - name: privacy-policy configMap: name: "privacy-policy" - - name: yaml-merge + - name: fence-scripts configMap: name: "fence-yaml-merge" optional: false @@ -2277,3 +2277,6 @@ FENCE_CONFIG: visa_types: ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' +# -- (map) Public Configuration settings for Fence app +# NOTE: Remove the {} and supply additional configuration if needed. + From aa3c1c20226b6c2d7c07434921923e83833ea24b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 9 May 2024 11:40:50 +1000 Subject: [PATCH 169/279] fence public config cleanup --- helm/fence/values.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 99a5f688..530b831e 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -374,7 +374,7 @@ volumes: - name: privacy-policy configMap: name: "privacy-policy" - - name: fence-scripts + - name: yaml-merge configMap: name: "fence-yaml-merge" optional: false @@ -2277,6 +2277,3 @@ FENCE_CONFIG: visa_types: ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' -# -- (map) Public Configuration settings for Fence app -# NOTE: Remove the {} and supply additional configuration if needed. - From 57d0765824b05b85b8a8f0550037bdc882d3ed0c Mon Sep 17 00:00:00 2001 From: Alan Walsh Date: Tue, 21 May 2024 17:08:49 -0400 Subject: [PATCH 170/279] Fix secret typos There are three small typos in the secrets template that impact the portal config during deployment. --- helm/portal/templates/secret.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/portal/templates/secret.yaml b/helm/portal/templates/secret.yaml index 16a7c037..40f960d0 100644 --- a/helm/portal/templates/secret.yaml +++ b/helm/portal/templates/secret.yaml @@ -4,7 +4,7 @@ metadata: name: portal-config data: {{- if .Values.gitops.createdby }} - gitops-createdby: | + gitops-createdby.png: | {{- .Values.gitops.createdby | nindent 4 }} {{- else }} gitops-createdby: | @@ -19,10 +19,10 @@ data: {{- end }} {{- if .Values.gitops.favicon }} gitops-favicon.ico: | - {{- .Values.gitops.favicon | b64enc | nindent 4 }} + {{- .Values.gitops.favicon | nindent 4 }} {{- else }} gitops-favicon.ico: | - {{- (.Files.Get "defaults/gitops-favicon.ico" ) | nindent 4 }} + {{- (.Files.Get "defaults/gitops-favicon.ico" ) | b64enc) | nindent 4 }} {{- end }} {{- if .Values.gitops.json }} gitops.json: | From a3ca826842ca74d990fb6712e7f76b6427a5d696 Mon Sep 17 00:00:00 2001 From: Alan Walsh Date: Tue, 21 May 2024 17:13:08 -0400 Subject: [PATCH 171/279] Bump chart versions Bump chart versions for portal and Gen3 umbrella. --- helm/gen3/Chart.yaml | 4 ++-- helm/portal/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e8dd4e97..786efe60 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.12 + version: 0.1.13 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.32 +version: 0.1.33 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 52eed637..df75a44e 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 15882c78298ef091e341918e623b92ad3efe0818 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 21 May 2024 15:40:31 -0600 Subject: [PATCH 172/279] adding replicas to portal deployment --- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/portal/templates/deployment.yaml | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 52eed637..df75a44e 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 49220d24..daafacfc 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 691aef6f..9fb7d09f 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -8,6 +8,9 @@ metadata: {{- include "common.datadogLabels" . | nindent 4 }} {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: {{- include "portal.selectorLabels" . | nindent 6 }} From 91d59399b4c71452a8fb83b3858d2712721758fa Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Tue, 21 May 2024 15:44:35 -0600 Subject: [PATCH 173/279] updating portal version in gen3 helm chart --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e8dd4e97..786efe60 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.12 + version: 0.1.13 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.32 +version: 0.1.33 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 40c2dd42..7be42ca8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.32](https://img.shields.io/badge/Version-0.1.32-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.33](https://img.shields.io/badge/Version-0.1.33-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -34,7 +34,7 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.12 | | file://../peregrine | peregrine | 0.1.13 | | file://../pidgin | pidgin | 0.1.10 | -| file://../portal | portal | 0.1.12 | +| file://../portal | portal | 0.1.13 | | file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.14 | From d8106cedb0e090d0306c62909f72463348a6980e Mon Sep 17 00:00:00 2001 From: Alan Walsh Date: Wed, 22 May 2024 10:08:02 -0400 Subject: [PATCH 174/279] Bump chart version(s) --- helm/gen3/Chart.yaml | 4 ++-- helm/portal/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 786efe60..cfed82f7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.13 + version: 0.1.14 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -119,7 +119,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.33 +version: 0.1.34 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index df75a44e..012e78cf 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 8dafc3de79c2e66cfeb9b19f3b752c3f6f5380ea Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Wed, 22 May 2024 15:00:34 -0600 Subject: [PATCH 175/279] adding Grafana stack to our Gen3 helm charts --- helm/lgtm-distributed/Chart.yaml | 62 +++++++++++ helm/lgtm-distributed/README.md | 44 ++++++++ helm/lgtm-distributed/templates/NOTES.txt | 1 + helm/lgtm-distributed/templates/_helpers.tpl | 18 ++++ helm/lgtm-distributed/values.yaml | 108 +++++++++++++++++++ 5 files changed, 233 insertions(+) create mode 100644 helm/lgtm-distributed/Chart.yaml create mode 100644 helm/lgtm-distributed/README.md create mode 100644 helm/lgtm-distributed/templates/NOTES.txt create mode 100644 helm/lgtm-distributed/templates/_helpers.tpl create mode 100644 helm/lgtm-distributed/values.yaml diff --git a/helm/lgtm-distributed/Chart.yaml b/helm/lgtm-distributed/Chart.yaml new file mode 100644 index 00000000..1c6e5d9a --- /dev/null +++ b/helm/lgtm-distributed/Chart.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: v2 +name: lgtm-distributed +description: Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack +type: application +version: 1.0.1 +appVersion: "6.59.4" + +home: https://grafana.com/oss/ +icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 + +sources: + - https://grafana.github.io/helm-charts + - https://github.com/grafana/grafana + - https://github.com/grafana/loki + - https://github.com/grafana/mimir + - https://github.com/grafana/tempo + +keywords: + - monitoring + - traces + - metrics + - logs + +annotations: + "artifacthub.io/license": Apache-2.0 + "artifacthub.io/links": | + - name: Chart Source + url: https://github.com/grafana/helm-charts + - name: Grafana + url: https://github.com/grafana/grafana + - name: Loki + url: https://github.com/grafana/loki + - name: Mimir + url: https://github.com/grafana/mimir + - name: Tempo + url: https://github.com/grafana/tempo + +maintainers: + - name: timberhill + +dependencies: + - name: grafana + alias: grafana + condition: grafana.enabled + repository: https://grafana.github.io/helm-charts + version: "^7.3.9" + - name: loki-distributed + alias: loki + condition: loki.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^0.74.3" + - name: mimir-distributed + alias: mimir + condition: mimir.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^5.3.0" + - name: tempo-distributed + alias: tempo + condition: tempo.enabled + repository: "https://grafana.github.io/helm-charts" + version: "^1.9.9" diff --git a/helm/lgtm-distributed/README.md b/helm/lgtm-distributed/README.md new file mode 100644 index 00000000..aa7ee6a6 --- /dev/null +++ b/helm/lgtm-distributed/README.md @@ -0,0 +1,44 @@ +# lgtm-distributed + +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) + +Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| timberhill | | | + +## Source Code + +* +* +* +* +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://grafana.github.io/helm-charts | grafana(grafana) | ^7.3.9 | +| https://grafana.github.io/helm-charts | loki(loki-distributed) | ^0.74.3 | +| https://grafana.github.io/helm-charts | mimir(mimir-distributed) | ^5.3.0 | +| https://grafana.github.io/helm-charts | tempo(tempo-distributed) | ^1.9.9 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| grafana.datasources | object | `{"datasources.yaml":{"apiVersion":1,"datasources":[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]}}` | Grafana data sources config. Connects to all three by default | +| grafana.datasources."datasources.yaml".datasources | list | `[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]` | Datasources linked to the Grafana instance. Override if you disable any components. | +| grafana.enabled | bool | `true` | Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. | +| loki.enabled | bool | `true` | Deploy Loki if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/loki-distributed#values) for full values reference. | +| mimir | object | `{"alertmanager":{"resources":{"requests":{"cpu":"20m"}}},"compactor":{"resources":{"requests":{"cpu":"20m"}}},"distributor":{"resources":{"requests":{"cpu":"20m"}}},"enabled":true,"ingester":{"replicas":2,"resources":{"requests":{"cpu":"20m"}},"zoneAwareReplication":{"enabled":false}},"minio":{"resources":{"requests":{"cpu":"20m"}}},"overrides_exporter":{"resources":{"requests":{"cpu":"20m"}}},"querier":{"replicas":1,"resources":{"requests":{"cpu":"20m"}}},"query_frontend":{"resources":{"requests":{"cpu":"20m"}}},"query_scheduler":{"replicas":1,"resources":{"requests":{"cpu":"20m"}}},"rollout_operator":{"resources":{"requests":{"cpu":"20m"}}},"ruler":{"resources":{"requests":{"cpu":"20m"}}},"store_gateway":{"resources":{"requests":{"cpu":"20m"}},"zoneAwareReplication":{"enabled":false}}}` | Mimir chart values. Resources are set to a minimum by default. | +| mimir.enabled | bool | `true` | Deploy Mimir if enabled. See [upstream values.yaml](https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml) for full values reference. | +| tempo.enabled | bool | `true` | Deploy Tempo if enabled. See [upstream readme](https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/README.md#values) for full values reference. | +| tempo.ingester.replicas | int | `3` | | + diff --git a/helm/lgtm-distributed/templates/NOTES.txt b/helm/lgtm-distributed/templates/NOTES.txt new file mode 100644 index 00000000..482f35c8 --- /dev/null +++ b/helm/lgtm-distributed/templates/NOTES.txt @@ -0,0 +1 @@ +Release name should be limited to 25 characters to not exceed the resource name limits of 63 characters. diff --git a/helm/lgtm-distributed/templates/_helpers.tpl b/helm/lgtm-distributed/templates/_helpers.tpl new file mode 100644 index 00000000..4c1d430f --- /dev/null +++ b/helm/lgtm-distributed/templates/_helpers.tpl @@ -0,0 +1,18 @@ + {{/* +Create a default fully qualified app name without trimming it at all. +If release name contains chart name it will be used as a full name. +This value is essentially the same as "mimir.fullname" in the upstream chart. +*/}} +{{- define "mimir.fullname" -}} +{{- if .Values.mimir.fullnameOverride -}} +{{- .Values.mimir.fullnameOverride | trunc 25 | trimSuffix "-" -}} +{{- else -}} +{{- $name := .Values.mimir.nameOverride | default ( include "mimir.infixName" . ) | trunc 25 | trimSuffix "-" -}} +{{- $releasename := .Release.Name | trunc 25 | trimSuffix "-" -}} +{{- if contains $name .Release.Name -}} +{{- $releasename -}} +{{- else -}} +{{- printf "%s-%s" $releasename $name -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/helm/lgtm-distributed/values.yaml b/helm/lgtm-distributed/values.yaml new file mode 100644 index 00000000..688abc19 --- /dev/null +++ b/helm/lgtm-distributed/values.yaml @@ -0,0 +1,108 @@ +--- +grafana: + # -- Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. + enabled: true + + # -- Grafana data sources config. Connects to all three by default + datasources: + datasources.yaml: + apiVersion: 1 + # -- Datasources linked to the Grafana instance. Override if you disable any components. + datasources: + # https://grafana.com/docs/grafana/latest/datasources/loki/#provision-the-loki-data-source + - name: Loki + uid: loki + type: loki + url: http://{{ .Release.Name }}-loki-gateway + isDefault: false + # https://grafana.com/docs/grafana/latest/datasources/prometheus/#provision-the-data-source + - name: Mimir + uid: prom + type: prometheus + url: http://{{ .Release.Name }}-mimir-nginx/prometheus + isDefault: true + # https://grafana.com/docs/grafana/latest/datasources/tempo/configure-tempo-data-source/#provision-the-data-source + - name: Tempo + uid: tempo + type: tempo + url: http://{{ .Release.Name }}-tempo-query-frontend:3100 + isDefault: false + jsonData: + tracesToLogsV2: + datasourceUid: loki + lokiSearch: + datasourceUid: loki + tracesToMetrics: + datasourceUid: prom + serviceMap: + datasourceUid: prom + +loki: + # -- Deploy Loki if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/loki-distributed#values) for full values reference. + enabled: true + +# -- Mimir chart values. Resources are set to a minimum by default. +mimir: + # -- Deploy Mimir if enabled. See [upstream values.yaml](https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml) for full values reference. + enabled: true + alertmanager: + resources: + requests: + cpu: 20m + compactor: + resources: + requests: + cpu: 20m + distributor: + resources: + requests: + cpu: 20m + ingester: + replicas: 2 + zoneAwareReplication: + enabled: false + resources: + requests: + cpu: 20m + overrides_exporter: + resources: + requests: + cpu: 20m + querier: + replicas: 1 + resources: + requests: + cpu: 20m + query_frontend: + resources: + requests: + cpu: 20m + query_scheduler: + replicas: 1 + resources: + requests: + cpu: 20m + ruler: + resources: + requests: + cpu: 20m + store_gateway: + zoneAwareReplication: + enabled: false + resources: + requests: + cpu: 20m + minio: + resources: + requests: + cpu: 20m + rollout_operator: + resources: + requests: + cpu: 20m + +tempo: + # -- Deploy Tempo if enabled. See [upstream readme](https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/README.md#values) for full values reference. + enabled: true + ingester: + replicas: 3 From eabf9a0e9e899061b902243449e8a816ad49a142 Mon Sep 17 00:00:00 2001 From: EliseCastle23 Date: Wed, 22 May 2024 15:05:19 -0600 Subject: [PATCH 176/279] adding grafana --- .github/ct.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ct.yaml b/.github/ct.yaml index ff4f6239..969d7b0d 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -5,6 +5,7 @@ chart-dirs: chart-repos: - bitnami=https://charts.bitnami.com/bitnami - elastic=https://helm.elastic.co + - grafana=https://grafana.github.io/helm-charts helm-extra-args: --timeout 600s check-version-increment: true debug: false From 3155db4b804e9d3da2cfde75af79725b5099e08e Mon Sep 17 00:00:00 2001 From: Alan Walsh Date: Wed, 29 May 2024 14:32:50 -0400 Subject: [PATCH 177/279] Remove parens --- helm/portal/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portal/templates/secret.yaml b/helm/portal/templates/secret.yaml index 40f960d0..f8bf3a7d 100644 --- a/helm/portal/templates/secret.yaml +++ b/helm/portal/templates/secret.yaml @@ -22,7 +22,7 @@ data: {{- .Values.gitops.favicon | nindent 4 }} {{- else }} gitops-favicon.ico: | - {{- (.Files.Get "defaults/gitops-favicon.ico" ) | b64enc) | nindent 4 }} + {{- (.Files.Get "defaults/gitops-favicon.ico" | b64enc) | nindent 4 }} {{- end }} {{- if .Values.gitops.json }} gitops.json: | From 6190d6db620f281f01e9ba0f5f4cf9846a49043b Mon Sep 17 00:00:00 2001 From: Alan Walsh Date: Wed, 29 May 2024 14:44:16 -0400 Subject: [PATCH 178/279] Suffix for second createdby --- helm/portal/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portal/templates/secret.yaml b/helm/portal/templates/secret.yaml index f8bf3a7d..2a669ee4 100644 --- a/helm/portal/templates/secret.yaml +++ b/helm/portal/templates/secret.yaml @@ -7,7 +7,7 @@ data: gitops-createdby.png: | {{- .Values.gitops.createdby | nindent 4 }} {{- else }} - gitops-createdby: | + gitops-createdby.png: | {{- (.Files.Get "defaults/gitops-createdby.png" | b64enc) | nindent 4 }} {{- end }} {{- if .Values.gitops.css }} From ad9b9818b2fa96ac7ad5bf7e7e9f03890f0d3c83 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Fri, 31 May 2024 10:42:45 -0500 Subject: [PATCH 179/279] Merge in Neuvector work from Krumware --- .secrets.baseline | 6 +- helm/gen3/Chart.yaml | 13 +- helm/gen3/README.md | 14 +- helm/gen3/values.yaml | 29 ++ helm/neuvector/.helmignore | 23 ++ helm/neuvector/Chart.yaml | 34 ++ helm/neuvector/README.md | 21 ++ helm/neuvector/templates/_helpers.tpl | 62 ++++ .../templates/ambassador-nvsecurityrule.yaml | 212 +++++++++++ .../templates/arborist-nvsecurityrule.yaml | 218 +++++++++++ .../templates/audit-nvsecurityrule.yaml | 98 +++++ .../elasticsearch-nvsecurityrule.yaml | 87 +++++ .../templates/etl-cronjob-nvsecurityrule.yaml | 346 ++++++++++++++++++ .../templates/fence-nvsecurityrule.yaml | 294 +++++++++++++++ .../templates/guppy-nvsecurityrule.yaml | 129 +++++++ .../templates/hatchery-nvsecurityrule.yaml | 140 +++++++ .../templates/indexd-nvsecurityrule.yaml | 152 ++++++++ .../ingress-nvclustersecurityrule.yaml | 130 +++++++ .../manifestservice-nvsecurityrule.yaml | 166 +++++++++ .../templates/metadata-nvsecurityrule.yaml | 87 +++++ .../templates/peregrine-nvsecurityrule.yaml | 258 +++++++++++++ .../templates/pidgin-nvsecurityrule.yaml | 135 +++++++ .../templates/portal-nvsecurityrule.yaml | 182 +++++++++ .../templates/postgresql-nvsecurityrule.yaml | 138 +++++++ .../presigned-url-fence-nvsecurityrule.yaml | 173 +++++++++ .../templates/revproxy-nvsecurityrule.yaml | 175 +++++++++ .../templates/sheepdog-nvsecurityrule.yaml | 184 ++++++++++ .../templates/sower-nvsecurityrule.yaml | 32 ++ .../templates/wts-nvsecurityrule.yaml | 199 ++++++++++ helm/neuvector/values.yaml | 32 ++ 30 files changed, 3762 insertions(+), 7 deletions(-) create mode 100644 helm/neuvector/.helmignore create mode 100644 helm/neuvector/Chart.yaml create mode 100644 helm/neuvector/README.md create mode 100644 helm/neuvector/templates/_helpers.tpl create mode 100644 helm/neuvector/templates/ambassador-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/arborist-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/audit-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/etl-cronjob-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/fence-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/guppy-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/hatchery-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/indexd-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/ingress-nvclustersecurityrule.yaml create mode 100644 helm/neuvector/templates/manifestservice-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/metadata-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/peregrine-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/pidgin-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/portal-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/postgresql-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/revproxy-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/sheepdog-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/sower-nvsecurityrule.yaml create mode 100644 helm/neuvector/templates/wts-nvsecurityrule.yaml create mode 100644 helm/neuvector/values.yaml diff --git a/.secrets.baseline b/.secrets.baseline index 1b97c1c2..af928ac7 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-05-01T16:37:41Z", + "generated_at": "2024-05-31T15:29:39Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -346,14 +346,14 @@ "hashed_secret": "7422c958ec5a8e5f87c9e81cdf426ef0e193332c", "is_secret": false, "is_verified": false, - "line_number": 81, + "line_number": 83, "type": "Secret Keyword" }, { "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 115, + "line_number": 117, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index cfed82f7..dba9867c 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -96,7 +96,6 @@ dependencies: repository: "file://../wts" condition: wts.enabled - - name: elasticsearch version: 7.10.2 repository: "https://helm.elastic.co" @@ -106,6 +105,16 @@ dependencies: repository: "https://charts.bitnami.com/bitnami" condition: global.dev +# (optional) NeuVector Kubernetes Security Policy templates to protect Gen3 +# NeuVector must be installed separately. +# Reference: https://open-docs.neuvector.com/basics/overview +# Reference: https://github.com/neuvector/neuvector-helm +# For more information, please use the Gen3 community Slack. +- name: neuvector + version: "0.1.0" + repository: "file://../neuvector" + condition: neuvector.enabled + # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -119,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.34 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 7be42ca8..78cad213 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.33](https://img.shields.io/badge/Version-0.1.33-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -32,9 +32,10 @@ Helm chart to deploy Gen3 Data Commons | file://../indexd | indexd | 0.1.14 | | file://../manifestservice | manifestservice | 0.1.14 | | file://../metadata | metadata | 0.1.12 | +| file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.13 | | file://../pidgin | pidgin | 0.1.10 | -| file://../portal | portal | 0.1.13 | +| file://../portal | portal | 0.1.14 | | file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.14 | @@ -59,6 +60,7 @@ Helm chart to deploy Gen3 Data Commons | aws-es-proxy.secrets.awsSecretAccessKey | str | `""` | AWS secret access key for aws-es-proxy | | elasticsearch.clusterHealthCheckParams | string | `"wait_for_status=yellow&timeout=1s"` | | | elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | +| elasticsearch.esConfig."elasticsearch.yml" | string | `"# Here we can add elasticsearch config\n"` | | | elasticsearch.maxUnavailable | int | `0` | | | elasticsearch.replicas | int | `1` | | | elasticsearch.singleNode | bool | `true` | | @@ -149,6 +151,14 @@ Helm chart to deploy Gen3 Data Commons | indexd.enabled | bool | `true` | Whether to deploy the indexd subchart. | | manifestservice.enabled | bool | `true` | Whether to deploy the manifest service subchart. | | metadata.enabled | bool | `true` | Whether to deploy the metadata subchart. | +| neuvector.DB_HOST | string | `"development-gen3-postgresql"` | | +| neuvector.ES_HOST | string | `"gen3-elasticsearch-master"` | | +| neuvector.enabled | bool | `false` | | +| neuvector.ingress.class | string | `"nginx"` | | +| neuvector.ingress.controller | string | `"nginx-ingress-controller"` | | +| neuvector.ingress.namespace | string | `"nginx"` | | +| neuvector.policies.include | bool | `false` | | +| neuvector.policies.policyMode | string | `"Monitor"` | | | peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | | pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | | portal.enabled | bool | `true` | Whether to deploy the portal subchart. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 0d375e91..c122095b 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -282,3 +282,32 @@ elasticsearch: singleNode: true replicas: 1 clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s" + esConfig: + elasticsearch.yml: | + # Here we can add elasticsearch config + +# (optional) NeuVector Kubernetes Security Policy templates to protect Gen3 +# NeuVector must be installed separately. +# Reference: https://open-docs.neuvector.com/basics/overview +# Reference: https://github.com/neuvector/neuvector-helm +# For more information, please use the Gen3 community Slack. +neuvector: + # install Neuvector + enabled: false + policies: + # deploy predefined Neuvector policies for Gen3 + include: false + # Discover, Monitor, or Protect + policyMode: Monitor + # Configure your ingress controller information for enabling ingress to containers + ingress: + # service name of your ingress controller + controller: nginx-ingress-controller + # installation namespace of your ingress controller + namespace: nginx + # classname of your ingress + class: nginx + # Required to allow egress to in-cluster database or external, managed database + DB_HOST: development-gen3-postgresql + # hostname/service name for our ElasitcSearch instance, used to allow egress from containers + ES_HOST: gen3-elasticsearch-master diff --git a/helm/neuvector/.helmignore b/helm/neuvector/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/neuvector/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/neuvector/Chart.yaml b/helm/neuvector/Chart.yaml new file mode 100644 index 00000000..46be470b --- /dev/null +++ b/helm/neuvector/Chart.yaml @@ -0,0 +1,34 @@ +apiVersion: v2 +name: neuvector +description: NeuVector Kubernetes Security Policy templates to protect Gen3 + +# NeuVector must be installed separately. +# Reference: https://open-docs.neuvector.com/basics/overview +# Reference: https://github.com/neuvector/neuvector-helm +# For more information, please use the Gen3 community Slack. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +# Todo: Evaluate inclusion of NeuVector installation +# dependencies: +# - name: neuvector +# version: "5.2.2-s1" +# repository: "https://neuvector.github.io/neuvector-helm/core" diff --git a/helm/neuvector/README.md b/helm/neuvector/README.md new file mode 100644 index 00000000..c69d8513 --- /dev/null +++ b/helm/neuvector/README.md @@ -0,0 +1,21 @@ +# neuvector + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +NeuVector Kubernetes Security Policy templates to protect Gen3 + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ARGOCD_PREFIX | string | `"development-gen3"` | | +| DB_HOST | string | `"development-gen3-postgresql"` | | +| ES_HOST | string | `"gen3-elasticsearch-master"` | | +| fullnameOverride | string | `""` | | +| ingress.class | string | `"nginx"` | | +| ingress.controller | string | `"nginx-ingress-controller"` | | +| ingress.namespace | string | `"nginx"` | | +| nameOverride | string | `""` | | +| policies.include | bool | `true` | | +| policies.policyMode | string | `"Monitor"` | | + diff --git a/helm/neuvector/templates/_helpers.tpl b/helm/neuvector/templates/_helpers.tpl new file mode 100644 index 00000000..cc8472e7 --- /dev/null +++ b/helm/neuvector/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "neuvector.labels" -}} +helm.sh/chart: {{ include "neuvector.chart" . }} +{{ include "neuvector.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "neuvector.selectorLabels" -}} +app.kubernetes.io/name: {{ include "neuvector.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "neuvector.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "neuvector.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/neuvector/templates/ambassador-nvsecurityrule.yaml b/helm/neuvector/templates/ambassador-nvsecurityrule.yaml new file mode 100644 index 00000000..01166345 --- /dev/null +++ b/helm/neuvector/templates/ambassador-nvsecurityrule.yaml @@ -0,0 +1,212 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.ambassador-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-0 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - SSL + name: external-egress-1 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.ambassador-deployment.{{ .Release.Namespace }}-ingress-6 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.ambassador-deployment.{{ .Release.Namespace }}-ingress-7 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: hatchery-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.hatchery-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.ambassador-deployment.{{ .Release.Namespace }}-ingress-8 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.ambassador-deployment.{{ .Release.Namespace }}-ingress-9 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.ambassador-deployment.{{ .Release.Namespace }}-ingress-10 + ports: tcp/8080 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: ambex + path: /opt/ambassador/bin/ambassador + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: busybox + path: /bin/busybox + - action: allow + allow_update: false + name: curl + path: /usr/bin/curl + - action: allow + allow_update: false + name: date + path: /bin/busybox + - action: allow + allow_update: false + name: diagd + path: /usr/bin/python3.7 + - action: allow + allow_update: false + name: env + path: /bin/busybox + - action: allow + allow_update: false + name: envoy + path: /usr/local/bin/envoy + - action: allow + allow_update: false + name: find + path: /bin/busybox + - action: allow + allow_update: false + name: grep + path: /bin/busybox + - action: allow + allow_update: false + name: mkdir + path: /bin/busybox + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: python + path: /usr/bin/python3.7 + - action: allow + allow_update: false + name: python3 + path: /usr/bin/python3.7 + - action: allow + allow_update: false + name: sh + path: /bin/busybox + - action: allow + allow_update: false + name: sleep + path: /bin/busybox + - action: allow + allow_update: false + name: sort + path: /bin/busybox + - action: allow + allow_update: false + name: uname + path: /bin/busybox + - action: allow + allow_update: false + name: watt + path: /opt/ambassador/bin/ambassador + - action: allow + allow_update: false + name: wc + path: /bin/busybox + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: ambassador-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.ambassador-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/arborist-nvsecurityrule.yaml b/helm/neuvector/templates/arborist-nvsecurityrule.yaml new file mode 100644 index 00000000..5ee722d7 --- /dev/null +++ b/helm/neuvector/templates/arborist-nvsecurityrule.yaml @@ -0,0 +1,218 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.arborist-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-7 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - HTTP + name: nv.fence-deployment.{{ .Release.Namespace }}-egress-8 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.fence-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-egress-9 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.DB_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-17 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-18 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-19 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-20 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.fence-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-21 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: peregrine-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.peregrine-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-22 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: guppy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.guppy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-23 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.arborist-deployment.{{ .Release.Namespace }}-ingress-24 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: hatchery-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.hatchery-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: arborist + path: /go/src/github.com/uc-cdis/arborist/bin/arborist + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: sh + path: /bin/dash + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: arborist-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.arborist-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/audit-nvsecurityrule.yaml b/helm/neuvector/templates/audit-nvsecurityrule.yaml new file mode 100644 index 00000000..5320e394 --- /dev/null +++ b/helm/neuvector/templates/audit-nvsecurityrule.yaml @@ -0,0 +1,98 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.audit-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-5 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-egress-6 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.DB_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.audit-deployment.{{ .Release.Namespace }}-ingress-15 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - any + name: nv.audit-deployment.{{ .Release.Namespace }}-ingress-16 + ports: tcp/80 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: alembic + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: gunicorn + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: pause + path: /pause + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: audit-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.audit-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml b/helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml new file mode 100644 index 00000000..4089bf63 --- /dev/null +++ b/helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml @@ -0,0 +1,87 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.gen3-elasticsearch-master.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: [] + file: [] + ingress: + - action: allow + applications: + - any + name: nv.gen3-elasticsearch-master.{{ .Release.Namespace }}-ingress-39 + ports: tcp/9200 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.gen3-elasticsearch-master.{{ .Release.Namespace }}-ingress-40 + ports: tcp/9200 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: guppy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.guppy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.gen3-elasticsearch-master.{{ .Release.Namespace }}-ingress-41 + ports: tcp/9200 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: guppy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.guppy-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: sh + path: '*' + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: gen3-elasticsearch-master.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.gen3-elasticsearch-master.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/etl-cronjob-nvsecurityrule.yaml b/helm/neuvector/templates/etl-cronjob-nvsecurityrule.yaml new file mode 100644 index 00000000..8a75b418 --- /dev/null +++ b/helm/neuvector/templates/etl-cronjob-nvsecurityrule.yaml @@ -0,0 +1,346 @@ +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.etl-cronjob-rule.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-0 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - HTTP + name: nv.{{ .Values.ES_HOST }}.{{ .Release.Namespace }}-egress-1 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ES_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.ES_HOST }}.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-egress-2 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.DB_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: external-egress-3 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-4 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - any + name: nv.etl-cronjob.{{ .Release.Namespace }}-ingress-0 + ports: tcp/9000 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: bash + path: /usr/bin/env + - action: allow + allow_update: false + name: bash + path: /usr/bin/setsid + - action: allow + allow_update: false + name: cat + path: /bin/cat + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: cp + path: /bin/cp + - action: allow + allow_update: false + name: df + path: /bin/df + - action: allow + allow_update: false + name: dirname + path: /usr/bin/dirname + - action: allow + allow_update: false + name: dpkg + path: /usr/bin/dpkg + - action: allow + allow_update: false + name: dpkg-query + path: /usr/bin/dpkg-query + - action: allow + allow_update: false + name: du + path: /usr/bin/du + - action: allow + allow_update: false + name: env + path: /usr/bin/env + - action: allow + allow_update: false + name: getconf + path: /usr/bin/getconf + - action: allow + allow_update: false + name: gzip + path: /bin/gzip + - action: allow + allow_update: false + name: hadoop + path: /usr/bin/env + - action: allow + allow_update: false + name: hdfs + path: /usr/bin/env + - action: allow + allow_update: false + name: head + path: /usr/bin/head + - action: allow + allow_update: false + name: id + path: /usr/bin/id + - action: allow + allow_update: false + name: java + path: /usr/lib/jvm/java-11-openjdk-amd64/bin/java + - action: allow + allow_update: false + name: jks-keystore + path: /bin/dash + - action: allow + allow_update: false + name: ld-2.28.so + path: /lib/x86_64-linux-gnu/ld-2.28.so + - action: allow + allow_update: false + name: ld-linux-x86-64 + path: /lib/x86_64-linux-gnu/ld-2.28.so + - action: allow + allow_update: false + name: ld-linux-x86-64.so.2 + path: /lib/x86_64-linux-gnu/ld-2.28.so + - action: allow + allow_update: false + name: ldd + path: /bin/bash + - action: allow + allow_update: false + name: ls + path: /bin/ls + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mountpoint + path: /bin/mountpoint + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nice + path: /usr/bin/nice + - action: allow + allow_update: false + name: nohup + path: /usr/bin/nohup + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: ps + path: /bin/ps + - action: allow + allow_update: false + name: psql + path: /usr/bin/perl + - action: allow + allow_update: false + name: psql + path: /usr/lib/postgresql/11/bin/psql + - action: allow + allow_update: false + name: python + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: python3 + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: renice + path: /usr/bin/renice + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: setsid + path: /usr/bin/setsid + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: slaves.sh + path: /usr/bin/env + - action: allow + allow_update: false + name: sleep + path: /bin/sleep + - action: allow + allow_update: false + name: spark-class + path: /usr/bin/env + - action: allow + allow_update: false + name: spark-submit + path: /usr/bin/env + - action: allow + allow_update: false + name: sqoop + path: /bin/bash + - action: allow + allow_update: false + name: ssh-keygen + path: /usr/bin/ssh-keygen + - action: allow + allow_update: false + name: sysctl + path: /sbin/sysctl + - action: allow + allow_update: false + name: tail + path: /usr/bin/tail + - action: allow + allow_update: false + name: tar + path: /bin/tar + - action: allow + allow_update: false + name: touch + path: /bin/touch + - action: allow + allow_update: false + name: tr + path: /usr/bin/tr + - action: allow + allow_update: false + name: uname + path: /bin/uname + - action: allow + allow_update: false + name: wget + path: /usr/bin/wget + - action: allow + allow_update: false + name: yarn + path: /usr/bin/env + process_profile: + baseline: zero-drift + target: + selector: + comment: "" + criteria: + - key: service + op: regex + value: etl-cronjob-.*\.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: etl-cronjob.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true diff --git a/helm/neuvector/templates/fence-nvsecurityrule.yaml b/helm/neuvector/templates/fence-nvsecurityrule.yaml new file mode 100644 index 00000000..8dc08b8f --- /dev/null +++ b/helm/neuvector/templates/fence-nvsecurityrule.yaml @@ -0,0 +1,294 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.fence-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - any + name: nodes-egress-12 + ports: tcp/8126 + priority: 0 + selector: + comment: "" + criteria: [] + name: nodes + original_name: "" + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-13 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - SSL + name: external-egress-14 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-31 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-32 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-33 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-34 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: peregrine-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.peregrine-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-35 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: hatchery-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.hatchery-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-36 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-37 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: cert-manager.cert-manager + - key: domain + op: = + value: cert-manager + name: nv.cert-manager.cert-manager + original_name: "" + - action: allow + applications: + - HTTP + name: nv.fence-deployment.{{ .Release.Namespace }}-ingress-38 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: manifestservice-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.manifestservice-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: cat + path: /bin/cat + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: chown + path: /bin/chown + - action: allow + allow_update: false + name: ddtrace-run + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: fence-create + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: ldconfig + path: /sbin/ldconfig + - action: allow + allow_update: false + name: ls + path: /bin/ls + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: pip + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: python + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uname + path: /bin/uname + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.fence-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/guppy-nvsecurityrule.yaml b/helm/neuvector/templates/guppy-nvsecurityrule.yaml new file mode 100644 index 00000000..6d05c7fd --- /dev/null +++ b/helm/neuvector/templates/guppy-nvsecurityrule.yaml @@ -0,0 +1,129 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.guppy-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-15 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.guppy-deployment.{{ .Release.Namespace }}-ingress-42 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - any + name: nv.guppy-deployment.{{ .Release.Namespace }}-ingress-43 + ports: tcp/8000 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.guppy-deployment.{{ .Release.Namespace }}-ingress-44 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.guppy-deployment.{{ .Release.Namespace }}-ingress-45 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: bash + path: /usr/bin/bash + - action: allow + allow_update: false + name: cat + path: /usr/bin/cat + - action: allow + allow_update: false + name: dash + path: /usr/bin/dash + - action: allow + allow_update: false + name: ls + path: /usr/bin/ls + - action: allow + allow_update: false + name: node + path: /usr/bin/node + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: runc + path: /usr/bin/runc + - action: allow + allow_update: false + name: sh + path: /usr/bin/dash + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: guppy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.guppy-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/hatchery-nvsecurityrule.yaml b/helm/neuvector/templates/hatchery-nvsecurityrule.yaml new file mode 100644 index 00000000..cf46a487 --- /dev/null +++ b/helm/neuvector/templates/hatchery-nvsecurityrule.yaml @@ -0,0 +1,140 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.hatchery-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-16 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - SSL + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }}-egress-17 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: external-egress-18 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - SSL + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-19 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.hatchery-deployment.{{ .Release.Namespace }}-ingress-46 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.hatchery-deployment.{{ .Release.Namespace }}-ingress-47 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.hatchery-deployment.{{ .Release.Namespace }}-ingress-48 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: hatchery + path: /hatchery + - action: allow + allow_update: false + name: pause + path: /pause + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: hatchery-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.hatchery-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/indexd-nvsecurityrule.yaml b/helm/neuvector/templates/indexd-nvsecurityrule.yaml new file mode 100644 index 00000000..db1e1000 --- /dev/null +++ b/helm/neuvector/templates/indexd-nvsecurityrule.yaml @@ -0,0 +1,152 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.indexd-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-20 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.indexd-deployment.{{ .Release.Namespace }}-ingress-49 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.indexd-deployment.{{ .Release.Namespace }}-ingress-50 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.indexd-deployment.{{ .Release.Namespace }}-ingress-51 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.indexd-deployment.{{ .Release.Namespace }}-ingress-52 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: chown + path: /bin/chown + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: indexd-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.indexd-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/ingress-nvclustersecurityrule.yaml b/helm/neuvector/templates/ingress-nvclustersecurityrule.yaml new file mode 100644 index 00000000..febb5ef0 --- /dev/null +++ b/helm/neuvector/templates/ingress-nvclustersecurityrule.yaml @@ -0,0 +1,130 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvClusterSecurityRule +metadata: + name: {{ .Release.Namespace }} + namespace: "" +spec: + dlp: + settings: [] + status: true + egress: [] + file: [] + ingress: + - action: allow + applications: + - any + name: {{ .Release.Namespace }}-ingress-0 + ports: tcp/8089 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - any + name: {{ .Release.Namespace }}-ingress-1 + ports: tcp/8089 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - any + name: {{ .Release.Namespace }}-ingress-2 + ports: tcp/8089 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - any + name: {{ .Release.Namespace }}-ingress-3 + ports: tcp/8089 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - any + name: {{ .Release.Namespace }}-ingress-4 + ports: tcp/8089 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: deny + applications: + - any + name: {{ .Release.Namespace }}-ingress-5 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + process: [] + target: + policymode: N/A + selector: + comment: gen3 development group + criteria: + - key: namespace + op: = + value: {{ .Release.Namespace }} + name: {{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/manifestservice-nvsecurityrule.yaml b/helm/neuvector/templates/manifestservice-nvsecurityrule.yaml new file mode 100644 index 00000000..1efd07f5 --- /dev/null +++ b/helm/neuvector/templates/manifestservice-nvsecurityrule.yaml @@ -0,0 +1,166 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.manifestservice-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-21 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.manifestservice-deployment.{{ .Release.Namespace }}-ingress-53 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - any + name: nv.manifestservice-deployment.{{ .Release.Namespace }}-ingress-54 + ports: tcp/80 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.manifestservice-deployment.{{ .Release.Namespace }}-ingress-55 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: cat + path: /bin/cat + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: grep + path: /bin/grep + - action: allow + allow_update: false + name: ldconfig + path: /sbin/ldconfig + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mktemp + path: /bin/mktemp + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: manifestservice-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.manifestservice-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/metadata-nvsecurityrule.yaml b/helm/neuvector/templates/metadata-nvsecurityrule.yaml new file mode 100644 index 00000000..3d85201c --- /dev/null +++ b/helm/neuvector/templates/metadata-nvsecurityrule.yaml @@ -0,0 +1,87 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.metadata-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-22 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.metadata-deployment.{{ .Release.Namespace }}-ingress-56 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: alembic + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: grep + path: /bin/grep + - action: allow + allow_update: false + name: gunicorn + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: runc + path: /usr/bin/runc + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: metadata-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.metadata-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/peregrine-nvsecurityrule.yaml b/helm/neuvector/templates/peregrine-nvsecurityrule.yaml new file mode 100644 index 00000000..f9df4477 --- /dev/null +++ b/helm/neuvector/templates/peregrine-nvsecurityrule.yaml @@ -0,0 +1,258 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.peregrine-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-23 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - SSL + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-24 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + - SSL + name: external-egress-25 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + - SSL + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }}-egress-26 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-57 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-58 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: pidgin-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.pidgin-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-59 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-60 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-61 + ports: tcp/80 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.peregrine-deployment.{{ .Release.Namespace }}-ingress-62 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: portal-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.portal-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: cat + path: /bin/cat + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: dash + path: /bin/dash + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: grep + path: /bin/grep + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mktemp + path: /bin/mktemp + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: peregrine-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.peregrine-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/pidgin-nvsecurityrule.yaml b/helm/neuvector/templates/pidgin-nvsecurityrule.yaml new file mode 100644 index 00000000..8f68b21a --- /dev/null +++ b/helm/neuvector/templates/pidgin-nvsecurityrule.yaml @@ -0,0 +1,135 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.pidgin-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-27 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.pidgin-deployment.{{ .Release.Namespace }}-ingress-63 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: dash + path: /bin/dash + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: grep + path: /bin/grep + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mktemp + path: /bin/mktemp + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: pidgin-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.pidgin-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/portal-nvsecurityrule.yaml b/helm/neuvector/templates/portal-nvsecurityrule.yaml new file mode 100644 index 00000000..0bbb87f3 --- /dev/null +++ b/helm/neuvector/templates/portal-nvsecurityrule.yaml @@ -0,0 +1,182 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.portal-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - any + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-28 + ports: tcp/80 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-29 + ports: tcp/80 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - any + name: nv.revproxy-deployment.{{ .Release.Namespace }}-egress-30 + ports: tcp/80 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.sheepdog-deployment.{{ .Release.Namespace }}-egress-31 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.portal-deployment.{{ .Release.Namespace }}-ingress-64 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.portal-deployment.{{ .Release.Namespace }}-ingress-65 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.portal-deployment.{{ .Release.Namespace }}-ingress-66 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + process: + - action: allow + allow_update: false + name: bash + path: /usr/bin/bash + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: node + path: /usr/bin/node + - action: allow + allow_update: false + name: npm + path: /usr/bin/env + - action: allow + allow_update: false + name: npm + path: /usr/bin/node + - action: allow + allow_update: false + name: npx + path: /usr/bin/env + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: relay-compiler + path: /usr/bin/env + - action: allow + allow_update: false + name: sh + path: /usr/bin/dash + - action: allow + allow_update: false + name: webpack + path: /usr/bin/env + - action: allow + allow_update: false + name: webpack + path: /usr/bin/node + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: portal-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.portal-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/postgresql-nvsecurityrule.yaml b/helm/neuvector/templates/postgresql-nvsecurityrule.yaml new file mode 100644 index 00000000..d1d1f076 --- /dev/null +++ b/helm/neuvector/templates/postgresql-nvsecurityrule.yaml @@ -0,0 +1,138 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: [] + file: [] + ingress: + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-25 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: peregrine-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.peregrine-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-26 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-27 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: indexd-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.indexd-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-28 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: metadata-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.metadata-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-29 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: presigned-url-fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.presigned-url-fence-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-ingress-30 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.fence-deployment.{{ .Release.Namespace }} + original_name: "" + process: + - action: allow + allow_update: false + name: sh + path: '*' + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.DB_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml b/helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml new file mode 100644 index 00000000..5677d408 --- /dev/null +++ b/helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml @@ -0,0 +1,173 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.presigned-url-fence-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - any + name: nodes-egress-32 + ports: tcp/8126 + priority: 0 + selector: + comment: "" + criteria: [] + name: nodes + original_name: "" + - action: allow + applications: + - SSL + name: external-egress-33 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-34 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.presigned-url-fence-deployment.{{ .Release.Namespace }}-ingress-67 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: cat + path: /bin/cat + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: chown + path: /bin/chown + - action: allow + allow_update: false + name: ddtrace-run + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: ldconfig + path: /sbin/ldconfig + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mktemp + path: /bin/mktemp + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: pip + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uname + path: /bin/uname + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: presigned-url-fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.presigned-url-fence-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/revproxy-nvsecurityrule.yaml b/helm/neuvector/templates/revproxy-nvsecurityrule.yaml new file mode 100644 index 00000000..3661369b --- /dev/null +++ b/helm/neuvector/templates/revproxy-nvsecurityrule.yaml @@ -0,0 +1,175 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.revproxy-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-35 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - HTTP + name: nv.sheepdog-deployment.{{ .Release.Namespace }}-egress-36 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - any + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-68 + ports: tcp/80,tcp/443 + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-69 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - HTTP + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-70 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-71 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - SSL + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-72 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - SSL + name: nv.revproxy-deployment.{{ .Release.Namespace }}-ingress-73 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: cert-manager.cert-manager + - key: domain + op: = + value: cert-manager + name: nv.cert-manager.cert-manager + original_name: "" + process: + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: curl + path: /usr/bin/curl + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: sh + path: /bin/dash + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/sheepdog-nvsecurityrule.yaml b/helm/neuvector/templates/sheepdog-nvsecurityrule.yaml new file mode 100644 index 00000000..d587e45a --- /dev/null +++ b/helm/neuvector/templates/sheepdog-nvsecurityrule.yaml @@ -0,0 +1,184 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.sheepdog-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-37 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - HTTP + - SSL + name: external-egress-38 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + - SSL + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }}-egress-39 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + - key: domain + op: = + value: {{ .Values.ingress.class }} + name: nv.{{ .Values.ingress.controller }}.{{ .Values.ingress.namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - HTTP + name: nv.sheepdog-deployment.{{ .Release.Namespace }}-ingress-74 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.sheepdog-deployment.{{ .Release.Namespace }}-ingress-75 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + process: + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: bash + path: /bin/bash + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: ldconfig + path: /sbin/ldconfig + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: python + path: /usr/local/bin/python3.6 + - action: allow + allow_update: false + name: python3 + path: /usr/local/bin/python3.6 + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uname + path: /bin/uname + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: sheepdog-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sheepdog-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/sower-nvsecurityrule.yaml b/helm/neuvector/templates/sower-nvsecurityrule.yaml new file mode 100644 index 00000000..fac23984 --- /dev/null +++ b/helm/neuvector/templates/sower-nvsecurityrule.yaml @@ -0,0 +1,32 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.sower.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: [] + file: [] + ingress: [] + process: [] + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: sower.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.sower.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/templates/wts-nvsecurityrule.yaml b/helm/neuvector/templates/wts-nvsecurityrule.yaml new file mode 100644 index 00000000..de07659a --- /dev/null +++ b/helm/neuvector/templates/wts-nvsecurityrule.yaml @@ -0,0 +1,199 @@ +{{- if .Values.policies.include }} +apiVersion: neuvector.com/v1 +kind: NvSecurityRule +metadata: + name: nv.wts-deployment.{{ .Release.Namespace }} +spec: + dlp: + settings: [] + status: true + egress: + - action: allow + applications: + - DNS + name: nv.kube-dns.kube-system-egress-2 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: kube-dns.kube-system + - key: domain + op: = + value: kube-system + name: nv.kube-dns.kube-system + original_name: "" + - action: allow + applications: + - HTTP + name: nv.fence-deployment.{{ .Release.Namespace }}-egress-3 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: fence-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.fence-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - PostgreSQL + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }}-egress-4 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: {{ .Values.DB_HOST }}.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.{{ .Values.DB_HOST }}.{{ .Release.Namespace }} + original_name: "" + file: [] + ingress: + - action: allow + applications: + - any + name: nv.wts-deployment.{{ .Release.Namespace }}-ingress-11 + ports: tcp/80 + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + - action: allow + applications: + - SSL + name: nv.wts-deployment.{{ .Release.Namespace }}-ingress-12 + ports: any + priority: 0 + selector: + comment: "" + criteria: [] + name: external + original_name: "" + - action: allow + applications: + - HTTP + name: nv.wts-deployment.{{ .Release.Namespace }}-ingress-13 + ports: any + priority: 0 + selector: + comment: "" + criteria: + - key: service + op: = + value: revproxy-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.revproxy-deployment.{{ .Release.Namespace }} + original_name: "" + - action: allow + applications: + - HTTP + name: nv.wts-deployment.{{ .Release.Namespace }}-ingress-14 + ports: any + priority: 0 + selector: + comment: "" + name: Workload:ingress + original_name: "" + process: + - action: allow + allow_update: false + name: alembic + path: /usr/local/bin/python3.9 + - action: allow + allow_update: false + name: basename + path: /usr/bin/basename + - action: allow + allow_update: false + name: chmod + path: /bin/chmod + - action: allow + allow_update: false + name: dockerrun.sh + path: /bin/dash + - action: allow + allow_update: false + name: find + path: /usr/bin/find + - action: allow + allow_update: false + name: mkdir + path: /bin/mkdir + - action: allow + allow_update: false + name: mv + path: /bin/mv + - action: allow + allow_update: false + name: nginx + path: /usr/sbin/nginx + - action: allow + allow_update: false + name: pause + path: /pause + - action: allow + allow_update: false + name: readlink + path: /bin/readlink + - action: allow + allow_update: false + name: rm + path: /bin/rm + - action: allow + allow_update: false + name: run-parts + path: /bin/run-parts + - action: allow + allow_update: false + name: sed + path: /bin/sed + - action: allow + allow_update: false + name: sh + path: /bin/dash + - action: allow + allow_update: false + name: sort + path: /usr/bin/sort + - action: allow + allow_update: false + name: uwsgi + path: /usr/local/bin/uwsgi + - action: allow + allow_update: false + name: wc + path: /usr/bin/wc + process_profile: + baseline: zero-drift + target: + policymode: {{ .Values.policies.policyMode }} + selector: + comment: "" + criteria: + - key: service + op: = + value: wts-deployment.{{ .Release.Namespace }} + - key: domain + op: = + value: {{ .Release.Namespace }} + name: nv.wts-deployment.{{ .Release.Namespace }} + original_name: "" + waf: + settings: [] + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector/values.yaml b/helm/neuvector/values.yaml new file mode 100644 index 00000000..410689cd --- /dev/null +++ b/helm/neuvector/values.yaml @@ -0,0 +1,32 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +nameOverride: "" +fullnameOverride: "" + +policies: + # deploy predefined Neuvector policies for Gen3 + include: true + # Neuvector policy enforcement mode + # Discover, Monitor, or Protect + # dev: Monitor + # prod: Protect + policyMode: Monitor + +# hostname/service name for our DB +DB_HOST: development-gen3-postgresql +# hostname/service name for our ElasitcSearch instance +ES_HOST: gen3-elasticsearch-master + +# Prefix for relevant services deployed through Argo +ARGOCD_PREFIX: development-gen3 + +# Configure your ingress controller information for enabling ingress to containers +ingress: + # service name of your ingress controller + controller: nginx-ingress-controller + # installation namespace of your ingress controller + namespace: nginx + # classname of your ingress + class: nginx From f1eee0f8f7d6af08f8d87391368eb38fb36420d9 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Fri, 31 May 2024 10:44:49 -0500 Subject: [PATCH 180/279] Merge in Neuvector work from Krumware --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index dba9867c..60b576be 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.14 + version: 0.1.15 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.35 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 78cad213..ee8d2c43 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.35](https://img.shields.io/badge/Version-0.1.35-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -35,7 +35,7 @@ Helm chart to deploy Gen3 Data Commons | file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.13 | | file://../pidgin | pidgin | 0.1.10 | -| file://../portal | portal | 0.1.14 | +| file://../portal | portal | 0.1.15 | | file://../requestor | requestor | 0.1.11 | | file://../revproxy | revproxy | 0.1.14 | | file://../sheepdog | sheepdog | 0.1.14 | diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 012e78cf..6141c5e5 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index daafacfc..af2b96ea 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal From 62d6d2a30c8c2f3f55fe3607d9078e9602c3f15b Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 2 May 2024 12:02:58 +1000 Subject: [PATCH 181/279] Ability to set an AWS region for Secret Manager --- helm/common/templates/_external_secrets.tpl | 2 +- helm/common/values.yaml | 4 ++++ helm/gen3/Chart.yaml | 2 +- helm/gen3/templates/cluster-secret-store.yaml | 2 +- helm/gen3/values.yaml | 2 ++ 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index dc9f865b..214bc13e 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -50,7 +50,7 @@ spec: provider: aws: service: SecretsManager - region: us-east-1 + region: {{ .Values.global.aws.region }} auth: secretRef: accessKeyIDSecretRef: diff --git a/helm/common/values.yaml b/helm/common/values.yaml index 3d3d2297..51b8616b 100644 --- a/helm/common/values.yaml +++ b/helm/common/values.yaml @@ -5,6 +5,10 @@ # Global configuration global: + # -- (map) AWS configuration + aws: + # -- (string) AWS region for this deployment + region: us-east-1 # -- (bool) Whether the deployment is for development purposes. dev: true diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 60b576be..476b049e 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.35 +version: 0.1.36 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml index 5035e4d0..28ffe29e 100644 --- a/helm/gen3/templates/cluster-secret-store.yaml +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -9,7 +9,7 @@ spec: provider: aws: service: SecretsManager - region: us-east-1 + region: {{ .Values.global.aws.region }} auth: secretRef: accessKeyIDSecretRef: diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index c122095b..79001c78 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -6,6 +6,8 @@ global: # -- (map) AWS configuration aws: + # -- (string) AWS region for this deployment + region: us-east-1 # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. enabled: false # -- (string) Credentials for AWS stuff. From c6380588e80e2ffa31349d6ab8757316d353080a Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 13 May 2024 13:17:20 +1000 Subject: [PATCH 182/279] support for service account and IAM role --- helm/common/templates/_external_secrets.tpl | 6 ++++ .../secret-store-service-account.yaml | 29 +++++++++++++++++++ helm/gen3/values.yaml | 8 +++++ 3 files changed, 43 insertions(+) create mode 100644 helm/gen3/templates/secret-store-service-account.yaml diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index 214bc13e..a8a7c6be 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -52,6 +52,11 @@ spec: service: SecretsManager region: {{ .Values.global.aws.region }} auth: + {{- if .Values.global.aws.secretStoreServiceAccount.enabled }} + jwt: + serviceAccountRef: + name: {{ .Values.global.aws.secretStoreServiceAccount.enabled }} + {{- else }} secretRef: accessKeyIDSecretRef: name: {{.Chart.Name}}-aws-config @@ -59,6 +64,7 @@ spec: secretAccessKeySecretRef: name: {{.Chart.Name}}-aws-config key: secret-access-key + {{- end}} {{- end }} diff --git a/helm/gen3/templates/secret-store-service-account.yaml b/helm/gen3/templates/secret-store-service-account.yaml new file mode 100644 index 00000000..0284bac4 --- /dev/null +++ b/helm/gen3/templates/secret-store-service-account.yaml @@ -0,0 +1,29 @@ +{{- if .Values.global.aws.secretStoreServiceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.global.aws.secretStoreServiceAccount.name }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.global.aws.secretStoreServiceAccount.roleArn }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: external-secrets-role +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: external-secrets-rolebinding +subjects: +- kind: ServiceAccount + name: {{ .Values.global.aws.secretStoreServiceAccount.name }} +roleRef: + kind: Role + name: external-secrets-role + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 79001c78..4c62b34f 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -14,6 +14,14 @@ global: awsAccessKeyId: # -- (string) Credentials for AWS stuff. awsSecretAccessKey: + # -- (map) Service account and AWS role for authentication to AWS Secrets Manager + secretStoreServiceAccount: + # -- (bool) Set true if deploying to AWS and want to use service account and IAM role instead of aws keys. Must provide role-arn. + enabled: false + # -- (string) Name of the service account to create + name: secret-store-sa + # -- (string) AWS Role ARN for Secret Store to use + roleArn: # -- (map) Local secret setting if using a pre-exising secret. useLocalSecret: # -- (bool) Set to true if you would like to use a secret that is already running on your cluster. From 65a87c4df60a62239902998a277bd6edaa8a9e0e Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 13 May 2024 13:19:11 +1000 Subject: [PATCH 183/279] version bump --- helm/common/Chart.yaml | 2 +- helm/gen3/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 93ebbc0f..11151e9d 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 476b049e..f6b02649 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -25,7 +25,7 @@ dependencies: repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.10 + version: 0.1.11 repository: file://../common - name: etl version: 0.1.1 From 881c8f0a342d8e66e28885f894a2018792364829 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Mon, 13 May 2024 14:23:16 +1000 Subject: [PATCH 184/279] fix typo --- helm/common/templates/_external_secrets.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/common/templates/_external_secrets.tpl b/helm/common/templates/_external_secrets.tpl index a8a7c6be..d684ceed 100644 --- a/helm/common/templates/_external_secrets.tpl +++ b/helm/common/templates/_external_secrets.tpl @@ -55,7 +55,7 @@ spec: {{- if .Values.global.aws.secretStoreServiceAccount.enabled }} jwt: serviceAccountRef: - name: {{ .Values.global.aws.secretStoreServiceAccount.enabled }} + name: {{ .Values.global.aws.secretStoreServiceAccount.name }} {{- else }} secretRef: accessKeyIDSecretRef: From cdf46948646ec069d41e5bfdbf7089a914d721d0 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 11 Jun 2024 09:04:10 -0600 Subject: [PATCH 185/279] fix trailng space --- .secrets.baseline | 8 ++++---- helm/common/README.md | 4 +++- helm/gen3/README.md | 11 ++++++++--- helm/gen3/values.yaml | 2 +- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index af928ac7..3288f23a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-05-31T15:29:39Z", + "generated_at": "2024-06-11T15:04:04Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -179,7 +179,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 23, + "line_number": 25, "type": "Secret Keyword" } ], @@ -353,7 +353,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 117, + "line_number": 122, "type": "Secret Keyword" } ], @@ -362,7 +362,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 190, + "line_number": 200, "type": "Secret Keyword" } ], diff --git a/helm/common/README.md b/helm/common/README.md index 75e6a5d7..1fe4bdf7 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 @@ -8,6 +8,8 @@ A Helm chart for provisioning databases in gen3 | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.aws | map | `{"region":"us-east-1"}` | AWS configuration | +| global.aws.region | string | `"us-east-1"` | AWS region for this deployment | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ee8d2c43..37cf5432 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.35](https://img.shields.io/badge/Version-0.1.35-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.36](https://img.shields.io/badge/Version-0.1.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -23,7 +23,7 @@ Helm chart to deploy Gen3 Data Commons | file://../argo-wrapper | argo-wrapper | 0.1.7 | | file://../audit | audit | 0.1.12 | | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.11 | | file://../etl | etl | 0.1.1 | | file://../fence | fence | 0.1.18 | | file://../frontend-framework | frontend-framework | 0.1.1 | @@ -80,10 +80,15 @@ Helm chart to deploy Gen3 Data Commons | frontend-framework.image | map | `{"repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | | frontend-framework.image.repository | string | `"quay.io/cdis/frontend-framework"` | The Docker image repository for the frontend-framework. | | frontend-framework.image.tag | string | `"develop"` | Overrides the image tag whose default is the chart appVersion. | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"region":"us-east-1","secretStoreServiceAccount":{"enabled":false,"name":"secret-store-sa","roleArn":null},"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.region | string | `"us-east-1"` | AWS region for this deployment | +| global.aws.secretStoreServiceAccount | map | `{"enabled":false,"name":"secret-store-sa","roleArn":null}` | Service account and AWS role for authentication to AWS Secrets Manager | +| global.aws.secretStoreServiceAccount.enabled | bool | `false` | Set true if deploying to AWS and want to use service account and IAM role instead of aws keys. Must provide role-arn. | +| global.aws.secretStoreServiceAccount.name | string | `"secret-store-sa"` | Name of the service account to create | +| global.aws.secretStoreServiceAccount.roleArn | string | `nil` | AWS Role ARN for Secret Store to use | | global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | | global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | | global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 4c62b34f..e5f528b2 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -21,7 +21,7 @@ global: # -- (string) Name of the service account to create name: secret-store-sa # -- (string) AWS Role ARN for Secret Store to use - roleArn: + roleArn: # -- (map) Local secret setting if using a pre-exising secret. useLocalSecret: # -- (bool) Set to true if you would like to use a secret that is already running on your cluster. From ff8872e2932703660edc6252c97993a2107985cb Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 11 Jun 2024 16:24:05 -0600 Subject: [PATCH 186/279] Adjusting the fence public config so it pulls from FENCE_CONFIG_PUBLIC in the values.yaml Changing the manifest-fence configmap to fence-config-public.yaml so it is properly mounted in the container. Editing presigned URL to save the fence public config to a file. --- .secrets.baseline | 4 ++-- helm/fence/README.md | 9 +++++---- ...c-config.yaml => fence-config-public.yaml} | 4 ++-- helm/fence/templates/presigned-url-fence.yaml | 3 ++- helm/fence/values.yaml | 20 +++++++++++++------ helm/gen3/README.md | 6 +++--- helm/guppy/README.md | 2 +- 7 files changed, 29 insertions(+), 19 deletions(-) rename helm/fence/templates/{fence-public-config.yaml => fence-config-public.yaml} (61%) diff --git a/.secrets.baseline b/.secrets.baseline index 1b97c1c2..cbf2521b 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-05-01T16:37:41Z", + "generated_at": "2024-06-11T22:23:01Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1961, + "line_number": 1962, "type": "Secret Keyword" } ], diff --git a/helm/fence/README.md b/helm/fence/README.md index ea03a462..c384295c 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -69,6 +69,7 @@ A Helm chart for gen3 Fence | FENCE_CONFIG.SESSION_COOKIE_SECURE | bool | `true` | set if you want browsers to only send cookies with requests over HTTPS | | FENCE_CONFIG.USER_ALLOWED_SCOPES | list | `["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | these are the scopes that CAN be included in a user's own access_token | | FENCE_CONFIG.WTF_CSRF_SECRET_KEY | str | `"{{ENCRYPTION_KEY}}"` | signing key for WTForms to sign CSRF tokens with | +| FENCE_CONFIG_PUBLIC | string | `nil` | | | USER_YAML | string | `"cloud_providers: {}\ngroups: {}\nauthz:\n # policies automatically given to anyone, even if they haven't authenticated\n anonymous_policies: ['open_data_reader', 'full_open_access']\n\n # policies automatically given to authenticated users (in addition to their other\n # policies)\n all_users_policies: ['open_data_reader', 'authn_open_access']\n\n user_project_to_resource:\n QA: /programs/QA\n DEV: /programs/DEV\n test: /programs/QA/projects/test\n jenkins: /programs/jnkns/projects/jenkins\n jenkins2: /programs/jnkns/projects/jenkins2\n jnkns: /programs/jnkns\n\n policies:\n # General Access\n - id: 'workspace'\n description: 'be able to use workspace'\n resource_paths: ['/workspace']\n role_ids: ['workspace_user']\n - id: 'dashboard'\n description: 'be able to use the commons dashboard'\n resource_paths: ['/dashboard']\n role_ids: ['dashboard_user']\n - id: 'prometheus'\n description: 'be able to use prometheus'\n resource_paths: ['/prometheus']\n role_ids: ['prometheus_user']\n - id: 'ttyadmin'\n description: 'be able to use the admin tty'\n resource_paths: ['/ttyadmin']\n role_ids: ['ttyadmin_user']\n - id: 'mds_admin'\n description: 'be able to use metadata service'\n resource_paths: ['/mds_gateway']\n role_ids: ['mds_user']\n - id: 'data_upload'\n description: 'upload raw data files to S3'\n role_ids: ['file_uploader']\n resource_paths: ['/data_file']\n - description: be able to use sower job\n id: sower\n resource_paths: [/sower]\n role_ids: [sower_user]\n - id: 'mariner_admin'\n description: 'full access to mariner API'\n resource_paths: ['/mariner']\n role_ids: ['mariner_admin']\n - id: audit_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit\n - id: audit_login_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/login\n - id: audit_presigned_url_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/presigned_url\n - id: requestor_admin\n role_ids:\n - requestor_admin\n resource_paths:\n - /programs\n - id: requestor_reader\n role_ids:\n - requestor_reader\n resource_paths:\n - /programs\n - id: requestor_creator\n role_ids:\n - requestor_creator\n resource_paths:\n - /programs\n - id: requestor_updater\n role_ids:\n - requestor_updater\n resource_paths:\n - /programs\n - id: requestor_deleter\n role_ids:\n - requestor_deleter\n resource_paths:\n - /programs\n # Data Access\n\n # All programs policy\n - id: 'all_programs_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/programs']\n\n # # example if need access to write to storage\n # - id: 'programs.jnkns-storage_writer'\n # description: ''\n # role_ids:\n # - 'storage_writer'\n # resource_paths: ['/programs/jnkns']\n\n - id: 'programs.jnkns-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n - id: 'programs.jnkns-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n\n - id: 'programs.QA-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-admin-no-storage'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.DEV-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n - 'storage_writer'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.DEV-storage_writer'\n description: ''\n role_ids:\n - 'storage_writer'\n resource_paths: ['/programs/DEV']\n\n - id: 'programs.DEV-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.test-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'programs.test-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'abc-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/abc'\n\n - id: 'gen3-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/gen3'\n\n - id: 'gen3-hmb-researcher'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/gen3'\n\n - id: 'abc.programs.test_program.projects.test_project1-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project1'\n\n - id: 'abc.programs.test_program.projects.test_project2-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project2'\n\n - id: 'abc.programs.test_program2.projects.test_project3-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program2/projects/test_project3'\n\n # Open data policies\n - id: 'authn_open_access'\n resource_paths: ['/programs/open/projects/authnRequired']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'full_open_access'\n resource_paths: ['/programs/open/projects/1000G']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'open_data_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/open']\n - id: 'open_data_admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_writer'\n - 'storage_reader'\n resource_paths: ['/open']\n\n # Consent Code Policies\n - id: 'not-for-profit-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NPU'\n\n - id: 'publication-required-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/PUB'\n\n - id: 'gru-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n\n - id: 'gru-cc-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n\n - id: 'hmb-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n\n - id: 'poa-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/POA'\n\n - id: 'ds-lung-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_LungDisease'\n\n - id: 'ds-chronic-obstructive-pulmonary-disease-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_ChronicObstructivePulmonaryDisease'\n\n - id: 'services.sheepdog-admin'\n description: 'CRUD access to programs and projects'\n role_ids:\n - 'sheepdog_admin'\n resource_paths:\n - '/services/sheepdog/submission/program'\n - '/services/sheepdog/submission/project'\n\n # indexd\n - id: 'indexd_admin'\n description: 'full access to indexd API'\n role_ids:\n - 'indexd_admin'\n resource_paths:\n - '/programs'\n - '/services/indexd/admin'\n # # TODO resource path '/' is not valid right now in arborist, trying to decide\n # # how to handle all resources\n # - id: 'indexd_admin'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n # - id: 'indexd_record_reader'\n # description: ''\n # role_ids:\n # - 'indexd_record_reader'\n # resource_paths: ['/']\n # - id: 'indexd_record_editor'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # resource_paths: ['/']\n # - id: 'indexd_storage_reader'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # resource_paths: ['/']\n # - id: 'indexd_storage_editor'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n\n # argo\n - id: argo\n description: be able to use argo\n resource_paths: [/argo]\n role_ids: [argo_user]\n\n resources:\n # General Access\n - name: 'data_file'\n description: 'data files, stored in S3'\n - name: 'dashboard'\n description: 'commons /dashboard'\n - name: 'mds_gateway'\n description: 'commons /mds-admin'\n - name: 'prometheus'\n description: 'commons /prometheus and /grafana'\n - name: 'ttyadmin'\n description: 'commons /ttyadmin'\n - name: 'workspace'\n - name: \"sower\"\n - name: 'mariner'\n description: 'workflow execution service'\n - name: argo\n\n # OLD Data\n - name: 'programs'\n subresources:\n - name: 'open'\n subresources:\n - name: 'projects'\n subresources:\n - name: '1000G'\n - name: 'authnRequired'\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # NEW Data WITH PREFIX\n - name: 'gen3'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # consents obtained from DUO and NIH\n # https://github.com/EBISPOT/DUO\n # https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4721915/\n - name: 'consents'\n subresources:\n - name: 'NRES'\n description: 'no restriction'\n - name: 'GRU'\n description: 'general research use'\n - name: 'GRU_CC'\n description: 'general research use and clinical care'\n - name: 'HMB'\n description: 'health/medical/biomedical research'\n - name: 'POA'\n description: 'population origins or ancestry research'\n - name: 'NMDS'\n description: 'no general methods research'\n - name: 'NPU'\n description: 'not-for-profit use only'\n - name: 'PUB'\n description: 'publication required'\n - name: 'DS_LungDisease'\n description: 'disease-specific research for lung disease'\n - name: 'DS_ChronicObstructivePulmonaryDisease'\n description: 'disease-specific research for chronic obstructive pulmonary disease'\n\n - name: 'abc'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'foo'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'bar'\n - name: 'test_program'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project1'\n - name: 'test_project2'\n - name: 'test_program2'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project3'\n\n\n # \"Sheepdog admin\" resources\n - name: 'services'\n subresources:\n - name: 'sheepdog'\n subresources:\n - name: 'submission'\n subresources:\n - name: 'program'\n - name: 'project'\n - name: 'indexd'\n subresources:\n - name: 'admin'\n - name: 'bundles'\n - name: audit\n subresources:\n - name: presigned_url\n - name: login\n\n\n - name: 'open'\n\n # action/methods:\n # create, read, update, delete, read-storage, write-storage,\n # file_upload, access\n roles:\n # General Access\n - id: 'file_uploader'\n description: 'can upload data files'\n permissions:\n - id: 'file_upload'\n action:\n service: '*'\n method: 'file_upload'\n - id: 'workspace_user'\n permissions:\n - id: 'workspace_access'\n action:\n service: 'jupyterhub'\n method: 'access'\n - id: 'dashboard_user'\n permissions:\n - id: 'dashboard_access'\n action:\n service: 'dashboard'\n method: 'access'\n - id: 'mds_user'\n permissions:\n - id: 'mds_access'\n action:\n service: 'mds_gateway'\n method: 'access'\n - id: 'prometheus_user'\n permissions:\n - id: 'prometheus_access'\n action:\n service: 'prometheus'\n method: 'access'\n - id: 'ttyadmin_user'\n permissions:\n - id: 'ttyadmin_access'\n action:\n service: 'ttyadmin'\n method: 'access'\n - id: 'sower_user'\n permissions:\n - id: 'sower_access'\n action:\n service: 'job'\n method: 'access'\n - id: 'mariner_admin'\n permissions:\n - id: 'mariner_access'\n action:\n service: 'mariner'\n method: 'access'\n - id: audit_reader\n permissions:\n - id: audit_reader_action\n action:\n service: audit\n method: read\n\n # All services\n - id: 'admin'\n description: ''\n permissions:\n - id: 'admin'\n action:\n service: '*'\n method: '*'\n - id: 'creator'\n description: ''\n permissions:\n - id: 'creator'\n action:\n service: '*'\n method: 'create'\n - id: 'reader'\n description: ''\n permissions:\n - id: 'reader'\n action:\n service: '*'\n method: 'read'\n - id: 'updater'\n description: ''\n permissions:\n - id: 'updater'\n action:\n service: '*'\n method: 'update'\n - id: 'deleter'\n description: ''\n permissions:\n - id: 'deleter'\n action:\n service: '*'\n method: 'delete'\n - id: 'storage_writer'\n description: ''\n permissions:\n - id: 'storage_writer'\n action:\n service: '*'\n method: 'write-storage'\n - id: 'storage_reader'\n description: ''\n permissions:\n - id: 'storage_reader'\n action:\n service: '*'\n method: 'read-storage'\n\n\n # Sheepdog admin role\n - id: 'sheepdog_admin'\n description: 'sheepdog admin role for program project crud'\n permissions:\n - id: 'sheepdog_admin_action'\n action:\n service: 'sheepdog'\n method: '*'\n\n\n # indexd\n - id: 'indexd_admin'\n # this only works if indexd.arborist is enabled in manifest!\n description: 'full access to indexd API'\n permissions:\n - id: 'indexd_admin'\n action:\n service: 'indexd'\n method: '*'\n - id: 'indexd_record_creator'\n description: ''\n permissions:\n - id: 'indexd_record_creator'\n action:\n service: 'indexd'\n method: 'create'\n - id: 'indexd_record_reader'\n description: ''\n permissions:\n - id: 'indexd_record_reader'\n action:\n service: 'indexd'\n method: 'read'\n - id: 'indexd_record_updater'\n description: ''\n permissions:\n - id: 'indexd_record_updater'\n action:\n service: 'indexd'\n method: 'update'\n - id: 'indexd_delete_record'\n description: ''\n permissions:\n - id: 'indexd_delete_record'\n action:\n service: 'indexd'\n method: 'delete'\n - id: 'indexd_storage_reader'\n description: ''\n permissions:\n - id: 'indexd_storage_reader'\n action:\n service: 'indexd'\n method: 'read-storage'\n - id: 'indexd_storage_writer'\n description: ''\n permissions:\n - id: 'indexd_storage_writer'\n action:\n service: 'indexd'\n method: 'write-storage'\n\n # arborist\n - id: 'arborist_creator'\n description: ''\n permissions:\n - id: 'arborist_creator'\n action:\n service: 'arborist'\n method: 'create'\n - id: 'arborist_reader'\n description: ''\n permissions:\n - id: 'arborist_reader'\n action:\n service: 'arborist'\n method: 'read'\n - id: 'arborist_updater'\n description: ''\n permissions:\n - id: 'arborist_updater'\n action:\n service: 'arborist'\n method: 'update'\n - id: 'arborist_deleter'\n description: ''\n permissions:\n - id: 'arborist_deleter'\n action:\n service: 'arborist'\n method: 'delete'\n\n # requestor\n - id: requestor_admin\n permissions:\n - id: requestor_admin_action\n action:\n service: requestor\n method: '*'\n - id: requestor_reader\n permissions:\n - id: requestor_reader_action\n action:\n service: requestor\n method: read\n - id: requestor_creator\n permissions:\n - id: requestor_creator_action\n action:\n service: requestor\n method: create\n - id: requestor_updater\n permissions:\n - id: requestor_updater_action\n action:\n service: requestor\n method: update\n - id: requestor_deleter\n permissions:\n - id: requestor_deleter_action\n action:\n service: requestor\n method: delete\n # argo\n - id: argo_user\n permissions:\n - id: argo_access\n action:\n service: argo\n method: access\n\nclients:\n basic-test-client:\n policies:\n - abc-admin\n - gen3-admin\n basic-test-abc-client:\n policies:\n - abc-admin\n wts:\n policies:\n - all_programs_reader\n - workspace\n\nusers:\n ### BEGIN INTERNS SECTION ###\n ### END INTERNS SECTION ###\n qureshi@uchicago.edu:\n admin: true\n policies:\n - data_upload\n - workspace\n - dashboard\n - mds_admin\n - prometheus\n - sower\n - services.sheepdog-admin\n - programs.QA-admin\n - programs.test-admin\n - programs.DEV-admin\n - programs.jnkns-admin\n - indexd_admin\n - ttyadmin\n projects:\n - auth_id: QA\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: test\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: DEV\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins2\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jnkns\n privilege: [create, read, update, delete, upload, read-storage]\n"` | USER YAML. Passed in as a multiline string. | | affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | @@ -139,7 +140,7 @@ A Helm chart for gen3 Fence | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"FENCE_DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the init container. | -| initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | +| initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | | labels | map | `{"authprovider":"yes","netnolimit":"yes","public":"yes","userhelper":"yes"}` | Labels to add to the pod. | | labels.authprovider | string | `"yes"` | Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. | | labels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | @@ -196,6 +197,6 @@ A Helm chart for gen3 Fence | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | -| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | -| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | +| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"}]` | Volumes to attach to the container. | diff --git a/helm/fence/templates/fence-public-config.yaml b/helm/fence/templates/fence-config-public.yaml similarity index 61% rename from helm/fence/templates/fence-public-config.yaml rename to helm/fence/templates/fence-config-public.yaml index c0de6214..8304fa5f 100644 --- a/helm/fence/templates/fence-public-config.yaml +++ b/helm/fence/templates/fence-config-public.yaml @@ -3,8 +3,8 @@ kind: ConfigMap metadata: name: manifest-fence data: - fence-public-config.yaml: | - {{- with .Values.FENCE_CONFIG }} + fence-config-public.yaml: | + {{- with .Values.FENCE_PUBLIC_CONFIG }} {{- toYaml . | nindent 4 }} {{ end }} diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index 68315342..89f75a14 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -54,7 +54,8 @@ spec: args: - "-c" - | - python /var/www/fence/yaml_merge.py /var/tmp/fence-public-config.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml + echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" + python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem fi diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 530b831e..e0eebe5d 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -291,12 +291,12 @@ env: value: /var/www/fence - name: GEN3_DEBUG value: "False" - # - name: FENCE_PUBLIC_CONFIG - # valueFrom: - # configMapKeyRef: - # name: manifest-fence - # key: fence-config-public.yaml - # optional: true + - name: FENCE_PUBLIC_CONFIG + valueFrom: + configMapKeyRef: + name: manifest-fence + key: fence-config-public.yaml + optional: true - name: PGHOST valueFrom: secretKeyRef: @@ -483,6 +483,12 @@ initEnv: value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: PYTHONPATH value: /var/www/fence + - name: FENCE_PUBLIC_CONFIG + valueFrom: + configMapKeyRef: + name: manifest-fence + key: fence-config-public.yaml + optional: true # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". @@ -1387,6 +1393,8 @@ USER_YAML: | - auth_id: jnkns privilege: [create, read, update, delete, upload, read-storage] +FENCE_CONFIG_PUBLIC: + # -- (map) Configuration settings for Fence app FENCE_CONFIG: # -- (string) Name of the Fence app diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 40c2dd42..512d9970 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.32](https://img.shields.io/badge/Version-0.1.32-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.33](https://img.shields.io/badge/Version-0.1.33-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,9 +25,9 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | | file://../common | common | 0.1.10 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.18 | +| file://../fence | fence | 0.1.19 | | file://../frontend-framework | frontend-framework | 0.1.1 | -| file://../guppy | guppy | 0.1.11 | +| file://../guppy | guppy | 0.1.12 | | file://../hatchery | hatchery | 0.1.9 | | file://../indexd | indexd | 0.1.14 | | file://../manifestservice | manifestservice | 0.1.14 | diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 7cf3ec1c..db8ae42a 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service From 7cf813f4a20e47d8f11ac4812003608b73e604fb Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 12 Jun 2024 08:55:56 -0600 Subject: [PATCH 187/279] fixing typo --- helm/fence/templates/fence-config-public.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/fence/templates/fence-config-public.yaml b/helm/fence/templates/fence-config-public.yaml index 8304fa5f..4e18796a 100644 --- a/helm/fence/templates/fence-config-public.yaml +++ b/helm/fence/templates/fence-config-public.yaml @@ -4,7 +4,7 @@ metadata: name: manifest-fence data: fence-config-public.yaml: | - {{- with .Values.FENCE_PUBLIC_CONFIG }} + {{- with .Values.FENCE_CONFIG_PUBLIC }} {{- toYaml . | nindent 4 }} {{ end }} From b25846208fff1bd48f5937c161029313fda0d694 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 12 Jun 2024 16:01:30 -0600 Subject: [PATCH 188/279] updating fence version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 5dd779a8..9826e11c 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.19 + version: 0.1.20 repository: "file://../fence" condition: fence.enabled - name: guppy diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 2b878160..f24f08c8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | | file://../common | common | 0.1.11 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.19 | +| file://../fence | fence | 0.1.20 | | file://../frontend-framework | frontend-framework | 0.1.1 | | file://../guppy | guppy | 0.1.12 | | file://../hatchery | hatchery | 0.1.9 | From 30bfc47a2a32f34f4879868858ee8ffe4a03e16f Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 12 Jun 2024 16:15:52 -0600 Subject: [PATCH 189/279] updating comments in values.yaml file for Fence and bumping chart version --- .secrets.baseline | 4 ++-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 6 +++--- helm/fence/values.yaml | 3 ++- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4327a3a5..568edae5 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-11T22:23:01Z", + "generated_at": "2024-06-12T22:14:46Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1962, + "line_number": 1963, "type": "Secret Keyword" } ], diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 1b06cb7d..da093a32 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index c384295c..c244fc17 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -15,7 +15,7 @@ A Helm chart for gen3 Fence | Key | Type | Default | Description | |-----|------|---------|-------------| -| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":"http://arborist-service","ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":false,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":"http://indexd-service","INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Configuration settings for Fence app | +| FENCE_CONFIG | map | `{"ACCESS_TOKEN_COOKIE_NAME":"access_token","ACCESS_TOKEN_EXPIRES_IN":1200,"ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS":["developer.gserviceaccount.com","appspot.gserviceaccount.com","iam.gserviceaccount.com"],"ALLOW_GOOGLE_LINKING":true,"APPLICATION_ROOT":"/user","APP_NAME":"Gen3 Data Commons","ARBORIST":"http://arborist-service","ASSUME_ROLE_CACHE_SECONDS":1800,"AUDIT_SERVICE":"http://audit-service","AUTHLIB_INSECURE_TRANSPORT":true,"AWS_CREDENTIALS":{},"AZ_BLOB_CONTAINER_URL":"https://myfakeblob.blob.core.windows.net/my-fake-container/","AZ_BLOB_CREDENTIALS":null,"BILLING_PROJECT_FOR_SA_CREDS":null,"BILLING_PROJECT_FOR_SIGNED_URLS":null,"CIRRUS_CFG":{"GOOGLE_ADMIN_EMAIL":"","GOOGLE_API_KEY":"","GOOGLE_APPLICATION_CREDENTIALS":"","GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL":"","GOOGLE_IDENTITY_DOMAIN":"","GOOGLE_PROJECT_ID":"","GOOGLE_STORAGE_CREDS":""},"CLIENT_ALLOWED_SCOPES":["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"DATA_UPLOAD_BUCKET":"bucket1","DBGAP_ACCESSION_WITH_CONSENT_REGEX":"(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)","DEBUG":false,"DEFAULT_LOGIN_IDP":"google","DEFAULT_LOGIN_URL":"{{BASE_URL}}/login/google","DEV_LOGIN_COOKIE_NAME":"dev_login","DREAM_CHALLENGE_GROUP":"DREAM","DREAM_CHALLENGE_TEAM":"DREAM","EMAIL_SERVER":"localhost","ENABLED_IDENTITY_PROVIDERS":{},"ENABLE_AUDIT_LOGS":{"login":false,"presigned_url":false},"ENABLE_AUTOMATIC_BILLING_PERMISSION_SA_CREDS":false,"ENABLE_AUTOMATIC_BILLING_PERMISSION_SIGNED_URLS":false,"ENABLE_CSRF_PROTECTION":true,"ENABLE_DB_MIGRATION":true,"ENABLE_PROMETHEUS_METRICS":false,"ENCRYPTION_KEY":"REPLACEME","GA4GH_VISA_ISSUER_ALLOWLIST":["{{BASE_URL}}","https://sts.nih.gov","https://stsstg.nih.gov"],"GEN3_PASSPORT_EXPIRES_IN":43200,"GLOBAL_PARSE_VISAS_ON_LOGIN":false,"GOOGLE_ACCOUNT_ACCESS_EXPIRES_IN":86400,"GOOGLE_BULK_UPDATES":false,"GOOGLE_GROUP_PREFIX":"","GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS":["dataflow-service-producer-prod.iam.gserviceaccount.com","cloudbuild.gserviceaccount.com","cloud-ml.google.com.iam.gserviceaccount.com","container-engine-robot.iam.gserviceaccount.com","dataflow-service-producer-prod.iam.gserviceaccount.com","sourcerepo-service-accounts.iam.gserviceaccount.com","dataproc-accounts.iam.gserviceaccount.com","gae-api-prod.google.com.iam.gserviceaccount.com","genomics-api.google.com.iam.gserviceaccount.com","containerregistry.iam.gserviceaccount.com","container-analysis.iam.gserviceaccount.com","cloudservices.gserviceaccount.com","stackdriver-service.iam.gserviceaccount.com","appspot.gserviceaccount.com","partnercontent.gserviceaccount.com","trifacta-gcloud-prod.iam.gserviceaccount.com","gcf-admin-robot.iam.gserviceaccount.com","compute-system.iam.gserviceaccount.com","gcp-sa-websecurityscanner.iam.gserviceaccount.com","storage-transfer-service.iam.gserviceaccount.com","firebase-sa-management.iam.gserviceaccount.com","firebase-rules.iam.gserviceaccount.com","gcp-sa-cloudbuild.iam.gserviceaccount.com","gcp-sa-automl.iam.gserviceaccount.com","gcp-sa-datalabeling.iam.gserviceaccount.com","gcp-sa-cloudscheduler.iam.gserviceaccount.com"],"GOOGLE_SERVICE_ACCOUNT_KEY_FOR_URL_SIGNING_EXPIRES_IN":2592000,"GOOGLE_SERVICE_ACCOUNT_PREFIX":"","GOOGLE_USER_SERVICE_ACCOUNT_ACCESS_EXPIRES_IN":604800,"GUN_MAIL":{"datacommons.io":{"api_key":"","api_url":"https://api.mailgun.net/v3/mailgun.example.com","default_login":"postmaster@mailgun.example.com","smtp_hostname":"smtp.mailgun.org","smtp_password":""}},"HTTP_PROXY":{"host":null,"port":3128},"INDEXD":"http://indexd-service","INDEXD_PASSWORD":"","INDEXD_USERNAME":"fence","ITRUST_GLOBAL_LOGOUT":"https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=","LOGIN_OPTIONS":[{"desc":"description","idp":"google","name":"Login from Google"}],"LOGIN_REDIRECT_WHITELIST":[],"MAX_ACCESS_TOKEN_TTL":3600,"MAX_API_KEY_TTL":2592000,"MAX_PRESIGNED_URL_TTL":3600,"MAX_ROLE_SESSION_INCREASE":false,"MOCK_AUTH":false,"MOCK_GOOGLE_AUTH":false,"MOCK_STORAGE":false,"OAUTH2_JWT_ALG":"RS256","OAUTH2_JWT_ENABLED":true,"OAUTH2_JWT_ISS":"{{BASE_URL}}","OAUTH2_PROVIDER_ERROR_URI":"/api/oauth2/errors","OAUTH2_TOKEN_EXPIRES_IN":{"authorization_code":1200,"implicit":1200},"OPENID_CONNECT":{"cilogon":{"client_id":"","client_secret":"","discovery_url":"https://cilogon.org/.well-known/openid-configuration","mock":false,"mock_default_user":"http://cilogon.org/serverT/users/64703","redirect_url":"{{BASE_URL}}/login/cilogon/login/","scope":"openid email profile"},"cognito":{"client_id":"","client_secret":"","discovery_url":"https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration","redirect_url":"{{BASE_URL}}/login/cognito/login/","scope":"openid email"},"fence":{"access_token_url":"{{api_base_url}}/oauth2/token","api_base_url":"","authorize_url":"{{api_base_url}}/oauth2/authorize","client_id":"","client_kwargs":{"redirect_uri":"{{BASE_URL}}/login/fence/login","scope":"openid"},"client_secret":"","mock":false,"mock_default_user":"test@example.com","name":"","refresh_token_url":"{{api_base_url}}/oauth2/token","shibboleth_discovery_url":"https://login.bionimbus.org/Shibboleth.sso/DiscoFeed"},"generic_oidc_idp":{"client_id":"","client_secret":"","discovery":{"authorization_endpoint":"","jwks_uri":"","token_endpoint":""},"discovery_url":"https://server.com/.well-known/openid-configuration","email_field":"","name":"some_idp","redirect_url":"{{BASE_URL}}/login/some_idp/login","scope":"","user_id_field":""},"google":{"client_id":"","client_secret":"","discovery_url":"https://accounts.google.com/.well-known/openid-configuration","mock":"","mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/google/login/","scope":"openid email"},"microsoft":{"client_id":"","client_secret":"","discovery_url":"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/microsoft/login/","scope":"openid email"},"okta":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"{{BASE_URL}}/login/okta/login/","scope":"openid email"},"orcid":{"client_id":"","client_secret":"","discovery_url":"https://orcid.org/.well-known/openid-configuration","mock":false,"mock_default_user":"0000-0002-2601-8132","redirect_url":"{{BASE_URL}}/login/orcid/login/","scope":"openid"},"ras":{"client_id":"","client_secret":"","discovery_url":"https://sts.nih.gov/.well-known/openid-configuration","mock":false,"mock_default_user":"test@example.com","redirect_url":"{{BASE_URL}}/login/ras/callback","scope":"openid email profile ga4gh_passport_v1"},"shibboleth":{"client_id":"","client_secret":"","redirect_url":"{{BASE_URL}}/login/shib/login"},"synapse":{"client_id":"","client_secret":"","discovery_url":"","redirect_url":"","scope":"openid"}},"OVERRIDE_NGINX_RATE_LIMIT":18,"PRIVACY_POLICY_URL":null,"PROBLEM_USER_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"The Data Commons Framework utilizes dbGaP for data access authorization. Another member of a Google project you belong to ({}) is attempting to register a service account to the following additional datasets ({}). Please contact dbGaP to request access.\n","domain":"example.com","from":"do-not-reply@example.com","subject":"Account access error notification"},"PUSH_AUDIT_LOGS_CONFIG":{"aws_sqs_config":{"aws_cred":null,"region":null,"sqs_url":null},"type":"aws_sqs"},"RAS_REFRESH_EXPIRATION":1296000,"RAS_USERINFO_ENDPOINT":"/openid/connect/v1.1/userinfo","REFRESH_TOKEN_EXPIRES_IN":2592000,"REGISTERED_USERS_GROUP":"","REGISTER_USERS_ON":false,"REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION":{"admin":["admin@example.edu"],"content":"Service accounts were removed from access control data because some users or service accounts of GCP Project {} are not authorized to access the data sets associated to the service accounts, or do not adhere to the security policies.\n","domain":"example.com","enable":false,"from":"do-not-reply@example.com","subject":"User service account removal notification"},"RENEW_ACCESS_TOKEN_BEFORE_EXPIRATION":false,"S3_BUCKETS":{},"SEND_FROM":"example@gmail.com","SEND_TO":"example@gmail.com","SERVICE_ACCOUNT_LIMIT":6,"SESSION_ALLOWED_SCOPES":["openid","user","credentials","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"SESSION_COOKIE_DOMAIN":null,"SESSION_COOKIE_NAME":"fence","SESSION_COOKIE_SECURE":true,"SESSION_LIFETIME":28800,"SESSION_TIMEOUT":1800,"SHIBBOLETH_HEADER":"persistent_id","SSO_URL":"https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=","STORAGE_CREDENTIALS":{},"SUPPORT_EMAIL_FOR_ERRORS":null,"SYNAPSE_AUTHZ_TTL":86400,"SYNAPSE_DISCOVERY_URL":null,"SYNAPSE_JWKS_URI":null,"SYNAPSE_URI":"https://repo-prod.prod.sagebase.org/auth/v1","TOKEN_PROJECTS_CUTOFF":10,"USERSYNC":{"fallback_to_dbgap_sftp":false,"sync_from_visas":false,"visa_types":{"ras":["https://ras.nih.gov/visas/v1","https://ras.nih.gov/visas/v1.1"]}},"USER_ALLOWED_SCOPES":["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"],"WHITE_LISTED_GOOGLE_PARENT_ORGS":[],"WHITE_LISTED_SERVICE_ACCOUNT_EMAILS":[],"WTF_CSRF_SECRET_KEY":"{{ENCRYPTION_KEY}}","dbGaP":[{"decrypt_key":"","enable_common_exchange_area_access":false,"info":{"host":"","password":"","port":22,"proxy":"","username":""},"parse_consent_code":true,"protocol":"sftp","study_common_exchange_areas":{"example":"test_common_exchange_area"},"study_to_resource_namespaces":{"_default":["/"],"test_common_exchange_area":["/dbgap/"]}}]}` | Private configuration settings for Fence app | | FENCE_CONFIG.APP_NAME | string | `"Gen3 Data Commons"` | Name of the Fence app | | FENCE_CONFIG.AUTHLIB_INSECURE_TRANSPORT | bool | `true` | allow OIDC traffic on http for development. By default it requires https. WARNING: ONLY set to true when fence will be deployed in such a way that it will ONLY receive traffic from internal clients and can safely use HTTP. | | FENCE_CONFIG.CLIENT_ALLOWED_SCOPES | list | `["openid","user","data","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | These are the *possible* scopes a client can be given, NOT scopes that are given to all clients. You can be more restrictive during client creation | @@ -69,7 +69,7 @@ A Helm chart for gen3 Fence | FENCE_CONFIG.SESSION_COOKIE_SECURE | bool | `true` | set if you want browsers to only send cookies with requests over HTTPS | | FENCE_CONFIG.USER_ALLOWED_SCOPES | list | `["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | these are the scopes that CAN be included in a user's own access_token | | FENCE_CONFIG.WTF_CSRF_SECRET_KEY | str | `"{{ENCRYPTION_KEY}}"` | signing key for WTForms to sign CSRF tokens with | -| FENCE_CONFIG_PUBLIC | string | `nil` | | +| FENCE_CONFIG_PUBLIC | map | `nil` | Public configuration settings for Fence app | | USER_YAML | string | `"cloud_providers: {}\ngroups: {}\nauthz:\n # policies automatically given to anyone, even if they haven't authenticated\n anonymous_policies: ['open_data_reader', 'full_open_access']\n\n # policies automatically given to authenticated users (in addition to their other\n # policies)\n all_users_policies: ['open_data_reader', 'authn_open_access']\n\n user_project_to_resource:\n QA: /programs/QA\n DEV: /programs/DEV\n test: /programs/QA/projects/test\n jenkins: /programs/jnkns/projects/jenkins\n jenkins2: /programs/jnkns/projects/jenkins2\n jnkns: /programs/jnkns\n\n policies:\n # General Access\n - id: 'workspace'\n description: 'be able to use workspace'\n resource_paths: ['/workspace']\n role_ids: ['workspace_user']\n - id: 'dashboard'\n description: 'be able to use the commons dashboard'\n resource_paths: ['/dashboard']\n role_ids: ['dashboard_user']\n - id: 'prometheus'\n description: 'be able to use prometheus'\n resource_paths: ['/prometheus']\n role_ids: ['prometheus_user']\n - id: 'ttyadmin'\n description: 'be able to use the admin tty'\n resource_paths: ['/ttyadmin']\n role_ids: ['ttyadmin_user']\n - id: 'mds_admin'\n description: 'be able to use metadata service'\n resource_paths: ['/mds_gateway']\n role_ids: ['mds_user']\n - id: 'data_upload'\n description: 'upload raw data files to S3'\n role_ids: ['file_uploader']\n resource_paths: ['/data_file']\n - description: be able to use sower job\n id: sower\n resource_paths: [/sower]\n role_ids: [sower_user]\n - id: 'mariner_admin'\n description: 'full access to mariner API'\n resource_paths: ['/mariner']\n role_ids: ['mariner_admin']\n - id: audit_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit\n - id: audit_login_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/login\n - id: audit_presigned_url_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/presigned_url\n - id: requestor_admin\n role_ids:\n - requestor_admin\n resource_paths:\n - /programs\n - id: requestor_reader\n role_ids:\n - requestor_reader\n resource_paths:\n - /programs\n - id: requestor_creator\n role_ids:\n - requestor_creator\n resource_paths:\n - /programs\n - id: requestor_updater\n role_ids:\n - requestor_updater\n resource_paths:\n - /programs\n - id: requestor_deleter\n role_ids:\n - requestor_deleter\n resource_paths:\n - /programs\n # Data Access\n\n # All programs policy\n - id: 'all_programs_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/programs']\n\n # # example if need access to write to storage\n # - id: 'programs.jnkns-storage_writer'\n # description: ''\n # role_ids:\n # - 'storage_writer'\n # resource_paths: ['/programs/jnkns']\n\n - id: 'programs.jnkns-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n - id: 'programs.jnkns-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n\n - id: 'programs.QA-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-admin-no-storage'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.DEV-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n - 'storage_writer'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.DEV-storage_writer'\n description: ''\n role_ids:\n - 'storage_writer'\n resource_paths: ['/programs/DEV']\n\n - id: 'programs.DEV-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.test-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'programs.test-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'abc-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/abc'\n\n - id: 'gen3-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/gen3'\n\n - id: 'gen3-hmb-researcher'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/gen3'\n\n - id: 'abc.programs.test_program.projects.test_project1-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project1'\n\n - id: 'abc.programs.test_program.projects.test_project2-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project2'\n\n - id: 'abc.programs.test_program2.projects.test_project3-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program2/projects/test_project3'\n\n # Open data policies\n - id: 'authn_open_access'\n resource_paths: ['/programs/open/projects/authnRequired']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'full_open_access'\n resource_paths: ['/programs/open/projects/1000G']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'open_data_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/open']\n - id: 'open_data_admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_writer'\n - 'storage_reader'\n resource_paths: ['/open']\n\n # Consent Code Policies\n - id: 'not-for-profit-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NPU'\n\n - id: 'publication-required-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/PUB'\n\n - id: 'gru-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n\n - id: 'gru-cc-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n\n - id: 'hmb-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n\n - id: 'poa-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/POA'\n\n - id: 'ds-lung-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_LungDisease'\n\n - id: 'ds-chronic-obstructive-pulmonary-disease-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_ChronicObstructivePulmonaryDisease'\n\n - id: 'services.sheepdog-admin'\n description: 'CRUD access to programs and projects'\n role_ids:\n - 'sheepdog_admin'\n resource_paths:\n - '/services/sheepdog/submission/program'\n - '/services/sheepdog/submission/project'\n\n # indexd\n - id: 'indexd_admin'\n description: 'full access to indexd API'\n role_ids:\n - 'indexd_admin'\n resource_paths:\n - '/programs'\n - '/services/indexd/admin'\n # # TODO resource path '/' is not valid right now in arborist, trying to decide\n # # how to handle all resources\n # - id: 'indexd_admin'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n # - id: 'indexd_record_reader'\n # description: ''\n # role_ids:\n # - 'indexd_record_reader'\n # resource_paths: ['/']\n # - id: 'indexd_record_editor'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # resource_paths: ['/']\n # - id: 'indexd_storage_reader'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # resource_paths: ['/']\n # - id: 'indexd_storage_editor'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n\n # argo\n - id: argo\n description: be able to use argo\n resource_paths: [/argo]\n role_ids: [argo_user]\n\n resources:\n # General Access\n - name: 'data_file'\n description: 'data files, stored in S3'\n - name: 'dashboard'\n description: 'commons /dashboard'\n - name: 'mds_gateway'\n description: 'commons /mds-admin'\n - name: 'prometheus'\n description: 'commons /prometheus and /grafana'\n - name: 'ttyadmin'\n description: 'commons /ttyadmin'\n - name: 'workspace'\n - name: \"sower\"\n - name: 'mariner'\n description: 'workflow execution service'\n - name: argo\n\n # OLD Data\n - name: 'programs'\n subresources:\n - name: 'open'\n subresources:\n - name: 'projects'\n subresources:\n - name: '1000G'\n - name: 'authnRequired'\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # NEW Data WITH PREFIX\n - name: 'gen3'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # consents obtained from DUO and NIH\n # https://github.com/EBISPOT/DUO\n # https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4721915/\n - name: 'consents'\n subresources:\n - name: 'NRES'\n description: 'no restriction'\n - name: 'GRU'\n description: 'general research use'\n - name: 'GRU_CC'\n description: 'general research use and clinical care'\n - name: 'HMB'\n description: 'health/medical/biomedical research'\n - name: 'POA'\n description: 'population origins or ancestry research'\n - name: 'NMDS'\n description: 'no general methods research'\n - name: 'NPU'\n description: 'not-for-profit use only'\n - name: 'PUB'\n description: 'publication required'\n - name: 'DS_LungDisease'\n description: 'disease-specific research for lung disease'\n - name: 'DS_ChronicObstructivePulmonaryDisease'\n description: 'disease-specific research for chronic obstructive pulmonary disease'\n\n - name: 'abc'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'foo'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'bar'\n - name: 'test_program'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project1'\n - name: 'test_project2'\n - name: 'test_program2'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project3'\n\n\n # \"Sheepdog admin\" resources\n - name: 'services'\n subresources:\n - name: 'sheepdog'\n subresources:\n - name: 'submission'\n subresources:\n - name: 'program'\n - name: 'project'\n - name: 'indexd'\n subresources:\n - name: 'admin'\n - name: 'bundles'\n - name: audit\n subresources:\n - name: presigned_url\n - name: login\n\n\n - name: 'open'\n\n # action/methods:\n # create, read, update, delete, read-storage, write-storage,\n # file_upload, access\n roles:\n # General Access\n - id: 'file_uploader'\n description: 'can upload data files'\n permissions:\n - id: 'file_upload'\n action:\n service: '*'\n method: 'file_upload'\n - id: 'workspace_user'\n permissions:\n - id: 'workspace_access'\n action:\n service: 'jupyterhub'\n method: 'access'\n - id: 'dashboard_user'\n permissions:\n - id: 'dashboard_access'\n action:\n service: 'dashboard'\n method: 'access'\n - id: 'mds_user'\n permissions:\n - id: 'mds_access'\n action:\n service: 'mds_gateway'\n method: 'access'\n - id: 'prometheus_user'\n permissions:\n - id: 'prometheus_access'\n action:\n service: 'prometheus'\n method: 'access'\n - id: 'ttyadmin_user'\n permissions:\n - id: 'ttyadmin_access'\n action:\n service: 'ttyadmin'\n method: 'access'\n - id: 'sower_user'\n permissions:\n - id: 'sower_access'\n action:\n service: 'job'\n method: 'access'\n - id: 'mariner_admin'\n permissions:\n - id: 'mariner_access'\n action:\n service: 'mariner'\n method: 'access'\n - id: audit_reader\n permissions:\n - id: audit_reader_action\n action:\n service: audit\n method: read\n\n # All services\n - id: 'admin'\n description: ''\n permissions:\n - id: 'admin'\n action:\n service: '*'\n method: '*'\n - id: 'creator'\n description: ''\n permissions:\n - id: 'creator'\n action:\n service: '*'\n method: 'create'\n - id: 'reader'\n description: ''\n permissions:\n - id: 'reader'\n action:\n service: '*'\n method: 'read'\n - id: 'updater'\n description: ''\n permissions:\n - id: 'updater'\n action:\n service: '*'\n method: 'update'\n - id: 'deleter'\n description: ''\n permissions:\n - id: 'deleter'\n action:\n service: '*'\n method: 'delete'\n - id: 'storage_writer'\n description: ''\n permissions:\n - id: 'storage_writer'\n action:\n service: '*'\n method: 'write-storage'\n - id: 'storage_reader'\n description: ''\n permissions:\n - id: 'storage_reader'\n action:\n service: '*'\n method: 'read-storage'\n\n\n # Sheepdog admin role\n - id: 'sheepdog_admin'\n description: 'sheepdog admin role for program project crud'\n permissions:\n - id: 'sheepdog_admin_action'\n action:\n service: 'sheepdog'\n method: '*'\n\n\n # indexd\n - id: 'indexd_admin'\n # this only works if indexd.arborist is enabled in manifest!\n description: 'full access to indexd API'\n permissions:\n - id: 'indexd_admin'\n action:\n service: 'indexd'\n method: '*'\n - id: 'indexd_record_creator'\n description: ''\n permissions:\n - id: 'indexd_record_creator'\n action:\n service: 'indexd'\n method: 'create'\n - id: 'indexd_record_reader'\n description: ''\n permissions:\n - id: 'indexd_record_reader'\n action:\n service: 'indexd'\n method: 'read'\n - id: 'indexd_record_updater'\n description: ''\n permissions:\n - id: 'indexd_record_updater'\n action:\n service: 'indexd'\n method: 'update'\n - id: 'indexd_delete_record'\n description: ''\n permissions:\n - id: 'indexd_delete_record'\n action:\n service: 'indexd'\n method: 'delete'\n - id: 'indexd_storage_reader'\n description: ''\n permissions:\n - id: 'indexd_storage_reader'\n action:\n service: 'indexd'\n method: 'read-storage'\n - id: 'indexd_storage_writer'\n description: ''\n permissions:\n - id: 'indexd_storage_writer'\n action:\n service: 'indexd'\n method: 'write-storage'\n\n # arborist\n - id: 'arborist_creator'\n description: ''\n permissions:\n - id: 'arborist_creator'\n action:\n service: 'arborist'\n method: 'create'\n - id: 'arborist_reader'\n description: ''\n permissions:\n - id: 'arborist_reader'\n action:\n service: 'arborist'\n method: 'read'\n - id: 'arborist_updater'\n description: ''\n permissions:\n - id: 'arborist_updater'\n action:\n service: 'arborist'\n method: 'update'\n - id: 'arborist_deleter'\n description: ''\n permissions:\n - id: 'arborist_deleter'\n action:\n service: 'arborist'\n method: 'delete'\n\n # requestor\n - id: requestor_admin\n permissions:\n - id: requestor_admin_action\n action:\n service: requestor\n method: '*'\n - id: requestor_reader\n permissions:\n - id: requestor_reader_action\n action:\n service: requestor\n method: read\n - id: requestor_creator\n permissions:\n - id: requestor_creator_action\n action:\n service: requestor\n method: create\n - id: requestor_updater\n permissions:\n - id: requestor_updater_action\n action:\n service: requestor\n method: update\n - id: requestor_deleter\n permissions:\n - id: requestor_deleter_action\n action:\n service: requestor\n method: delete\n # argo\n - id: argo_user\n permissions:\n - id: argo_access\n action:\n service: argo\n method: access\n\nclients:\n basic-test-client:\n policies:\n - abc-admin\n - gen3-admin\n basic-test-abc-client:\n policies:\n - abc-admin\n wts:\n policies:\n - all_programs_reader\n - workspace\n\nusers:\n ### BEGIN INTERNS SECTION ###\n ### END INTERNS SECTION ###\n qureshi@uchicago.edu:\n admin: true\n policies:\n - data_upload\n - workspace\n - dashboard\n - mds_admin\n - prometheus\n - sower\n - services.sheepdog-admin\n - programs.QA-admin\n - programs.test-admin\n - programs.DEV-admin\n - programs.jnkns-admin\n - indexd_admin\n - ttyadmin\n projects:\n - auth_id: QA\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: test\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: DEV\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins2\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jnkns\n privilege: [create, read, update, delete, upload, read-storage]\n"` | USER YAML. Passed in as a multiline string. | | affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index e0eebe5d..fc35e50c 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -1393,9 +1393,10 @@ USER_YAML: | - auth_id: jnkns privilege: [create, read, update, delete, upload, read-storage] +# -- (map) Public configuration settings for Fence app FENCE_CONFIG_PUBLIC: -# -- (map) Configuration settings for Fence app +# -- (map) Private configuration settings for Fence app FENCE_CONFIG: # -- (string) Name of the Fence app APP_NAME: 'Gen3 Data Commons' From 0ca6a90c7c58cf663059bdcc54258163dfc90091 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 12 Jun 2024 16:19:12 -0600 Subject: [PATCH 190/279] bumping common chart version --- helm/fence/Chart.yaml | 4 ++-- helm/fence/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index da093a32..b4bd4825 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.11 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index c244fc17..a23ece39 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.11 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From 69d529eed420eab2ebc335f36d569e118123ffce Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:25:21 -0600 Subject: [PATCH 191/279] fixing fence version for umbrella chart --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9826e11c..5dd779a8 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.20 + version: 0.1.19 repository: "file://../fence" condition: fence.enabled - name: guppy diff --git a/helm/gen3/README.md b/helm/gen3/README.md index f24f08c8..2b878160 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | | file://../common | common | 0.1.11 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.20 | +| file://../fence | fence | 0.1.19 | | file://../frontend-framework | frontend-framework | 0.1.1 | | file://../guppy | guppy | 0.1.12 | | file://../hatchery | hatchery | 0.1.9 | From 3b451788db58b90fc94dd769a6d41e8eddc90e58 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:41:31 -0600 Subject: [PATCH 192/279] bumping common chart version for guppy --- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index d935079b..20bd0f26 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.11 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index db8ae42a..fa5fa0e5 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.11 | ## Values From 1df5639c3f53698a00574a185c8f3315e1f46403 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 08:42:55 -0600 Subject: [PATCH 193/279] bumping gen3 chart version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 5dd779a8..4a0ebac7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.36 +version: 0.1.37 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 2b878160..17e87b6e 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.36](https://img.shields.io/badge/Version-0.1.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.37](https://img.shields.io/badge/Version-0.1.37-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons From a6ea3bfbdbbe1431c3305c7e4818d3f8b87315ed Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 09:14:25 -0600 Subject: [PATCH 194/279] changing the fence public config to a volume mount instead of an environment var. Also, changing the file name for the fence-config to avoid breaking changes. --- .secrets.baseline | 4 +-- helm/fence/README.md | 10 +++---- helm/fence/templates/fence-config.yaml | 2 +- helm/fence/templates/fence-deployment.yaml | 1 - helm/fence/templates/presigned-url-fence.yaml | 1 - helm/fence/values.yaml | 26 ++++++++++--------- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 568edae5..7babea32 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-12T22:14:46Z", + "generated_at": "2024-06-13T15:13:23Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1963, + "line_number": 1965, "type": "Secret Keyword" } ], diff --git a/helm/fence/README.md b/helm/fence/README.md index a23ece39..3b56176a 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -89,7 +89,7 @@ A Helm chart for gen3 Fence | datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | +| env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | | externalSecrets | map | `{"createK8sFenceConfigSecret":false,"createK8sGoogleAppSecrets":false,"createK8sJwtKeysSecret":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | | externalSecrets.createK8sFenceConfigSecret | string | `false` | Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.createK8sGoogleAppSecrets | string | `false` | Will create the Helm "fence-google-app-creds-secret" and "fence-google-storage-creds-secret" secrets even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | @@ -139,8 +139,8 @@ A Helm chart for gen3 Fence | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | -| initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"FENCE_DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"FENCE_PUBLIC_CONFIG","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the init container. | -| initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | +| initEnv | list | `[{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"FENCE_DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"PYTHONPATH","value":"/var/www/fence"}]` | Volumes to attach to the init container. | +| initVolumeMounts | list | `[{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"}]` | Volumes to mount to the init container. | | labels | map | `{"authprovider":"yes","netnolimit":"yes","public":"yes","userhelper":"yes"}` | Labels to add to the pod. | | labels.authprovider | string | `"yes"` | Grants egress from all pods to pods labeled with authrpovider=yes. For network policy selectors. | | labels.netnolimit | string | `"yes"` | Grants egress from pods labeled with netnolimit=yes to any IP address. Use explicit proxy and AWS APIs | @@ -197,6 +197,6 @@ A Helm chart for gen3 Fence | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | -| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | -| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"}]` | Volumes to attach to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | +| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"name":"config-volume-public","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the container. | diff --git a/helm/fence/templates/fence-config.yaml b/helm/fence/templates/fence-config.yaml index 95c08b94..e594d072 100644 --- a/helm/fence/templates/fence-config.yaml +++ b/helm/fence/templates/fence-config.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: fence-config stringData: - fence-config-secret.yaml: | + fence-config.yaml: | BASE_URL: https://{{ .Values.global.hostname }}/user {{- with .Values.FENCE_CONFIG }} {{- toYaml . | nindent 4 }} diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index a8c2d37b..97e24651 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -61,7 +61,6 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index 89f75a14..166106a8 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -54,7 +54,6 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if [[ -f /fence/keys/key/jwt_private_key.pem ]]; then openssl rsa -in /fence/keys/key/jwt_private_key.pem -pubout > /fence/keys/key/jwt_public_key.pem diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index fc35e50c..b14a130b 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -291,12 +291,6 @@ env: value: /var/www/fence - name: GEN3_DEBUG value: "False" - - name: FENCE_PUBLIC_CONFIG - valueFrom: - configMapKeyRef: - name: manifest-fence - key: fence-config-public.yaml - optional: true - name: PGHOST valueFrom: secretKeyRef: @@ -378,6 +372,12 @@ volumes: configMap: name: "fence-yaml-merge" optional: false + - name: config-volume-public + valueFrom: + configMapKeyRef: + name: manifest-fence + key: fence-config-public.yaml + optional: true # -- (list) Volumes to mount to the container. volumeMounts: @@ -425,6 +425,10 @@ volumeMounts: readOnly: true mountPath: "/fence/keys/key/jwt_private_key.pem" subPath: "jwt_private_key.pem" + - name: "config-volume-public" + readOnly: true + mountPath: "/var/www/fence/fence-config-public.yaml" + subPath: fence-config-public.yaml # -- (list) Volumes to mount to the init container. initVolumeMounts: @@ -432,6 +436,10 @@ initVolumeMounts: readOnly: true mountPath: "/var/www/fence/fence-config-secret.yaml" subPath: fence-config.yaml + - name: "config-volume-public" + readOnly: true + mountPath: "/var/www/fence/fence-config-public.yaml" + subPath: fence-config-public.yaml - name: "yaml-merge" readOnly: true mountPath: "/var/www/fence/yaml_merge.py" @@ -483,12 +491,6 @@ initEnv: value: postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB) - name: PYTHONPATH value: /var/www/fence - - name: FENCE_PUBLIC_CONFIG - valueFrom: - configMapKeyRef: - name: manifest-fence - key: fence-config-public.yaml - optional: true # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". From 2ea5ef8d6903750311e0093f199b1a7420d66795 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 09:18:16 -0600 Subject: [PATCH 195/279] removing echo command from fence init container --- helm/fence/templates/fence-deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 97e24651..3139a243 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -93,7 +93,6 @@ spec: args: - "-c" - | - echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml" python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml /var/www/fence/fence-config.yaml if fence-create migrate --help > /dev/null 2>&1; then if ! grep -E 'ENABLE_DB_MIGRATION"?: *false' /var/www/fence/fence-config.yaml; then From 11e34a4f0d7ab55c18bcbadec89e8aa866cbe5b5 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 13 Jun 2024 10:00:55 -0600 Subject: [PATCH 196/279] fixing volume definition for the fence public config --- .secrets.baseline | 4 ++-- helm/fence/README.md | 4 ++-- helm/fence/values.yaml | 12 +++++++----- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 7babea32..c85c9dc9 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-13T15:13:23Z", + "generated_at": "2024-06-13T16:00:36Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1965, + "line_number": 1967, "type": "Secret Keyword" } ], diff --git a/helm/fence/README.md b/helm/fence/README.md index 3b56176a..f7ec5895 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -197,6 +197,6 @@ A Helm chart for gen3 Fence | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | -| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | -| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"name":"config-volume-public","valueFrom":{"configMapKeyRef":{"key":"fence-config-public.yaml","name":"manifest-fence","optional":true}}}]` | Volumes to attach to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"}]` | Volumes to mount to the container. | +| volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"configMap":{"name":"manifest-fence","optional":true},"name":"config-volume-public"}]` | Volumes to attach to the container. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index b14a130b..2f958d47 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -373,11 +373,9 @@ volumes: name: "fence-yaml-merge" optional: false - name: config-volume-public - valueFrom: - configMapKeyRef: - name: manifest-fence - key: fence-config-public.yaml - optional: true + configMap: + name: "manifest-fence" + optional: true # -- (list) Volumes to mount to the container. volumeMounts: @@ -429,6 +427,10 @@ volumeMounts: readOnly: true mountPath: "/var/www/fence/fence-config-public.yaml" subPath: fence-config-public.yaml + - name: "config-volume" + readOnly: true + mountPath: "/var/www/fence/fence-config-secret.yaml" + subPath: fence-config.yaml # -- (list) Volumes to mount to the init container. initVolumeMounts: From 0203cf2cb0b008c150fb8c67795dc4b7baaaa1c3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:26:36 -0600 Subject: [PATCH 197/279] deleting duplicate volumeMount --- .secrets.baseline | 4 ++-- helm/fence/README.md | 2 +- helm/fence/values.yaml | 4 ---- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index c85c9dc9..4a95cdc7 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-13T16:00:36Z", + "generated_at": "2024-06-24T21:26:06Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1967, + "line_number": 1963, "type": "Secret Keyword" } ], diff --git a/helm/fence/README.md b/helm/fence/README.md index f7ec5895..0d173246 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -197,6 +197,6 @@ A Helm chart for gen3 Fence | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | -| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"}]` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"configMap":{"name":"manifest-fence","optional":true},"name":"config-volume-public"}]` | Volumes to attach to the container. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 2f958d47..87147d94 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -427,10 +427,6 @@ volumeMounts: readOnly: true mountPath: "/var/www/fence/fence-config-public.yaml" subPath: fence-config-public.yaml - - name: "config-volume" - readOnly: true - mountPath: "/var/www/fence/fence-config-secret.yaml" - subPath: fence-config.yaml # -- (list) Volumes to mount to the init container. initVolumeMounts: From ef9be460a27d22604a0f29013367bd6cadd3d124 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:35:34 -0600 Subject: [PATCH 198/279] adding empty value for public config --- helm/fence/README.md | 2 +- helm/fence/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/fence/README.md b/helm/fence/README.md index 0d173246..cd1c7821 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -69,7 +69,7 @@ A Helm chart for gen3 Fence | FENCE_CONFIG.SESSION_COOKIE_SECURE | bool | `true` | set if you want browsers to only send cookies with requests over HTTPS | | FENCE_CONFIG.USER_ALLOWED_SCOPES | list | `["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | these are the scopes that CAN be included in a user's own access_token | | FENCE_CONFIG.WTF_CSRF_SECRET_KEY | str | `"{{ENCRYPTION_KEY}}"` | signing key for WTForms to sign CSRF tokens with | -| FENCE_CONFIG_PUBLIC | map | `nil` | Public configuration settings for Fence app | +| FENCE_CONFIG_PUBLIC | map | `{}` | Public configuration settings for Fence app | | USER_YAML | string | `"cloud_providers: {}\ngroups: {}\nauthz:\n # policies automatically given to anyone, even if they haven't authenticated\n anonymous_policies: ['open_data_reader', 'full_open_access']\n\n # policies automatically given to authenticated users (in addition to their other\n # policies)\n all_users_policies: ['open_data_reader', 'authn_open_access']\n\n user_project_to_resource:\n QA: /programs/QA\n DEV: /programs/DEV\n test: /programs/QA/projects/test\n jenkins: /programs/jnkns/projects/jenkins\n jenkins2: /programs/jnkns/projects/jenkins2\n jnkns: /programs/jnkns\n\n policies:\n # General Access\n - id: 'workspace'\n description: 'be able to use workspace'\n resource_paths: ['/workspace']\n role_ids: ['workspace_user']\n - id: 'dashboard'\n description: 'be able to use the commons dashboard'\n resource_paths: ['/dashboard']\n role_ids: ['dashboard_user']\n - id: 'prometheus'\n description: 'be able to use prometheus'\n resource_paths: ['/prometheus']\n role_ids: ['prometheus_user']\n - id: 'ttyadmin'\n description: 'be able to use the admin tty'\n resource_paths: ['/ttyadmin']\n role_ids: ['ttyadmin_user']\n - id: 'mds_admin'\n description: 'be able to use metadata service'\n resource_paths: ['/mds_gateway']\n role_ids: ['mds_user']\n - id: 'data_upload'\n description: 'upload raw data files to S3'\n role_ids: ['file_uploader']\n resource_paths: ['/data_file']\n - description: be able to use sower job\n id: sower\n resource_paths: [/sower]\n role_ids: [sower_user]\n - id: 'mariner_admin'\n description: 'full access to mariner API'\n resource_paths: ['/mariner']\n role_ids: ['mariner_admin']\n - id: audit_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit\n - id: audit_login_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/login\n - id: audit_presigned_url_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/presigned_url\n - id: requestor_admin\n role_ids:\n - requestor_admin\n resource_paths:\n - /programs\n - id: requestor_reader\n role_ids:\n - requestor_reader\n resource_paths:\n - /programs\n - id: requestor_creator\n role_ids:\n - requestor_creator\n resource_paths:\n - /programs\n - id: requestor_updater\n role_ids:\n - requestor_updater\n resource_paths:\n - /programs\n - id: requestor_deleter\n role_ids:\n - requestor_deleter\n resource_paths:\n - /programs\n # Data Access\n\n # All programs policy\n - id: 'all_programs_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/programs']\n\n # # example if need access to write to storage\n # - id: 'programs.jnkns-storage_writer'\n # description: ''\n # role_ids:\n # - 'storage_writer'\n # resource_paths: ['/programs/jnkns']\n\n - id: 'programs.jnkns-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n - id: 'programs.jnkns-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n\n - id: 'programs.QA-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-admin-no-storage'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.DEV-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n - 'storage_writer'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.DEV-storage_writer'\n description: ''\n role_ids:\n - 'storage_writer'\n resource_paths: ['/programs/DEV']\n\n - id: 'programs.DEV-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.test-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'programs.test-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'abc-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/abc'\n\n - id: 'gen3-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/gen3'\n\n - id: 'gen3-hmb-researcher'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/gen3'\n\n - id: 'abc.programs.test_program.projects.test_project1-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project1'\n\n - id: 'abc.programs.test_program.projects.test_project2-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project2'\n\n - id: 'abc.programs.test_program2.projects.test_project3-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program2/projects/test_project3'\n\n # Open data policies\n - id: 'authn_open_access'\n resource_paths: ['/programs/open/projects/authnRequired']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'full_open_access'\n resource_paths: ['/programs/open/projects/1000G']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'open_data_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/open']\n - id: 'open_data_admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_writer'\n - 'storage_reader'\n resource_paths: ['/open']\n\n # Consent Code Policies\n - id: 'not-for-profit-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NPU'\n\n - id: 'publication-required-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/PUB'\n\n - id: 'gru-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n\n - id: 'gru-cc-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n\n - id: 'hmb-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n\n - id: 'poa-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/POA'\n\n - id: 'ds-lung-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_LungDisease'\n\n - id: 'ds-chronic-obstructive-pulmonary-disease-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_ChronicObstructivePulmonaryDisease'\n\n - id: 'services.sheepdog-admin'\n description: 'CRUD access to programs and projects'\n role_ids:\n - 'sheepdog_admin'\n resource_paths:\n - '/services/sheepdog/submission/program'\n - '/services/sheepdog/submission/project'\n\n # indexd\n - id: 'indexd_admin'\n description: 'full access to indexd API'\n role_ids:\n - 'indexd_admin'\n resource_paths:\n - '/programs'\n - '/services/indexd/admin'\n # # TODO resource path '/' is not valid right now in arborist, trying to decide\n # # how to handle all resources\n # - id: 'indexd_admin'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n # - id: 'indexd_record_reader'\n # description: ''\n # role_ids:\n # - 'indexd_record_reader'\n # resource_paths: ['/']\n # - id: 'indexd_record_editor'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # resource_paths: ['/']\n # - id: 'indexd_storage_reader'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # resource_paths: ['/']\n # - id: 'indexd_storage_editor'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n\n # argo\n - id: argo\n description: be able to use argo\n resource_paths: [/argo]\n role_ids: [argo_user]\n\n resources:\n # General Access\n - name: 'data_file'\n description: 'data files, stored in S3'\n - name: 'dashboard'\n description: 'commons /dashboard'\n - name: 'mds_gateway'\n description: 'commons /mds-admin'\n - name: 'prometheus'\n description: 'commons /prometheus and /grafana'\n - name: 'ttyadmin'\n description: 'commons /ttyadmin'\n - name: 'workspace'\n - name: \"sower\"\n - name: 'mariner'\n description: 'workflow execution service'\n - name: argo\n\n # OLD Data\n - name: 'programs'\n subresources:\n - name: 'open'\n subresources:\n - name: 'projects'\n subresources:\n - name: '1000G'\n - name: 'authnRequired'\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # NEW Data WITH PREFIX\n - name: 'gen3'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # consents obtained from DUO and NIH\n # https://github.com/EBISPOT/DUO\n # https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4721915/\n - name: 'consents'\n subresources:\n - name: 'NRES'\n description: 'no restriction'\n - name: 'GRU'\n description: 'general research use'\n - name: 'GRU_CC'\n description: 'general research use and clinical care'\n - name: 'HMB'\n description: 'health/medical/biomedical research'\n - name: 'POA'\n description: 'population origins or ancestry research'\n - name: 'NMDS'\n description: 'no general methods research'\n - name: 'NPU'\n description: 'not-for-profit use only'\n - name: 'PUB'\n description: 'publication required'\n - name: 'DS_LungDisease'\n description: 'disease-specific research for lung disease'\n - name: 'DS_ChronicObstructivePulmonaryDisease'\n description: 'disease-specific research for chronic obstructive pulmonary disease'\n\n - name: 'abc'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'foo'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'bar'\n - name: 'test_program'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project1'\n - name: 'test_project2'\n - name: 'test_program2'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project3'\n\n\n # \"Sheepdog admin\" resources\n - name: 'services'\n subresources:\n - name: 'sheepdog'\n subresources:\n - name: 'submission'\n subresources:\n - name: 'program'\n - name: 'project'\n - name: 'indexd'\n subresources:\n - name: 'admin'\n - name: 'bundles'\n - name: audit\n subresources:\n - name: presigned_url\n - name: login\n\n\n - name: 'open'\n\n # action/methods:\n # create, read, update, delete, read-storage, write-storage,\n # file_upload, access\n roles:\n # General Access\n - id: 'file_uploader'\n description: 'can upload data files'\n permissions:\n - id: 'file_upload'\n action:\n service: '*'\n method: 'file_upload'\n - id: 'workspace_user'\n permissions:\n - id: 'workspace_access'\n action:\n service: 'jupyterhub'\n method: 'access'\n - id: 'dashboard_user'\n permissions:\n - id: 'dashboard_access'\n action:\n service: 'dashboard'\n method: 'access'\n - id: 'mds_user'\n permissions:\n - id: 'mds_access'\n action:\n service: 'mds_gateway'\n method: 'access'\n - id: 'prometheus_user'\n permissions:\n - id: 'prometheus_access'\n action:\n service: 'prometheus'\n method: 'access'\n - id: 'ttyadmin_user'\n permissions:\n - id: 'ttyadmin_access'\n action:\n service: 'ttyadmin'\n method: 'access'\n - id: 'sower_user'\n permissions:\n - id: 'sower_access'\n action:\n service: 'job'\n method: 'access'\n - id: 'mariner_admin'\n permissions:\n - id: 'mariner_access'\n action:\n service: 'mariner'\n method: 'access'\n - id: audit_reader\n permissions:\n - id: audit_reader_action\n action:\n service: audit\n method: read\n\n # All services\n - id: 'admin'\n description: ''\n permissions:\n - id: 'admin'\n action:\n service: '*'\n method: '*'\n - id: 'creator'\n description: ''\n permissions:\n - id: 'creator'\n action:\n service: '*'\n method: 'create'\n - id: 'reader'\n description: ''\n permissions:\n - id: 'reader'\n action:\n service: '*'\n method: 'read'\n - id: 'updater'\n description: ''\n permissions:\n - id: 'updater'\n action:\n service: '*'\n method: 'update'\n - id: 'deleter'\n description: ''\n permissions:\n - id: 'deleter'\n action:\n service: '*'\n method: 'delete'\n - id: 'storage_writer'\n description: ''\n permissions:\n - id: 'storage_writer'\n action:\n service: '*'\n method: 'write-storage'\n - id: 'storage_reader'\n description: ''\n permissions:\n - id: 'storage_reader'\n action:\n service: '*'\n method: 'read-storage'\n\n\n # Sheepdog admin role\n - id: 'sheepdog_admin'\n description: 'sheepdog admin role for program project crud'\n permissions:\n - id: 'sheepdog_admin_action'\n action:\n service: 'sheepdog'\n method: '*'\n\n\n # indexd\n - id: 'indexd_admin'\n # this only works if indexd.arborist is enabled in manifest!\n description: 'full access to indexd API'\n permissions:\n - id: 'indexd_admin'\n action:\n service: 'indexd'\n method: '*'\n - id: 'indexd_record_creator'\n description: ''\n permissions:\n - id: 'indexd_record_creator'\n action:\n service: 'indexd'\n method: 'create'\n - id: 'indexd_record_reader'\n description: ''\n permissions:\n - id: 'indexd_record_reader'\n action:\n service: 'indexd'\n method: 'read'\n - id: 'indexd_record_updater'\n description: ''\n permissions:\n - id: 'indexd_record_updater'\n action:\n service: 'indexd'\n method: 'update'\n - id: 'indexd_delete_record'\n description: ''\n permissions:\n - id: 'indexd_delete_record'\n action:\n service: 'indexd'\n method: 'delete'\n - id: 'indexd_storage_reader'\n description: ''\n permissions:\n - id: 'indexd_storage_reader'\n action:\n service: 'indexd'\n method: 'read-storage'\n - id: 'indexd_storage_writer'\n description: ''\n permissions:\n - id: 'indexd_storage_writer'\n action:\n service: 'indexd'\n method: 'write-storage'\n\n # arborist\n - id: 'arborist_creator'\n description: ''\n permissions:\n - id: 'arborist_creator'\n action:\n service: 'arborist'\n method: 'create'\n - id: 'arborist_reader'\n description: ''\n permissions:\n - id: 'arborist_reader'\n action:\n service: 'arborist'\n method: 'read'\n - id: 'arborist_updater'\n description: ''\n permissions:\n - id: 'arborist_updater'\n action:\n service: 'arborist'\n method: 'update'\n - id: 'arborist_deleter'\n description: ''\n permissions:\n - id: 'arborist_deleter'\n action:\n service: 'arborist'\n method: 'delete'\n\n # requestor\n - id: requestor_admin\n permissions:\n - id: requestor_admin_action\n action:\n service: requestor\n method: '*'\n - id: requestor_reader\n permissions:\n - id: requestor_reader_action\n action:\n service: requestor\n method: read\n - id: requestor_creator\n permissions:\n - id: requestor_creator_action\n action:\n service: requestor\n method: create\n - id: requestor_updater\n permissions:\n - id: requestor_updater_action\n action:\n service: requestor\n method: update\n - id: requestor_deleter\n permissions:\n - id: requestor_deleter_action\n action:\n service: requestor\n method: delete\n # argo\n - id: argo_user\n permissions:\n - id: argo_access\n action:\n service: argo\n method: access\n\nclients:\n basic-test-client:\n policies:\n - abc-admin\n - gen3-admin\n basic-test-abc-client:\n policies:\n - abc-admin\n wts:\n policies:\n - all_programs_reader\n - workspace\n\nusers:\n ### BEGIN INTERNS SECTION ###\n ### END INTERNS SECTION ###\n qureshi@uchicago.edu:\n admin: true\n policies:\n - data_upload\n - workspace\n - dashboard\n - mds_admin\n - prometheus\n - sower\n - services.sheepdog-admin\n - programs.QA-admin\n - programs.test-admin\n - programs.DEV-admin\n - programs.jnkns-admin\n - indexd_admin\n - ttyadmin\n projects:\n - auth_id: QA\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: test\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: DEV\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins2\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jnkns\n privilege: [create, read, update, delete, upload, read-storage]\n"` | USER YAML. Passed in as a multiline string. | | affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 87147d94..3f8a0c69 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -1394,7 +1394,7 @@ USER_YAML: | privilege: [create, read, update, delete, upload, read-storage] # -- (map) Public configuration settings for Fence app -FENCE_CONFIG_PUBLIC: +FENCE_CONFIG_PUBLIC: {} # -- (map) Private configuration settings for Fence app FENCE_CONFIG: From 4640d7557a83f969cacbfd57cd4f824745b5e37d Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Thu, 27 Jun 2024 14:13:39 +1000 Subject: [PATCH 199/279] Support for AWS WAF chart version bump version bump --- helm/gen3/Chart.yaml | 4 ++-- helm/revproxy/Chart.yaml | 4 ++-- helm/revproxy/templates/ingress_aws.yaml | 3 +++ helm/revproxy/values.yaml | 6 ++++++ 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index f6b02649..d5f9c23d 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -76,7 +76,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.14 + version: 0.1.15 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.36 +version: 0.1.37 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 37c50386..92dd3317 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.11 repository: file://../common diff --git a/helm/revproxy/templates/ingress_aws.yaml b/helm/revproxy/templates/ingress_aws.yaml index cd0f1da7..612dad43 100644 --- a/helm/revproxy/templates/ingress_aws.yaml +++ b/helm/revproxy/templates/ingress_aws.yaml @@ -11,6 +11,9 @@ metadata: alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04 + {{- if .Values.global.aws.wafv2.enabled }} + alb.ingress.kubernetes.io/wafv2-acl-arn: {{ .Values.global.aws.wafv2.wafAclArn }} + {{- end }} spec: ingressClassName: alb rules: diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 80039806..44d0f3ed 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -16,6 +16,12 @@ global: awsAccessKeyId: # -- (string) Credentials for AWS stuff. awsSecretAccessKey: + # -- (map) WAF configuration + wafv2: + # -- (bool) Set to true if using AWS WAFv2 + enabled: false + # -- (string) ARN for the WAFv2 ACL. + wafAclArn: # -- (bool) Whether the deployment is for development purposes. dev: true From fbcac81feecf151c77c0074b1aca9449d420b956 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:36:08 -0600 Subject: [PATCH 200/279] version bump --- .secrets.baseline | 6 +++--- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 4 ++-- helm/revproxy/README.md | 9 ++++++--- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4a95cdc7..dad0a32c 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-06-24T21:26:06Z", + "generated_at": "2024-07-02T16:36:02Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -602,14 +602,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 47, + "line_number": 50, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 77, "type": "Secret Keyword" } ], diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index ca725c28..aabaef86 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.37 +version: 0.1.38 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 17e87b6e..cb5cfcaf 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.37](https://img.shields.io/badge/Version-0.1.37-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.38](https://img.shields.io/badge/Version-0.1.38-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../pidgin | pidgin | 0.1.10 | | file://../portal | portal | 0.1.15 | | file://../requestor | requestor | 0.1.11 | -| file://../revproxy | revproxy | 0.1.14 | +| file://../revproxy | revproxy | 0.1.15 | | file://../sheepdog | sheepdog | 0.1.14 | | file://../sower | sower | 0.1.11 | | file://../ssjdispatcher | ssjdispatcher | 0.1.9 | diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 59baa504..49a3d9dd 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.11 | ## Values @@ -26,10 +26,13 @@ A Helm chart for gen3 revproxy | datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"wafv2":{"enabled":false,"wafAclArn":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.wafv2 | map | `{"enabled":false,"wafAclArn":null}` | WAF configuration | +| global.aws.wafv2.enabled | bool | `false` | Set to true if using AWS WAFv2 | +| global.aws.wafv2.wafAclArn | string | `nil` | ARN for the WAFv2 ACL. | | global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | From ae987385e9bcd1ce44c5d2a6519c95bedd72caa2 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:38:57 -0600 Subject: [PATCH 201/279] version bump --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index aabaef86..ccedae64 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -76,7 +76,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.15 + version: 0.1.16 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog diff --git a/helm/gen3/README.md b/helm/gen3/README.md index cb5cfcaf..fa6ed288 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../pidgin | pidgin | 0.1.10 | | file://../portal | portal | 0.1.15 | | file://../requestor | requestor | 0.1.11 | -| file://../revproxy | revproxy | 0.1.15 | +| file://../revproxy | revproxy | 0.1.16 | | file://../sheepdog | sheepdog | 0.1.14 | | file://../sower | sower | 0.1.11 | | file://../ssjdispatcher | ssjdispatcher | 0.1.9 | diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 92dd3317..49401320 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 49a3d9dd..53a75103 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From c8c7589925260923d848d8cae01d333c31506795 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 11 Jul 2024 19:29:07 +0200 Subject: [PATCH 202/279] Update docs and add links to docs.gen3.org --- .secrets.baseline | 6 +- README.md | 65 +-------- docs/INGRESS.md | 2 +- docs/PREREQUISITES.md | 4 +- docs/gen3_developer_environments.md | 199 ---------------------------- 5 files changed, 7 insertions(+), 269 deletions(-) delete mode 100644 docs/gen3_developer_environments.md diff --git a/.secrets.baseline b/.secrets.baseline index dad0a32c..7759d495 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-07-02T16:36:02Z", + "generated_at": "2024-07-11T17:28:47Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -63,7 +63,7 @@ "hashed_secret": "64ab0c1d3edc1c8c166351207b840ac7b2a90523", "is_secret": false, "is_verified": false, - "line_number": 87, + "line_number": 59, "type": "Secret Keyword" } ], @@ -88,7 +88,7 @@ "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", "is_secret": false, "is_verified": false, - "line_number": 94, + "line_number": 92, "type": "Secret Keyword" } ], diff --git a/README.md b/README.md index 364a65d7..4c7ac9b9 100644 --- a/README.md +++ b/README.md @@ -14,20 +14,9 @@ helm repo update helm upgrade --install gen3 gen3/gen3 -f ./values.yaml ``` -Assuming you already have the [prerequisites](./docs/PREREQUISITES.md) installed and configured, you can deploy Gen3 with the helm command. +For more information on how to deploy Gen3 with helm, please see the [Gen3 Example Deployment Guide](https://docs.gen3.org/docs/Deployment/Example%20Deployment) - -> **Warning** -> The default Helm chart configuration is not intended for production. The default chart creates a proof of concept (PoC) implementation where all Gen3 services are deployed in the cluster, including postgres and elasticsearch. For production deployments, you must follow the [Production/Cloud Native/Hybrid architecture](./docs/PRODUCTION.md) - - -For a production deployment, you should have strong working knowledge of Kubernetes. This method of deployment has different management, observability, and concepts than traditional deployments. - -In a production deployment: - -- The stateful components, like PostgreSQL or Elasticsearch, must run outside the cluster on PaaS or compute instances. This configuration is required to scale and reliably service the variety of workloads found in production Gen3 environments. - -- You should use Cloud PaaS for PostgreSQL, Elasticsearch, and object storage. +https://docs.gen3.org ## Configuration @@ -56,23 +45,6 @@ fence: ``` - -## Selective deployments -All gen3 services are sub-charts of the gen3 chart (which acts as an umbrella chart). - -For your specific installation of gen3, you may not require all our services. - - -To enable or disable a service you can use this pattern in your `values.yaml` - -```yaml -fence: - enabled: true - -wts: - enabled: false -``` - ## Gen3 Login Options Gen3 does not have any IDP, but can integrate with many. We will cover Google login here, but refer to the fence documentation for additional options. @@ -108,39 +80,6 @@ For `"Authorized redirect URIs"` add `https:///user/login/google/logi After configuration is complete, take note of the client ID that was created. You will need the client ID and client secret to complete the next steps. -# Production deployments -Please read [this](./docs/PRODUCTION.md) for more details on production deployments. - -NOTE: Gen3 helm charts are currently not used in production by CTDS, but we are aiming to do that soon and will have additional documentation on that. - -# Local Development - -For local development you must be connected to a kubernetes cluster. As referenced above in the section `Kubernetes cluster` we recommend using [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your local machine, especially on M1 Mac's. You also get ingress and other benefits out of the box. - -For MacOS users, [Minikube](https://minikube.sigs.k8s.io/docs/start/) equipped with the ingress addon serves as a viable alternative to Rancher Desktop. On Linux, we've observed that using [Kind](https://kind.sigs.k8s.io/) with an NGINX ingress installed often provides a more seamless experience compared to both Rancher Desktop and Minikube. Essentially, Helm requires access to a Kubernetes cluster with ingress capabilities, facilitating the loading of the portal in your browser for an optimal development workflow. - -To install the NGINX ingress: -``` - helm repo add nginx-stable https://helm.nginx.com/stable - helm repo update - kubectl create ns nginx-ingress - helm install nginx-ingress nginx-stable/nginx-ingress --namespace nginx-ingress -``` - -> **Warning** -> If you are using Rancher Desktop you need to increase the vm.max_map_count as outlined [here](https://docs.rancherdesktop.io/how-to-guides/increasing-open-file-limit/) -> If you are using Minikube you will need to enabled the ingress addon as outlined [here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/) - -1. Clone the repository -2. Navigate to the `gen3-helm/helm/gen3` directory and run `helm dependency update` -3. Navigate to the back to the `gen3-helm` directory and create your values.yaml file. See the `TL;DR` section for a minimal example. -4. Run `helm upgrade --install gen3 ./helm/gen3 -f ./values.yaml` - -## Using Skaffold - -Skaffold is a tool for local development that can be used to automatically rebuild and redeploy your application when changes are detected. A minimal skaffold.yaml configuration file has been provided in the gen3-helm directory. Update the values of this file to match your needs. - -Follow the steps above, but instead of doing the helm upgrade --install step, use `skaffold dev` to start the development process. Skaffold will automatically build and deploy your application to your kubernetes cluster. # Troubleshooting diff --git a/docs/INGRESS.md b/docs/INGRESS.md index c51f74d6..cf97466a 100644 --- a/docs/INGRESS.md +++ b/docs/INGRESS.md @@ -1,7 +1,7 @@ # Ingress in Gen3 # Dev -if `global.dev` is set to true, a very basic ingress is created, that works out of the box with `traefik` service that is included in `Rancher-Desktop` +if `global.dev` is set to true, a very basic ingress is created. # AWS diff --git a/docs/PREREQUISITES.md b/docs/PREREQUISITES.md index bbdda80e..8f022d57 100644 --- a/docs/PREREQUISITES.md +++ b/docs/PREREQUISITES.md @@ -24,9 +24,7 @@ Before deploying the Gen3 application using Helm, ensure that the following prer ## Prerequisites ### Kubernetes cluster -Any kubernetes cluster _should_ work. We are testing with EKS, AKS, GKE and Rancher Desktop. - -It is suggested to use [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your laptop, especially on M1 Mac's. You also get ingress and other benefits out of the box. +Any kubernetes cluster _should_ work. We are testing with EKS, AKS, GKE. ### Postgres diff --git a/docs/gen3_developer_environments.md b/docs/gen3_developer_environments.md deleted file mode 100644 index 81994149..00000000 --- a/docs/gen3_developer_environments.md +++ /dev/null @@ -1,199 +0,0 @@ -# Running Gen3 On A Laptop, For Devs - -Welcome to Gen3! - -If you're reading this, I assume you're a developer looking to get started working with Gen3. If so, this guide will help you get an instance of Gen3 up and running on your laptop, which will let you work on Gen3 from anywhere you can write code, no other setup needed. - - -# Kubernetes -Gen3 runs entirely on Kubernetes. Kubernetes is a container orchestrator, and you'll often see it referred to as k8s, or 'k', followed by the 8 letters in 'ubernete', followed by 's'. It is responsible for managing the lifecycle, storage, and networking for a collection of containers, which are packaged into discrete units called "pods". - -If you're not familiar with containers, they're a set of technologies that allow you to run code inside isolated environments on your machine. This provides benefits such as allowing you to manage "machnes" that only exist in software, instead of physical hardware, and isolating applications from each other, to prevent failures from affecting other applications or even all applications on your machine. These are the basic units software that Kubernetes starts up, stops, and schedules, in order to match a state that you define and provide it. - -Kubernetes is primarly meant to run on cloud services, and the big 3 (Amazon Web Services, Microsoft Azure, and Google Cloud) all have robust offerings. While it is designed to run primarily on the cloud, for the sake of developers' ability to work almost anywhere, there are versions (also called flavors) of Kubernetes designed primarily with the laptop or local desktop in mind. The next section will introduce you to the one we'll recommend you use, Rancher Desktop. However you can use another flavor if you think it works better, so long as you can follow the rest of these directions while using them. - -### Installing `kubectl` -Kubectl (I pronounce it cube-cuddle, but others say it differently) is an application that allows you to interface with and control a Kubernetes cluster. In this context, "cluster" simply refers to a group of machines, which can be a group of one, that work together to manage containers. - -It will be an important tool for you as you get more comfortable working with Kubernetes, so we'll install it now. It is a highly-configurable tool that you can install in a lot of ways, so rather than tell you how to do it, we'll let you pick the method that works best for your platform: [Windows](https://kubernetes.io/docs/tasks/tools/install-kubectl-windows) [Mac](https://kubernetes.io/docs/tasks/tools/install-kubectl-macos) [Linux](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux). - -Once you have kubectl installed, you can verify by running `kubectl`. The output should be a help guide. - -### Installing `helm` -Helm is a package manager for Kubernetes that makes it easy to install, upgrade, and manage applications on a Kubernetes cluster. It simplifies the process of installing and configuring complex applications by providing a set of pre-configured templates and options. In this guide, we will show you how to install the Helm command-line interface (CLI) on your machine. - -The installation steps for Helm are rather straightforward. If you're a Homebrew user on Mac, you can use the command `brew install helm` to get it on your machine. If not, head over to the Helm website [here](https://helm.sh/docs/intro/install/) and follow the instructions for your setup. You'll know you've set it up correctly if the output of running the command `helm list` looks like this: - -![image](images/succesfulHelmOutput.png) - -This means that Helm was able to connect to your Rancher k8s cluster, and will be able to install Gen3 in the next step. - - -### Kubernetes on your laptop -There are several ways to run Kubernetes on your laptop, depending on your needs and the resources available on your machine. Some of the most popular options include: - -**Minikube:** Minikube is a lightweight Kubernetes distribution that runs a single-node cluster on your laptop. It is easy to set up and is well suited for local development and testing. - -**Docker for Desktop:** Docker for Desktop includes built-in support for Kubernetes, allowing you to run a single-node cluster on your laptop using the Docker engine. This option is also easy to set up and is well suited for local development and testing. - -**k3s:** k3s is a lightweight Kubernetes distribution that is designed to run on resource-constrained environments. It is a great option for running Kubernetes on your laptop if you have limited resources or need to run multiple clusters. - -**Kind (Kubernetes in Docker):** Kind is a tool for running local Kubernetes clusters using Docker container “nodes”. It creates a cluster by starting multiple Docker containers on the local host. - -**Microk8s:** Microk8s is a fast and efficient Kubernetes distribution that is easy to install and run on a local machine. It uses snaps to package and distribute Kubernetes, making it a great option for users on Ubuntu and other Linux distributions. - -**Vagrant and Virtualbox:** Vagrant is a tool that enables you to create and configure lightweight, reproducible, and portable development environments. You can use it to create a virtual machine running Kubernetes on your laptop using Virtualbox. - -Each of these methods has its own advantages and disadvantages, so you should choose the one that best fits your needs. - -Another option to run Kubernetes on your laptop is **Rancher Desktop.** - -**Rancher Desktop** is an easy-to-use, all-in-one Kubernetes platform that runs on your local machine. It provides a simple and intuitive UI for managing your local Kubernetes cluster, and includes built-in support for Ingress, cert-manager, and other popular add-ons. Rancher Desktop also comes with a built-in Kubernetes dashboard and a set of tools for managing and monitoring your cluster. - -**Rancher Desktop** is our preferred way of running Kubernetes on a laptop, because it provides a user-friendly interface and comes with many pre-configured components, which make it easy to set up and manage your cluster. Additionally, it works well on M1 macbooks, which have new ARM-based processors. - - -### Installing Rancher Desktop -This guide is primarily written with Mac users in mind, but most Linux users should be able to install Rancher Desktop using their distro's package manager. If you're on Mac and using Homebrew, you can type `brew install --cask rancher`. If not, install directions for Linux, Mac, and Windows are available at [the Rancher website.](https://docs.rancherdesktop.io/getting-started/installation/#macOS) Once you have Rancher succesfully installed and the application opened, we can go over how to get your Kubernetes cluster ready for Gen3! - -### Configuring Rancher Desktop -![image](images/rancherReadyForSetup.png) - -Once you can see a blank screen like this, you are ready to begin. If you can't get a screen similar to this, without any warnings, reach out to a Gen3 resource, either the community, or the platform team if you work directly for us. Now, we're going to make a few small tweaks to help Kubernetes run better. - -Click on the gear icon in the top right of your window, then navigate to "virtual machine." These settings control the VM that Kubernetes is going to run on on your laptop, and so striking a the right balance between performance and resource usage is key. - -This guide was developed by people mostly using M1 Macbook Pros with 16GB of RAM and and 8 CPU cores. In a similar situation, this guide recommends allocating half of each (so 8GB of RAM/4 CPU cores) to allow you to run other applications while still deploying all of our services quickly. - -Once you've settled on a CPU and RAM allocation, click on the "Kubernetes" tab. Make sure that Kubernetes is enabled, and the version is set appropriately (if you're not sure, just leave it default). - -Now that you have these steps out of the way, in our next step, we'll install Helm onto our laptop. Helm is a tool for packaging Kubernetes services, much like a Linux package manager or Homebrew for Mac. This will allow us to more easily install Gen3 onto our laptops. - - - -### Installing Gen3 -The first step to installing Gen3 is adding the Gen3 Helm repository. This is just how we package up all the components that make up Gen3, and make them accessible to the public. - -The command to do this is: - -``` -helm repo add gen3 http://helm.gen3.org -helm repo update -``` - -Once you have your repo added, you can install it with the command - -``` -helm upgrade --install dev gen3/gen3 -``` - -If you want to provide overrides you can do so by passing in one, or several values.yaml files. F.ex if you want to pass in user.yaml and fence-config (NB! New format, check out sample files in [this](../sample-values/) folder) - -``` -helm upgrade --install dev gen3/gen3 -f values.yaml -f fence-config.yaml -f user.yaml -``` - - - -See example files: -- [values.yaml](../sample-values/values.yaml) -- [fence-config.yaml](../sample-values/fence-config.yaml) -- [user.yaml](../sample-values/user.yaml) - - -You can combine it all in a single file too if that's easier. - -This command calls out to the repository you created before, named `gen3`, and grabs an "umbrella chart" containing all the services needed to run Gen3. - -Confusingly, this umbrella chart is also called `gen3`, and these two parts combine to form the `gen3/gen3` in the command you see. - -The first `dev` in that command refers to the "release name," or what Helm will call the deployment of Gen3 on your laptop. If that command runs successfully, you will see an output like this: - -![image](helmSuccesfulGen3Install.png) - -### Accessing Gen3 -If everything went well with deploying you should now have an ingress resource, listening for the hostname you provided. - -``` -kubectl get ingress -``` - -If you used Rancher Desktop, and used localhost as your hostname, you should be able to access your application at `https://localhost/` - - -# Troubleshooting - -## Error: couldn't find key dbcreated in Secret default/\*-dbcreds - -This is by design, it’s waiting for your dbcreate job(s) to finish which signals that the services can start. - -## Local Dev Linux (Ubuntu) / Rancher Desktop Problems: - -If you've followed the instructions, see services running, but can't go to `https://localhost` to see portal... keep reading. - -If you see an Apache webpage at `localhost` (installed by default in Ubuntu), you have to kill the Apache service. - -``` -sudo systemctl stop apache2 -``` - -If things still aren't working, reference [this](https://github.com/rancher-sandbox/rancher-desktop/issues/1668), which suggests trying this: - -``` -sudo sysctl net.ipv4.ip_unprivileged_port_start -sudo sysctl net.ipv4.ip_unprivileged_port_start=80 -``` - -Then restart Rancher and try again. - -If things still aren't working, double check your `values.yaml` and make sure you don't have anything in the `global` block (if you're doing local development). Just let it use the defaults (so don't put anything in `values.yaml` for `global`). - - -## Elasticsearch error: - -When you deploy the elasticsearch chart to Rancher Desktop you may see this error and elasticsearch failing to start: - -``` -ERROR: [1] bootstrap checks failed -[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] -``` - -To fix it do the following: - -Get a shell to the VM running k8s/docker in rancher -``` -rdctl shell -``` - -Run this: - -``` -sudo sysctl -w vm.max_map_count=262144 -``` - -If you want to set this permanently, you need to edit `/etc/sysctl.conf` and set `vm.max_map_count` to `262144` . Remember to do this inside the `rdctl shell` too. - -When the host reboots, you can verify that the setting is still correct by running - -``` -sysctl vm.max_map_count -``` - - -# Cool kubernetes tools -Another way to interact with and manage a Kubernetes cluster is by using command-line tools, such as k9s. - -K9s is a terminal-based tool that provides a simple and intuitive UI for interacting with your local Kubernetes cluster. It includes features such as pod management, resource monitoring, and log viewing. k9s also provides a live view of your cluster, making it easy to identify and troubleshoot issues. - -Other similar tools for developers include: - -- Stern: a multi-pod and container log tailing for Kubernetes -- Kube-ps1: a Kubernetes prompt for bash and zsh -- Kube-shell: An integrated shell for working with the Kubernetes CLI -- Skaffold: a command line tool that facilitates continuous development for Kubernetes applications. - - -These command-line tools can be a great option for developers who prefer to work in the terminal and want a more streamlined and efficient way to interact with their cluster. They are lightweight, easy to install and have a small footprint. They provide a simple and efficient way to manage and monitor your cluster. - - - From b35d6e2e72ec031d4106b328121a39a0761c0c92 Mon Sep 17 00:00:00 2001 From: Guerdon Mukama Date: Tue, 30 Jul 2024 11:04:56 +1000 Subject: [PATCH 203/279] Opt-out useryaml when using usersync --- docs/fence_usersync_job.md | 2 +- helm/common/Chart.yaml | 2 +- helm/fence/Chart.yaml | 4 ++-- helm/fence/templates/useryaml-job.yaml | 2 ++ helm/fence/values.yaml | 2 +- helm/gen3/Chart.yaml | 6 +++--- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index 214ebebc..26b50492 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -1,6 +1,6 @@ # Fence Usersync CronJob -If `.Values.usersync.usersync` is set to true, the Fence usersync-cron.yaml will be deployed to the cluster. +If `.Values.usersync.usersync` is set to true, the Fence usersync-cron.yaml will be deployed to the cluster, otherwise useryaml job will be deployed instead of usersync. User lists can be synced from three sources: diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 11151e9d..768bff1f 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index b4bd4825..e145f4a4 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.11 + version: 0.1.12 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/templates/useryaml-job.yaml b/helm/fence/templates/useryaml-job.yaml index 6adb96c4..064c4f2a 100644 --- a/helm/fence/templates/useryaml-job.yaml +++ b/helm/fence/templates/useryaml-job.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.usersync.usersync }} kind: ConfigMap apiVersion: v1 metadata: @@ -47,3 +48,4 @@ spec: # can be removed once this is merged: https://github.com/uc-cdis/fence/pull/1096 fence-create sync --arborist http://arborist-service --yaml /var/www/fence/user.yaml restartPolicy: OnFailure +{{ end }} \ No newline at end of file diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 3f8a0c69..1adc7927 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -100,7 +100,7 @@ externalSecrets: # -- (map) Configuration options for usersync cronjob. usersync: # -- (bool) Whether to run Fence usersync or not. - usersync: true + usersync: false # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. schedule: "*/30 * * * *" # -- (string) To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index ccedae64..75acff50 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -25,7 +25,7 @@ dependencies: repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.11 + version: 0.1.12 repository: file://../common - name: etl version: 0.1.1 @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.19 + version: 0.1.20 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.38 +version: 0.1.39 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From eb1521622da2505953309f34ee0ab68a0706fff4 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 1 Aug 2024 19:48:40 +0200 Subject: [PATCH 204/279] Dynamically configure env vars for frontend-framework and reload on change --- .secrets.baseline | 6 +++--- helm/common/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 8 ++++---- helm/frontend-framework/Chart.yaml | 4 ++-- helm/frontend-framework/README.md | 5 +++-- helm/frontend-framework/templates/configMap.yaml | 10 ++++++++++ helm/frontend-framework/templates/deployment.yaml | 8 ++++++-- helm/frontend-framework/values.yaml | 3 +++ helm/gen3/Chart.yaml | 6 +++--- helm/gen3/README.md | 8 ++++---- 11 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 helm/frontend-framework/templates/configMap.yaml diff --git a/.secrets.baseline b/.secrets.baseline index dad0a32c..d85e0cff 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-07-02T16:36:02Z", + "generated_at": "2024-08-01T17:42:56Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -330,14 +330,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 54, "type": "Secret Keyword" } ], diff --git a/helm/common/README.md b/helm/common/README.md index 1fe4bdf7..64833c45 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index e145f4a4..9bb1464d 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 +version: 0.1.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index cd1c7821..1e38aa2e 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.11 | +| file://../common | common | 0.1.12 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -187,7 +187,7 @@ A Helm chart for gen3 Fence | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `"fence-sa"` | The name of the service account | | tolerations | list | `[]` | Tolerations for the pods | -| usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":true}` | Configuration options for usersync cronjob. | +| usersync | map | `{"addDbgap":false,"custom_image":null,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | | usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | usersync.custom_image | string | `nil` | To set a custom image for pulling the user.yaml file from S3. Default is the Gen3 Awshelper image. | | usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | @@ -196,7 +196,7 @@ A Helm chart for gen3 Fence | usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | usersync.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | -| usersync.usersync | bool | `true` | Whether to run Fence usersync or not. | +| usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"configMap":{"name":"manifest-fence","optional":true},"name":"config-volume-public"}]` | Volumes to attach to the container. | diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index a86f9eb1..0bc88e54 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.10 + version: 0.1.12 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 8c515bb3..da8e909a 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.12 | ## Values @@ -32,6 +32,7 @@ A Helm chart for the gen3 frontend framework | datadogLogsInjection | bool | `false` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | | datadogProfilingEnabled | bool | `false` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | | datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | +| env | list | `[]` | List of environment variables to add to the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/frontend-framework/templates/configMap.yaml b/helm/frontend-framework/templates/configMap.yaml new file mode 100644 index 00000000..f8cd1c23 --- /dev/null +++ b/helm/frontend-framework/templates/configMap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "frontend-framework.fullname" . }}-configmap + labels: + {{- include "frontend-framework.labels" . | nindent 4 }} +data: + {{- range $key, $val := .Values.env }} + {{ $key }}: {{ $val | quote }} + {{- end }} \ No newline at end of file diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index ccb18398..67699b85 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -12,13 +12,13 @@ spec: matchLabels: {{- include "frontend-framework.selectorLabels" . | nindent 6 }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - strategy: {{- toYaml .Values.strategy | nindent 8 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -62,6 +62,10 @@ spec: - containerPort: 80 name: http protocol: TCP + envFrom: + - configMapRef: + name: {{ include "frontend-framework.fullname" . }}-configmap + optional: true env: {{- if .Values.global.ddEnabled }} {{- include "common.datadogEnvVar" . | nindent 12 }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 03bb3777..c69fc102 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -122,6 +122,9 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# -- (list) List of environment variables to add to the deployment. +env: [] + # -- (map) Node selector to apply to the pod nodeSelector: {} diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 75acff50..0ed8ea56 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -32,11 +32,11 @@ dependencies: repository: file://../etl condition: etl.enabled - name: frontend-framework - version: 0.1.1 + version: 0.1.2 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.20 + version: 0.1.21 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.39 +version: 0.1.40 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index fa6ed288..6f85d44d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.38](https://img.shields.io/badge/Version-0.1.38-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.40](https://img.shields.io/badge/Version-0.1.40-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -23,10 +23,10 @@ Helm chart to deploy Gen3 Data Commons | file://../argo-wrapper | argo-wrapper | 0.1.7 | | file://../audit | audit | 0.1.12 | | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | -| file://../common | common | 0.1.11 | +| file://../common | common | 0.1.12 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.19 | -| file://../frontend-framework | frontend-framework | 0.1.1 | +| file://../fence | fence | 0.1.21 | +| file://../frontend-framework | frontend-framework | 0.1.2 | | file://../guppy | guppy | 0.1.12 | | file://../hatchery | hatchery | 0.1.9 | | file://../indexd | indexd | 0.1.14 | From e0a5c28108548854c073b1ae2e665e6a6a334742 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 1 Aug 2024 19:52:40 +0200 Subject: [PATCH 205/279] Bump common chart --- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 768bff1f..5b93f896 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 64833c45..18560be1 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 0bc88e54..69ce52da 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.12 + version: 0.1.13 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index da8e909a..27d8eeca 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.12 | +| file://../common | common | 0.1.13 | ## Values diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 0ed8ea56..f893dc62 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -25,7 +25,7 @@ dependencies: repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.12 + version: 0.1.13 repository: file://../common - name: etl version: 0.1.1 diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 6f85d44d..309c628d 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -23,7 +23,7 @@ Helm chart to deploy Gen3 Data Commons | file://../argo-wrapper | argo-wrapper | 0.1.7 | | file://../audit | audit | 0.1.12 | | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | -| file://../common | common | 0.1.12 | +| file://../common | common | 0.1.13 | | file://../etl | etl | 0.1.1 | | file://../fence | fence | 0.1.21 | | file://../frontend-framework | frontend-framework | 0.1.2 | From 7c66bdd237747ca844dba6fb29b0e790351e6bba Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 1 Aug 2024 20:00:33 +0200 Subject: [PATCH 206/279] Bump common chart --- .secrets.baseline | 14 +++++++------- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index d85e0cff..b4c8ad20 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-08-01T17:42:56Z", + "generated_at": "2024-08-01T18:00:24Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -229,35 +229,35 @@ "hashed_secret": "7f57cb0116aa983d9844a39f6da9244cf98036b1", "is_secret": false, "is_verified": false, - "line_number": 92, + "line_number": 93, "type": "Secret Keyword" }, { "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", "is_secret": false, "is_verified": false, - "line_number": 102, + "line_number": 103, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 127, + "line_number": 128, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 154, + "line_number": 155, "type": "Secret Keyword" }, { - "hashed_secret": "9d8fada0e01336e865c461bb3549084d206fe6da", + "hashed_secret": "5c5a68077af6fa84424411537dda76467f993a83", "is_secret": false, "is_verified": false, - "line_number": 200, + "line_number": 201, "type": "Secret Keyword" } ], diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 9bb1464d..99bafac4 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.12 + version: 0.1.13 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index 1e38aa2e..3b650cc7 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.12 | +| file://../common | common | 0.1.13 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From c5cd72fbc2a556aef62be1a9b08eee6d098abcd0 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:52:17 -0600 Subject: [PATCH 207/279] Modified our helm charts to be able to include annotations for Grafana. Removed old DD setup. Added hostname label to default selectorLabels. --- .secrets.baseline | 88 +++++++++---------- helm/ambassador/Chart.yaml | 4 +- helm/ambassador/README.md | 9 +- helm/ambassador/templates/deployment.yaml | 14 +-- helm/ambassador/values.yaml | 12 +-- helm/arborist/Chart.yaml | 4 +- helm/arborist/README.md | 9 +- helm/arborist/templates/deployment.yaml | 15 ++-- helm/arborist/values.yaml | 12 +-- helm/argo-wrapper/Chart.yaml | 4 +- helm/argo-wrapper/README.md | 9 +- helm/argo-wrapper/templates/deployment.yaml | 13 +-- helm/argo-wrapper/values.yaml | 12 +-- helm/audit/Chart.yaml | 4 +- helm/audit/README.md | 9 +- helm/audit/templates/deployment.yaml | 14 +-- helm/audit/values.yaml | 12 +-- helm/aws-es-proxy/Chart.yaml | 4 +- helm/aws-es-proxy/README.md | 9 +- helm/aws-es-proxy/templates/deployment.yaml | 15 ++-- helm/aws-es-proxy/values.yaml | 12 +-- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/common/templates/_datadog_setup.tpl | 35 -------- helm/common/templates/_labels_setup.tpl | 6 ++ helm/dicom-server/Chart.yaml | 4 +- helm/dicom-server/README.md | 9 +- helm/dicom-server/templates/deployment.yaml | 13 +-- helm/dicom-server/values.yaml | 12 +-- helm/dicom-viewer/Chart.yaml | 4 +- helm/dicom-viewer/README.md | 9 +- helm/dicom-viewer/templates/deployment.yaml | 13 +-- helm/dicom-viewer/values.yaml | 12 +-- helm/fence/Chart.yaml | 4 +- helm/fence/README.md | 9 +- helm/fence/templates/fence-deployment.yaml | 14 +-- helm/fence/values.yaml | 12 +-- helm/frontend-framework/Chart.yaml | 4 +- helm/frontend-framework/README.md | 11 +-- .../templates/deployment.yaml | 12 +-- helm/frontend-framework/values.yaml | 12 +-- helm/gen3/Chart.yaml | 4 +- helm/gen3/README.md | 6 +- helm/gen3/values.yaml | 4 +- helm/guppy/Chart.yaml | 4 +- helm/guppy/README.md | 9 +- helm/guppy/templates/deployment.yaml | 11 +-- helm/guppy/values.yaml | 11 +-- helm/hatchery/Chart.yaml | 4 +- helm/hatchery/README.md | 9 +- helm/hatchery/templates/deployment.yaml | 14 +-- helm/hatchery/values.yaml | 14 +-- helm/indexd/Chart.yaml | 4 +- helm/indexd/README.md | 9 +- helm/indexd/templates/deployment.yaml | 14 +-- helm/indexd/values.yaml | 12 +-- helm/manifestservice/Chart.yaml | 4 +- helm/manifestservice/README.md | 9 +- .../manifestservice/templates/deployment.yaml | 11 +-- helm/manifestservice/values.yaml | 11 +-- helm/metadata/Chart.yaml | 4 +- helm/metadata/README.md | 9 +- helm/metadata/templates/deployment.yaml | 11 +-- helm/metadata/values.yaml | 12 +-- helm/peregrine/Chart.yaml | 4 +- helm/peregrine/README.md | 9 +- helm/peregrine/templates/deployment.yaml | 14 +-- helm/peregrine/values.yaml | 12 +-- helm/pidgin/Chart.yaml | 4 +- helm/pidgin/README.md | 4 +- helm/portal/Chart.yaml | 4 +- helm/portal/README.md | 9 +- helm/portal/templates/deployment.yaml | 14 +-- helm/portal/values.yaml | 13 +-- helm/requestor/Chart.yaml | 4 +- helm/requestor/README.md | 9 +- helm/requestor/templates/deployment.yaml | 11 +-- helm/requestor/values.yaml | 12 +-- helm/revproxy/Chart.yaml | 4 +- helm/revproxy/README.md | 9 +- helm/revproxy/templates/deployment.yaml | 14 +-- helm/revproxy/values.yaml | 12 +-- helm/sheepdog/Chart.yaml | 4 +- helm/sheepdog/README.md | 9 +- helm/sheepdog/templates/deployment.yaml | 11 +-- helm/sheepdog/values.yaml | 12 +-- helm/sower/Chart.yaml | 4 +- helm/sower/README.md | 6 +- helm/sower/templates/deployment.yaml | 4 + helm/sower/values.yaml | 4 +- helm/ssjdispatcher/Chart.yaml | 4 +- helm/ssjdispatcher/README.md | 9 +- helm/ssjdispatcher/templates/deployment.yaml | 11 +-- helm/ssjdispatcher/values.yaml | 12 +-- helm/wts/Chart.yaml | 4 +- helm/wts/README.md | 9 +- helm/wts/templates/deployment.yaml | 14 +-- helm/wts/values.yaml | 12 +-- 98 files changed, 302 insertions(+), 672 deletions(-) delete mode 100644 helm/common/templates/_datadog_setup.tpl diff --git a/.secrets.baseline b/.secrets.baseline index b4c8ad20..8a860132 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-08-01T18:00:24Z", + "generated_at": "2024-08-29T17:51:56Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -140,14 +140,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 73, + "line_number": 70, "type": "Secret Keyword" } ], @@ -156,21 +156,21 @@ "hashed_secret": "a04a85e28ae4f699c0f8d014ad41160c9b9206f0", "is_secret": false, "is_verified": false, - "line_number": 39, + "line_number": 36, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 62, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 85, + "line_number": 82, "type": "Secret Keyword" } ], @@ -204,14 +204,14 @@ "hashed_secret": "b47233f6f28e9716c72d5eba0278edea3a24baad", "is_secret": false, "is_verified": false, - "line_number": 38, + "line_number": 35, "type": "Secret Keyword" }, { "hashed_secret": "3f6d5580af2ddf647ca25346aa6ec9c434577d05", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 51, "type": "Secret Keyword" } ], @@ -229,35 +229,35 @@ "hashed_secret": "7f57cb0116aa983d9844a39f6da9244cf98036b1", "is_secret": false, "is_verified": false, - "line_number": 93, + "line_number": 90, "type": "Secret Keyword" }, { "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", "is_secret": false, "is_verified": false, - "line_number": 103, + "line_number": 100, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 128, + "line_number": 125, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 155, + "line_number": 152, "type": "Secret Keyword" }, { "hashed_secret": "5c5a68077af6fa84424411537dda76467f993a83", "is_secret": false, "is_verified": false, - "line_number": 201, + "line_number": 198, "type": "Secret Keyword" } ], @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1963, + "line_number": 1955, "type": "Secret Keyword" } ], @@ -330,14 +330,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 49, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 54, + "line_number": 51, "type": "Secret Keyword" } ], @@ -371,7 +371,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 58, "type": "Secret Keyword" } ], @@ -380,14 +380,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 48, + "line_number": 45, "type": "Secret Keyword" }, { "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", "is_secret": false, "is_verified": false, - "line_number": 56, + "line_number": 53, "type": "Secret Keyword" } ], @@ -405,28 +405,28 @@ "hashed_secret": "167402961a8c8a8b3764e865e865efa9ada95369", "is_secret": false, "is_verified": false, - "line_number": 30, + "line_number": 27, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 71, "type": "Secret Keyword" }, { "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", "is_secret": true, "is_verified": false, - "line_number": 108, + "line_number": 105, "type": "Secret Keyword" } ], @@ -444,14 +444,14 @@ "hashed_secret": "cc524de4657898e872ff46e0a9256f4e186cdfe6", "is_secret": false, "is_verified": false, - "line_number": 36, + "line_number": 33, "type": "Secret Keyword" }, { "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", "is_secret": false, "is_verified": false, - "line_number": 86, + "line_number": 83, "type": "Secret Keyword" } ], @@ -469,21 +469,21 @@ "hashed_secret": "cbdb7939a61698c9c866ea614399ef7eb7770c68", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 46, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 71, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 93, + "line_number": 90, "type": "Secret Keyword" } ], @@ -492,21 +492,21 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 52, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 71, + "line_number": 68, "type": "Secret Keyword" }, { "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", "is_secret": false, "is_verified": false, - "line_number": 103, + "line_number": 100, "type": "Secret Keyword" } ], @@ -549,21 +549,21 @@ "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_secret": false, "is_verified": false, - "line_number": 38, + "line_number": 35, "type": "Base64 High Entropy String" }, { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_secret": false, "is_verified": false, - "line_number": 42, + "line_number": 39, "type": "Base64 High Entropy String" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 59, "type": "Secret Keyword" } ], @@ -571,13 +571,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 480, + "line_number": 471, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 483, + "line_number": 474, "type": "Base64 High Entropy String" } ], @@ -586,14 +586,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 64, + "line_number": 61, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 87, + "line_number": 84, "type": "Secret Keyword" } ], @@ -627,14 +627,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 64, + "line_number": 61, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 79, + "line_number": 76, "type": "Secret Keyword" } ], @@ -686,14 +686,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 55, "type": "Secret Keyword" }, { "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", "is_secret": false, "is_verified": false, - "line_number": 113, + "line_number": 110, "type": "Secret Keyword" } ], @@ -720,14 +720,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 50, "type": "Secret Keyword" }, { "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", "is_secret": false, "is_verified": false, - "line_number": 74, + "line_number": 71, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index b525c4d0..7ff947a9 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 2e684849..b27aa25b 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -22,12 +22,9 @@ A Helm chart for deploying ambassador for gen3 | autoscaling.targetCPUUtilizationPercentage | int | `60` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `"ambassador-deployment"` | Override the full name of the deployment. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/datawire/ambassador","tag":"1.4.2"}` | Docker image information. | diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index ec6683ca..48866872 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: ambassador-deployment labels: {{- include "ambassador.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "ambassador.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "ambassador.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: affinity: podAntiAffinity: @@ -49,9 +46,6 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 10 }} - {{- end }} - name: AMBASSADOR_NAMESPACE value: {{ printf "%s-%s" .Values.userNamespace .Release.Name | quote }} - name: AMBASSADOR_SINGLE_NAMESPACE diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index 0a78ca53..420f9801 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -5,8 +5,8 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -116,11 +116,3 @@ partOf: "Workspace-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 39696872..555c11fa 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 74cb57d6..cae81cba 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -23,9 +23,6 @@ A Helm chart for gen3 arborist | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}]` | Environment variables to pass to the container | | env[0] | string | `{"name":"JWKS_ENDPOINT","value":"http://fence-service/.well-known/jwks"}` | The URL of the JSON Web Key Set (JWKS) endpoint for authentication | | externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | @@ -35,7 +32,6 @@ A Helm chart for gen3 arborist | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -43,6 +39,7 @@ A Helm chart for gen3 arborist | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index 3fb7963e..d5b9a42a 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: arborist-deployment labels: {{- include "arborist.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "arborist.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "arborist.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -74,9 +71,7 @@ spec: # run arborist /go/src/github.com/uc-cdis/arborist/bin/arborist env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} + {{- toYaml .Values.env | nindent 12 }} - name: PGPASSWORD valueFrom: diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index c472742f..6c50b706 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -227,11 +227,3 @@ partOf: "Authentication" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 57d20124..b43e8925 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index d6ce7750..aa08fc77 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -28,12 +28,9 @@ A Helm chart for gen3 Argo Wrapper Service | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | environment | string | `"default"` | Environment name. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index 7dfc6e21..c35b4cbc 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -8,9 +8,6 @@ metadata: {{- end }} labels: {{- include "argo-wrapper.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -30,8 +27,9 @@ spec: # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -62,7 +60,4 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} - env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} \ No newline at end of file + env: \ No newline at end of file diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index e98ca8a7..d2265ecb 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -7,8 +7,8 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -135,11 +135,3 @@ partOf: "Apps-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 2295c602..4112d571 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 8d4ffa2c..b0d92f5f 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -32,9 +32,6 @@ A Helm chart for Kubernetes | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"DEBUG","value":"false"},{"name":"ARBORIST_URL","valueFrom":{"configMapKeyRef":{"key":"arborist_url","name":"manifest-global","optional":true}}}]` | Environment variables to pass to the container | | externalSecrets | map | `{"auditG3auto":null,"createK8sAuditSecret":false,"dbcreds":null}` | External Secrets settings. | | externalSecrets.auditG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "audit-g3auto" | @@ -45,7 +42,6 @@ A Helm chart for Kubernetes | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -53,6 +49,7 @@ A Helm chart for Kubernetes | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index 6d4db6f6..ccb5c732 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: audit-deployment labels: {{- include "audit.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "audit.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "audit.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: serviceAccountName: {{ include "audit.serviceAccountName" . }} volumes: @@ -56,9 +53,6 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: DB_HOST valueFrom: secretKeyRef: diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 0112fb8a..025298fa 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -52,8 +52,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -278,11 +278,3 @@ partOf: "Logging" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 7fea05b3..4b3e15e7 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 873a0e41..4e1367b5 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -22,9 +22,6 @@ A Helm chart for AWS ES Proxy Service for gen3 | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | esEndpoint | str | `"test.us-east-1.es.amazonaws.com"` | Elasticsearch endpoint in AWS | | externalSecrets | map | `{"awsCreds":"aws-es-proxy-aws-credentials"}` | External Secrets settings. | | externalSecrets.awsCreds | string | `"aws-es-proxy-aws-credentials"` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | @@ -32,10 +29,10 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index cd555b93..fc486629 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -2,15 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: aws-es-proxy-deployment - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "aws-es-proxy.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -28,9 +25,10 @@ spec: labels: {{- include "aws-es-proxy.selectorLabels" . | nindent 8 }} netvpc: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} spec: automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} volumes: @@ -46,9 +44,6 @@ spec: {{- toYaml . | nindent 12}} {{- end }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: ES_ENDPOINT value: {{ .Values.esEndpoint }} {{- with .Values.volumeMounts }} diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 11c1c200..edc2b8ff 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -15,8 +15,8 @@ global: awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -127,11 +127,3 @@ partOf: "Explorer-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 5b93f896..428238e2 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 18560be1..6888a8c4 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/common/templates/_datadog_setup.tpl b/helm/common/templates/_datadog_setup.tpl deleted file mode 100644 index 4775e833..00000000 --- a/helm/common/templates/_datadog_setup.tpl +++ /dev/null @@ -1,35 +0,0 @@ -{{/* - Datadog Labels and Environment variables that will be inserted into the deployment.yaml of any chart the sets ddEnabled to "true". - Will use the parent chart's name and versionn as well as the values "environment", "datadogLogsInjection", "datadogProfilingEnabled", and "datadogTraceSampleRate" defined in the values.yaml file. -*/}} - -{{- define "common.datadogLabels" -}} -tags.datadoghq.com/env: {{ .Values.global.environment }} -tags.datadoghq.com/service: {{ .Chart.Name }} -tags.datadoghq.com/version: {{ .Chart.Version }} -{{- end }} - -{{- define "common.datadogEnvVar" -}} -- name: DD_ENV - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/env'] -- name: DD_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/service'] -- name: DD_VERSION - valueFrom: - fieldRef: - fieldPath: metadata.labels['tags.datadoghq.com/version'] -- name: DD_LOGS_INJECTION - value: {{ .Values.datadogLogsInjection | quote }} -- name: DD_PROFILING_ENABLED - value: {{ .Values.datadogProfilingEnabled | quote }} -- name: DD_TRACE_SAMPLE_RATE - value: {{ .Values.datadogTraceSampleRate | quote }} -- name: DD_AGENT_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP -{{- end }} \ No newline at end of file diff --git a/helm/common/templates/_labels_setup.tpl b/helm/common/templates/_labels_setup.tpl index b6ba3eb8..614ad1e0 100644 --- a/helm/common/templates/_labels_setup.tpl +++ b/helm/common/templates/_labels_setup.tpl @@ -28,10 +28,16 @@ release: "dev" {{- define "common.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ .Release.Name }} +hostname: {{ .Values.global.hostname }} app: {{ .Chart.Name }} {{- if eq .Values.release "production"}} release: "production" {{- else }} release: "dev" {{- end }} +{{- end }} + +{{- define "common.grafanaAnnotations" -}} +prometheus.io/path: /metrics +prometheus.io/scrape: "true" {{- end }} \ No newline at end of file diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 4741141b..9737e96a 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f95924f0..17f87e0e 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -21,11 +21,8 @@ A Helm chart for gen3 Dicom Server | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | diff --git a/helm/dicom-server/templates/deployment.yaml b/helm/dicom-server/templates/deployment.yaml index d7090ab9..dddd38c7 100644 --- a/helm/dicom-server/templates/deployment.yaml +++ b/helm/dicom-server/templates/deployment.yaml @@ -2,15 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: dicom-server-deployment - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "dicom-server.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -25,8 +22,9 @@ spec: labels: {{- include "dicom-server.selectorLabels" . | nindent 8 }} public: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.volumes }} @@ -54,9 +52,6 @@ spec: ports: - containerPort: 8042 env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index 3cf06900..a4361072 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -7,8 +7,8 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -94,11 +94,3 @@ partOf: "Imaging" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 4835cfea..f14ad58e 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 28eec517..86d269ff 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -21,11 +21,8 @@ A Helm chart for gen3 Dicom Viewer | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ohif-viewer","tag":"master"}` | Docker image information. | diff --git a/helm/dicom-viewer/templates/deployment.yaml b/helm/dicom-viewer/templates/deployment.yaml index a34e4089..91da07a0 100644 --- a/helm/dicom-viewer/templates/deployment.yaml +++ b/helm/dicom-viewer/templates/deployment.yaml @@ -2,15 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: dicom-viewer-deployment - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "dicom-viewer.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -24,8 +21,9 @@ spec: labels: {{- include "dicom-viewer.selectorLabels" . | nindent 8 }} public: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: containers: @@ -49,9 +47,6 @@ spec: ports: - containerPort: 80 env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 10 }} diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 01c3995b..10fc893f 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -7,8 +7,8 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -58,11 +58,3 @@ partOf: "Imaging" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 99bafac4..0224cedd 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.21 +version: 0.1.22 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.13 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index 3b650cc7..d305c867 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.22](https://img.shields.io/badge/Version-0.1.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.13 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -86,9 +86,6 @@ A Helm chart for gen3 Fence | autoscaling.targetMemoryUtilizationPercentage | int | `80` | Target Memory utilization percentage | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"GEN3_UWSGI_TIMEOUT","valueFrom":{"configMapKeyRef":{"key":"uwsgi-timeout","name":"manifest-global","optional":true}}},{"name":"DD_AGENT_HOST","valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}},{"name":"AWS_STS_REGIONAL_ENDPOINTS","value":"regional"},{"name":"PYTHONPATH","value":"/var/www/fence"},{"name":"GEN3_DEBUG","value":"False"},{"name":"PGHOST","valueFrom":{"secretKeyRef":{"key":"host","name":"fence-dbcreds","optional":false}}},{"name":"PGUSER","valueFrom":{"secretKeyRef":{"key":"username","name":"fence-dbcreds","optional":false}}},{"name":"PGPASSWORD","valueFrom":{"secretKeyRef":{"key":"password","name":"fence-dbcreds","optional":false}}},{"name":"PGDB","valueFrom":{"secretKeyRef":{"key":"database","name":"fence-dbcreds","optional":false}}},{"name":"DBREADY","valueFrom":{"secretKeyRef":{"key":"dbcreated","name":"fence-dbcreds","optional":false}}},{"name":"DB","value":"postgresql://$(PGUSER):$(PGPASSWORD)@$(PGHOST):5432/$(PGDB)"},{"name":"INDEXD_PASSWORD","valueFrom":{"secretKeyRef":{"key":"fence","name":"indexd-service-creds"}}},{"name":"gen3Env","valueFrom":{"configMapKeyRef":{"key":"hostname","name":"manifest-global"}}}]` | Environment variables to pass to the container | | externalSecrets | map | `{"createK8sFenceConfigSecret":false,"createK8sGoogleAppSecrets":false,"createK8sJwtKeysSecret":false,"dbcreds":null,"fenceConfig":null,"fenceGoogleAppCredsSecret":null,"fenceGoogleStorageCredsSecret":null,"fenceJwtKeys":null}` | External Secrets settings. | | externalSecrets.createK8sFenceConfigSecret | string | `false` | Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | @@ -108,7 +105,6 @@ A Helm chart for gen3 Fence | global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | | global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | | global.aws.useLocalSecret.localSecretNamespace | string | `nil` | Namespace of the local secret. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -116,6 +112,7 @@ A Helm chart for gen3 Fence | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 3139a243..cc4b48f9 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -4,9 +4,6 @@ metadata: name: fence-deployment labels: {{- include "fence.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "fence.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "fence.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: enableServiceLinks: false serviceAccountName: {{ include "fence.serviceAccountName" . }} @@ -67,9 +64,6 @@ spec: fi bash /fence/dockerrun.bash && if [[ -f /dockerrun.sh ]]; then bash /dockerrun.sh; fi env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- toYaml .Values.env | nindent 12 }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 1adc7927..4c6932a4 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -65,8 +65,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -502,14 +502,6 @@ selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 - logo: privacy_policy: projects: diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 69ce52da..38c7a43d 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.13 + version: 0.1.14 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 27d8eeca..a54f0cae 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.13 | +| file://../common | common | 0.1.14 | ## Values @@ -29,21 +29,18 @@ A Helm chart for the gen3 frontend framework | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `false` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `false` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[]` | List of environment variables to add to the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"ddEnabled":false,"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","grafanaEnabled":false,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 67699b85..5e927686 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: frontend-framework-deployment labels: {{- include "frontend-framework.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: selector: matchLabels: @@ -18,15 +15,15 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "frontend-framework.selectorLabels" . | nindent 8 }} public: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -67,9 +64,6 @@ spec: name: {{ include "frontend-framework.fullname" . }}-configmap optional: true env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: HOSTNAME value: revproxy-service {{- if eq "portal" .Values.global.frontendRoot }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index c69fc102..8018a1a5 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: 10 - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 @@ -191,11 +191,3 @@ partOf: "Front-End" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: false -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: false -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index f893dc62..e962b42d 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -25,7 +25,7 @@ dependencies: repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.13 + version: 0.1.14 repository: file://../common - name: etl version: 0.1.1 @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.40 +version: 0.1.41 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 309c628d..94ba6e21 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.40](https://img.shields.io/badge/Version-0.1.40-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.41](https://img.shields.io/badge/Version-0.1.41-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -23,7 +23,7 @@ Helm chart to deploy Gen3 Data Commons | file://../argo-wrapper | argo-wrapper | 0.1.7 | | file://../audit | audit | 0.1.12 | | file://../aws-es-proxy | aws-es-proxy | 0.1.9 | -| file://../common | common | 0.1.13 | +| file://../common | common | 0.1.14 | | file://../etl | etl | 0.1.1 | | file://../fence | fence | 0.1.21 | | file://../frontend-framework | frontend-framework | 0.1.2 | @@ -92,7 +92,6 @@ Helm chart to deploy Gen3 Data Commons | global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | | global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | | global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -101,6 +100,7 @@ Helm chart to deploy Gen3 Data Commons | global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index e5f528b2..bcd0d15d 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -64,8 +64,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (map) If you would like to add any extra values to the manifest-global configmap. manifestGlobalExtraValues: {} # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index 20bd0f26..dd539db1 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.11 + version: 0.1.14 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index fa5fa0e5..d9f63344 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.11 | +| file://../common | common | 0.1.14 | ## Values @@ -33,9 +33,6 @@ A Helm chart for gen3 Guppy Service | configIndex | string | `"dev_case-array-config"` | The Elasticsearch configuration index | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dbRestore | bool | `false` | Whether or not to restore elasticsearch indices from a snapshot in s3 | | enableEncryptWhitelist | bool | `true` | Whether or not to enable encryption for specified fields | | encryptWhitelist | string | `"test1"` | A comma-separated list of fields to encrypt | @@ -44,11 +41,11 @@ A Helm chart for gen3 Guppy Service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index 552f9063..aa162c7f 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: guppy-deployment labels: {{- include "guppy.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -26,8 +23,9 @@ spec: # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -57,9 +55,6 @@ spec: ports: - containerPort: 8000 env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: GUPPY_PORT value: "8000" - name: GUPPY_CONFIG_FILEPATH diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 054e4734..6fda95ed 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -55,8 +55,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -213,10 +213,3 @@ selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 8e4c05c1..126d1bc7 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 3ebadfc2..be6baf3f 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -22,20 +22,17 @@ A Helm chart for gen3 Hatchery | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"HTTP_PORT","value":"8000"},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to pass to the container | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index 4e9401e2..e0b912bb 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: hatchery-deployment labels: {{- include "hatchery.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "hatchery.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "hatchery.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -56,9 +53,6 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- toYaml .Values.env | nindent 12 }} - name: GEN3_ENDPOINT value: {{ .Values.global.hostname }} diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 739f9457..8b5860df 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -215,12 +215,4 @@ partOf: "Workspace-Tab" # -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl -commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 +commonLabels: \ No newline at end of file diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 19e78126..b5879156 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 8d7057cb..ef08ef09 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -22,9 +22,6 @@ A Helm chart for gen3 indexd | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | defaultPrefix | string | `"PREFIX/"` | default prefix for indexd | | env | list | `[{"name":"ARBORIST","value":"true"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | externalSecrets | map | `{"createK8sServiceCredsSecret":false,"dbcreds":null,"serviceCreds":"indexd-service-creds"}` | External Secrets settings. | @@ -35,7 +32,6 @@ A Helm chart for gen3 indexd | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -43,6 +39,7 @@ A Helm chart for gen3 indexd | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index 497d4f45..88bd89f2 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: indexd-deployment labels: {{- include "indexd.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "indexd.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "indexd.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -44,9 +41,6 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: PGHOST valueFrom: secretKeyRef: diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 8c64335d..50bafa32 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -55,8 +55,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -244,11 +244,3 @@ partOf: "S3-GS" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 382e0165..66288065 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 11fc1f39..191c9850 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -29,9 +29,6 @@ A Helm chart for Kubernetes | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `[{"name":"REQUESTS_CA_BUNDLE","value":"/etc/ssl/certs/ca-certificates.crt"},{"name":"MANIFEST_SERVICE_CONFIG_PATH","value":"/var/gen3/config/config.json"},{"name":"GEN3_DEBUG","value":"False"}]` | Environment variables to pass to the container | | externalSecrets | map | `{"createK8sManifestServiceSecret":false,"manifestserviceG3auto":null}` | External Secrets settings. | | externalSecrets.createK8sManifestServiceSecret | string | `false` | Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | @@ -40,11 +37,11 @@ A Helm chart for Kubernetes | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":""}` | Docker image information. | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 6923a5c0..6b2383ad 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: manifestservice-deployment labels: {{- include "manifestservice.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -24,8 +21,9 @@ spec: s3: "yes" public: "yes" userhelper: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -41,9 +39,6 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- toYaml .Values.env | nindent 12 }} volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 09cd04f3..16e018a6 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -15,8 +15,8 @@ global: awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -179,10 +179,3 @@ selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index d38d06e5..6b4ce861 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index c9553ba9..b32f3df5 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.17.1 | @@ -35,9 +35,6 @@ A Helm chart for gen3 Metadata Service | command | list | `["/bin/sh"]` | Command to run for the init container. | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | debug | bool | `false` | | | elasticsearch.clusterName | string | `"gen3-elasticsearch"` | | | elasticsearch.esConfig."elasticsearch.yml" | string | `"# Here we can add elasticsearch config\n"` | | @@ -54,7 +51,6 @@ A Helm chart for gen3 Metadata Service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -62,6 +58,7 @@ A Helm chart for gen3 Metadata Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index d0723397..1c296719 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: metadata-deployment labels: {{- include "metadata.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -27,8 +24,9 @@ spec: netnolimit: 'yes' public: 'yes' userhelper: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -52,9 +50,6 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: GEN3_DEBUG value: "False" - name: GEN3_ES_ENDPOINT diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index d3953808..c24e6fbb 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -335,14 +335,6 @@ selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 - elasticsearch: separate: false clusterName: gen3-elasticsearch diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 10f79b5d..e190277b 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8d9884c5..3642c82f 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -24,9 +24,6 @@ A Helm chart for gen3 Peregrine service | autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | env | list | `nil` | Environment variables to pass to the container | | externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | @@ -35,7 +32,6 @@ A Helm chart for gen3 Peregrine service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -43,6 +39,7 @@ A Helm chart for gen3 Peregrine service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index e554be55..a0214741 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: peregrine-deployment labels: {{- include "peregrine.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,15 +13,15 @@ spec: {{- include "peregrine.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "peregrine.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.volumes }} volumes: @@ -44,9 +41,6 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: FENCE_DB_USER valueFrom: secretKeyRef: diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 46086658..b0122736 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -50,8 +50,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -222,11 +222,3 @@ partOf: "Core-Service" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index be9c2086..0a535a12 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 21914338..522b1c49 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 6141c5e5..249f13c6 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index af2b96ea..7ff22650 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -29,9 +29,6 @@ A Helm chart for gen3 data-portal | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | extraImages | map | `nil` | Extra images to be mounted in the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | @@ -44,12 +41,12 @@ A Helm chart for gen3 data-portal | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 9fb7d09f..c42151c7 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: portal-deployment labels: {{- include "portal.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -19,16 +16,16 @@ spec: {{- toYaml .Values.strategy | nindent 8 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "portal.selectorLabels" . | nindent 8 }} public: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: {{- with .Values.affinity }} affinity: @@ -103,9 +100,6 @@ spec: # - /bin/bash # - ./dockerStart.sh env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: HOSTNAME value: revproxy-service # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 7e0c6723..db4068fb 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -54,8 +54,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -195,15 +195,6 @@ selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 - - # -- (map) Extra images to be mounted in the deployment. extraImages: # - url: https://raw.githubusercontent.com/uc-cdis/gen3-helm/master/docs/images/gen3-blue-dark.png diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index e0c06a88..5244fd6c 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -26,7 +26,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 85792b12..031f1af7 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -33,9 +33,6 @@ A Helm chart for gen3 Requestor Service | command | list | `["/bin/sh"]` | Command to run for the init container. | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | global.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | @@ -43,7 +40,6 @@ A Helm chart for gen3 Requestor Service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -51,6 +47,7 @@ A Helm chart for gen3 Requestor Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 24876c59..431070fe 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: requestor-deployment labels: {{- include "requestor.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -27,8 +24,9 @@ spec: netnolimit: 'yes' public: 'yes' dbrequestor: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -109,9 +107,6 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: DB_PORT value: "5432" - name: DB_HOST diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 1a060975..22e06c09 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -67,8 +67,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -247,11 +247,3 @@ partOf: "Authentication" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 49401320..85531fe6 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.11 + version: 0.1.14 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 53a75103..871af0be 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.11 | +| file://../common | common | 0.1.14 | ## Values @@ -22,9 +22,6 @@ A Helm chart for gen3 revproxy | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"wafv2":{"enabled":false,"wafAclArn":null}}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | @@ -33,11 +30,11 @@ A Helm chart for gen3 revproxy | global.aws.wafv2 | map | `{"enabled":false,"wafAclArn":null}` | WAF configuration | | global.aws.wafv2.enabled | bool | `false` | Set to true if using AWS WAFv2 | | global.aws.wafv2.wafAclArn | string | `nil` | ARN for the WAFv2 ACL. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 7be59ba4..654f74cd 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: revproxy-deployment labels: {{- include "revproxy.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} annotations: gen3.io/network-ingress: "portal,sowerjob" spec: @@ -23,15 +20,15 @@ spec: {{- end }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "revproxy.selectorLabels" . | nindent 8 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} {{- if .Values.userhelperEnabled }} userhelper: "yes" {{- end}} @@ -83,9 +80,6 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: POD_NAMESPACE valueFrom: fieldRef: diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 44d0f3ed..d450804e 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -64,8 +64,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -233,11 +233,3 @@ partOf: "Front-End" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index ea4bcc32..fbaa346b 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index afbdd189..9a201fd2 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -33,9 +33,6 @@ A Helm chart for gen3 Sheepdog Service | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | @@ -44,7 +41,6 @@ A Helm chart for gen3 Sheepdog Service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -52,6 +48,7 @@ A Helm chart for gen3 Sheepdog Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index d56beb93..a92d2b2c 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -8,9 +8,6 @@ metadata: {{- end }} labels: {{- include "sheepdog.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -31,8 +28,9 @@ spec: netnolimit: 'yes' public: 'yes' s3: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: {{- with .Values.affinity }} @@ -51,9 +49,6 @@ spec: - name: sheepdog-init image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - name: DICTIONARY_URL value: {{ .Values.dictionaryUrl }} - name: PGHOST diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 59b0841f..7f1b9a52 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -230,11 +230,3 @@ partOf: "Core-Service" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index a48e3910..a428ef00 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 9644ad2e..cd09e63f 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -40,7 +40,6 @@ A Helm chart for gen3 sower | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -48,6 +47,7 @@ A Helm chart for gen3 sower | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index 879a74a0..624eb38e 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -19,6 +19,10 @@ spec: {{- include "sower.selectorLabels" . | nindent 8 }} public: "yes" netnolimit: "yes" + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} spec: {{- with .Values.affinity }} affinity: diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 48f36db2..37df3fbf 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index ac668287..2a0aa0b5 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 3bb1ab0a..baa86e25 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | ## Values @@ -31,9 +31,6 @@ A Helm chart for gen3 ssjdispatcher | awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | @@ -41,11 +38,11 @@ A Helm chart for gen3 ssjdispatcher | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index 2f0f86b9..c6266ea2 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: ssjdispatcher labels: {{- include "ssjdispatcher.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} spec: selector: matchLabels: @@ -20,8 +17,9 @@ spec: {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} netnolimit: "yes" public: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} + annotations: + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: securityContext: @@ -41,9 +39,6 @@ spec: volumeMounts: {{- toYaml .Values.volumeMounts | nindent 12 }} env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} {{- with .Values.awsRegion }} - name: AWS_REGION value: {{ . }} diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index 74ed990b..fdaf9dbe 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -238,11 +238,3 @@ partOf: "Workspace-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 6d9533e4..843b47dd 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.10 + version: 0.1.14 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index f755b799..d0b56bbe 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.10 | +| file://../common | common | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -23,9 +23,6 @@ A Helm chart for gen3 workspace token service | autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | | externalSecrets | map | `{"dbcreds":null}` | External Secrets settings. | | externalSecrets.dbcreds | string | `nil` | Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" | | fullnameOverride | string | `""` | Override the full name of the deployment. | @@ -33,7 +30,6 @@ A Helm chart for gen3 workspace token service | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | | global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | | global.dev | bool | `true` | Whether the deployment is for development purposes. | | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | @@ -41,6 +37,7 @@ A Helm chart for gen3 workspace token service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | +| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index e3f20dec..8c4736df 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -4,9 +4,6 @@ metadata: name: wts-deployment labels: {{- include "wts.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} annotations: gen3.io/network-ingress: "mariner" spec: @@ -25,18 +22,18 @@ spec: maxUnavailable: 0 template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.grafanaEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: {{- include "wts.selectorLabels" . | nindent 8 }} public: "yes" netnolimit: "yes" userhelper: "yes" - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} spec: affinity: podAntiAffinity: @@ -84,9 +81,6 @@ spec: path: /_status port: 80 env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 11 }} - {{- end }} - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index d4e10223..d30dc1ea 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -53,8 +53,8 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false + # -- (bool) Whether Grafana is enabled. + grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -245,11 +245,3 @@ partOf: "Authentication" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 From e3a8dc625b531fe0ab0fb71e1908986bd342fb59 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:18:44 -0600 Subject: [PATCH 208/279] updating gen3 helm chart dependencies --- helm/gen3/Chart.yaml | 40 ++++++++++++++++++++-------------------- helm/gen3/README.md | 40 ++++++++++++++++++++-------------------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e962b42d..16e4a9a3 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,23 +5,23 @@ description: Helm chart to deploy Gen3 Data Commons # Dependencies dependencies: - name: ambassador - version: 0.1.11 + version: 0.1.12 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.11 + version: 0.1.12 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.7 + version: 0.1.8 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.12 + version: 0.1.13 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.9 + version: 0.1.10 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common @@ -32,35 +32,35 @@ dependencies: repository: file://../etl condition: etl.enabled - name: frontend-framework - version: 0.1.2 + version: 0.1.3 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.21 + version: 0.1.22 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.12 + version: 0.1.13 repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.9 + version: 0.1.10 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.14 + version: 0.1.15 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.14 + version: 0.1.15 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.12 + version: 0.1.13 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.13 + version: 0.1.14 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin @@ -68,31 +68,31 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.15 + version: 0.1.16 repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.11 + version: 0.1.12 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.16 + version: 0.1.17 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.14 + version: 0.1.15 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.9 + version: 0.1.10 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.11 + version: 0.1.12 condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.13 + version: 0.1.14 repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 94ba6e21..ae0afbf1 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,30 +18,30 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.11 | -| file://../arborist | arborist | 0.1.11 | -| file://../argo-wrapper | argo-wrapper | 0.1.7 | -| file://../audit | audit | 0.1.12 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.9 | +| file://../ambassador | ambassador | 0.1.12 | +| file://../arborist | arborist | 0.1.12 | +| file://../argo-wrapper | argo-wrapper | 0.1.8 | +| file://../audit | audit | 0.1.13 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.10 | | file://../common | common | 0.1.14 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.21 | -| file://../frontend-framework | frontend-framework | 0.1.2 | -| file://../guppy | guppy | 0.1.12 | -| file://../hatchery | hatchery | 0.1.9 | -| file://../indexd | indexd | 0.1.14 | -| file://../manifestservice | manifestservice | 0.1.14 | -| file://../metadata | metadata | 0.1.12 | +| file://../fence | fence | 0.1.22 | +| file://../frontend-framework | frontend-framework | 0.1.3 | +| file://../guppy | guppy | 0.1.13 | +| file://../hatchery | hatchery | 0.1.10 | +| file://../indexd | indexd | 0.1.15 | +| file://../manifestservice | manifestservice | 0.1.15 | +| file://../metadata | metadata | 0.1.13 | | file://../neuvector | neuvector | 0.1.0 | -| file://../peregrine | peregrine | 0.1.13 | +| file://../peregrine | peregrine | 0.1.14 | | file://../pidgin | pidgin | 0.1.10 | -| file://../portal | portal | 0.1.15 | -| file://../requestor | requestor | 0.1.11 | -| file://../revproxy | revproxy | 0.1.16 | -| file://../sheepdog | sheepdog | 0.1.14 | -| file://../sower | sower | 0.1.11 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.9 | -| file://../wts | wts | 0.1.13 | +| file://../portal | portal | 0.1.16 | +| file://../requestor | requestor | 0.1.12 | +| file://../revproxy | revproxy | 0.1.17 | +| file://../sheepdog | sheepdog | 0.1.15 | +| file://../sower | sower | 0.1.12 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.10 | +| file://../wts | wts | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | From d1a93c0d4262e67eab741f8a2aa9b04f78171691 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:22:25 -0600 Subject: [PATCH 209/279] updating chart dependency --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 16e4a9a3..e108c0f0 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -64,7 +64,7 @@ dependencies: repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin - version: 0.1.10 + version: 0.1.11 repository: "file://../pidgin" condition: pidgin.enabled - name: portal diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ae0afbf1..e85672b3 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -34,7 +34,7 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.13 | | file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.14 | -| file://../pidgin | pidgin | 0.1.10 | +| file://../pidgin | pidgin | 0.1.11 | | file://../portal | portal | 0.1.16 | | file://../requestor | requestor | 0.1.12 | | file://../revproxy | revproxy | 0.1.17 | From ef2af0f8647daf59087a1d47be0330a8fa4902cf Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 29 Aug 2024 12:27:44 -0600 Subject: [PATCH 210/279] fix values blank lines --- helm/guppy/values.yaml | 1 - helm/hatchery/values.yaml | 2 +- helm/manifestservice/values.yaml | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 6fda95ed..a29d8c01 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -212,4 +212,3 @@ partOf: "Explorer-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 8b5860df..2c96fd36 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -215,4 +215,4 @@ partOf: "Workspace-Tab" # -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl -commonLabels: \ No newline at end of file +commonLabels: diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 16e018a6..2840c569 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -178,4 +178,3 @@ partOf: "Workspace-tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: - From 3d957c473f517468a6ffdde4282bb32a80ee5061 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 29 Aug 2024 15:13:00 -0500 Subject: [PATCH 211/279] Add extra labels to deployments --- helm/ambassador/templates/deployment.yaml | 1 + helm/arborist/templates/deployment.yaml | 1 + helm/argo-wrapper/templates/deployment.yaml | 1 + helm/audit/templates/deployment.yaml | 1 + helm/aws-es-proxy/templates/deployment.yaml | 1 + helm/common/templates/_labels_setup.tpl | 10 +++++++++- helm/dicom-server/templates/deployment.yaml | 1 + helm/dicom-viewer/templates/deployment.yaml | 1 + helm/fence/templates/fence-deployment.yaml | 1 + helm/frontend-framework/templates/deployment.yaml | 1 + helm/guppy/templates/deployment.yaml | 1 + helm/hatchery/templates/deployment.yaml | 1 + helm/indexd/templates/deployment.yaml | 1 + helm/manifestservice/templates/deployment.yaml | 1 + helm/metadata/templates/deployment.yaml | 1 + helm/peregrine/templates/deployment.yaml | 1 + helm/pidgin/templates/deployment.yaml | 1 + helm/portal/templates/deployment.yaml | 1 + helm/requestor/templates/deployment.yaml | 1 + helm/revproxy/templates/deployment.yaml | 1 + helm/sheepdog/templates/deployment.yaml | 1 + helm/sower/templates/deployment.yaml | 2 ++ helm/ssjdispatcher/templates/deployment.yaml | 2 ++ helm/wts/templates/deployment.yaml | 1 + wip/acronymbot/templates/deployment.yaml | 1 + wip/cogwheel/templates/deployment.yaml | 1 + 26 files changed, 36 insertions(+), 1 deletion(-) diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index 48866872..e9043a46 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "ambassador.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: affinity: podAntiAffinity: diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index d5b9a42a..f8f361a5 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "arborist.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: {{- with .Values.volumes }} volumes: diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index c35b4cbc..45e5ec6c 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -24,6 +24,7 @@ spec: metadata: labels: {{- include "argo-wrapper.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index ccb5c732..d2be0972 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "audit.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: serviceAccountName: {{ include "audit.serviceAccountName" . }} volumes: diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index fc486629..c73793c1 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -24,6 +24,7 @@ spec: metadata: labels: {{- include "aws-es-proxy.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} netvpc: "yes" annotations: {{- if .Values.global.grafanaEnabled }} diff --git a/helm/common/templates/_labels_setup.tpl b/helm/common/templates/_labels_setup.tpl index 614ad1e0..a012a32e 100644 --- a/helm/common/templates/_labels_setup.tpl +++ b/helm/common/templates/_labels_setup.tpl @@ -28,7 +28,6 @@ release: "dev" {{- define "common.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ .Release.Name }} -hostname: {{ .Values.global.hostname }} app: {{ .Chart.Name }} {{- if eq .Values.release "production"}} release: "production" @@ -37,6 +36,15 @@ release: "dev" {{- end }} {{- end }} +{{- define "common.extraLabels" -}} +hostname: {{ .Values.global.hostname }} +{{- if .Values.extraLabels }} + {{- with .Values.extraLabels }} + {{- toYaml . }} + {{- end }} +{{- end }} +{{- end }} + {{- define "common.grafanaAnnotations" -}} prometheus.io/path: /metrics prometheus.io/scrape: "true" diff --git a/helm/dicom-server/templates/deployment.yaml b/helm/dicom-server/templates/deployment.yaml index dddd38c7..27f4b00f 100644 --- a/helm/dicom-server/templates/deployment.yaml +++ b/helm/dicom-server/templates/deployment.yaml @@ -21,6 +21,7 @@ spec: metadata: labels: {{- include "dicom-server.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: {{- if .Values.global.grafanaEnabled }} diff --git a/helm/dicom-viewer/templates/deployment.yaml b/helm/dicom-viewer/templates/deployment.yaml index 91da07a0..997a7394 100644 --- a/helm/dicom-viewer/templates/deployment.yaml +++ b/helm/dicom-viewer/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: metadata: labels: {{- include "dicom-viewer.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: {{- if .Values.global.grafanaEnabled }} diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index cc4b48f9..7cedc75e 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "fence.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: enableServiceLinks: false serviceAccountName: {{ include "fence.serviceAccountName" . }} diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 5e927686..f5cf096d 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: {{- end }} labels: {{- include "frontend-framework.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" spec: {{- with .Values.affinity }} diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index aa162c7f..56bf0814 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: metadata: labels: {{- include "guppy.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index e0b912bb..72793850 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "hatchery.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index 88bd89f2..e58b7b50 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "indexd.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: {{- with .Values.volumes }} volumes: diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 6b2383ad..be8af14d 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -18,6 +18,7 @@ spec: metadata: labels: {{- include "manifestservice.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} s3: "yes" public: "yes" userhelper: "yes" diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index 1c296719..31ea5349 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: metadata: labels: {{- include "metadata.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index a0214741..3e301605 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -22,6 +22,7 @@ spec: {{- end }} labels: {{- include "peregrine.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: {{- with .Values.volumes }} volumes: diff --git a/helm/pidgin/templates/deployment.yaml b/helm/pidgin/templates/deployment.yaml index 90d52d48..d58bed77 100644 --- a/helm/pidgin/templates/deployment.yaml +++ b/helm/pidgin/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: metadata: labels: {{- include "pidgin.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index c42151c7..58d3a0f6 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: {{- end }} labels: {{- include "portal.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" spec: {{- with .Values.affinity }} diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 431070fe..9c52122a 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: metadata: labels: {{- include "requestor.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 654f74cd..ca1002e4 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: {{- end }} labels: {{- include "revproxy.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} {{- if .Values.userhelperEnabled }} userhelper: "yes" {{- end}} diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index a92d2b2c..4dd2eea5 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -24,6 +24,7 @@ spec: metadata: labels: {{- include "sheepdog.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} # gen3 networkpolicy labels netnolimit: 'yes' public: 'yes' diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index 624eb38e..aef08c8e 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -10,6 +10,7 @@ spec: selector: matchLabels: {{- include "sower.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} revisionHistoryLimit: 2 strategy: {{- toYaml .Values.strategy | nindent 8 }} @@ -17,6 +18,7 @@ spec: metadata: labels: {{- include "sower.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" netnolimit: "yes" annotations: diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index c6266ea2..7dbfbe41 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -8,6 +8,7 @@ spec: selector: matchLabels: {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} revisionHistoryLimit: 2 strategy: {{- toYaml .Values.strategy | nindent 8 }} @@ -15,6 +16,7 @@ spec: metadata: labels: {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} netnolimit: "yes" public: "yes" annotations: diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 8c4736df..2d11cab7 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -31,6 +31,7 @@ spec: {{- end }} labels: {{- include "wts.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} public: "yes" netnolimit: "yes" userhelper: "yes" diff --git a/wip/acronymbot/templates/deployment.yaml b/wip/acronymbot/templates/deployment.yaml index 3fb80685..89092910 100644 --- a/wip/acronymbot/templates/deployment.yaml +++ b/wip/acronymbot/templates/deployment.yaml @@ -27,6 +27,7 @@ spec: labels: app: acronymbot {{- include "acronymbot.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/wip/cogwheel/templates/deployment.yaml b/wip/cogwheel/templates/deployment.yaml index 5a422dff..53a93deb 100644 --- a/wip/cogwheel/templates/deployment.yaml +++ b/wip/cogwheel/templates/deployment.yaml @@ -19,6 +19,7 @@ spec: {{- end }} labels: {{- include "cogwheel.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: volumes: {{- with .Values.volumes }} From c498ff86e58210779f276695118773a9ad752183 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 4 Sep 2024 08:40:20 -0600 Subject: [PATCH 212/279] making the grafanaEnabled value not a global value so we can have more granularity when enabling it. --- .secrets.baseline | 24 +++++++++---------- helm/ambassador/README.md | 2 +- helm/ambassador/templates/deployment.yaml | 2 +- helm/ambassador/values.yaml | 5 ++-- helm/arborist/README.md | 2 +- helm/arborist/templates/deployment.yaml | 2 +- helm/arborist/values.yaml | 5 ++-- helm/argo-wrapper/README.md | 2 +- helm/argo-wrapper/templates/deployment.yaml | 2 +- helm/argo-wrapper/values.yaml | 5 ++-- helm/audit/README.md | 2 +- helm/audit/templates/deployment.yaml | 2 +- helm/audit/values.yaml | 5 ++-- helm/aws-es-proxy/README.md | 2 +- helm/aws-es-proxy/templates/deployment.yaml | 2 +- helm/aws-es-proxy/values.yaml | 5 ++-- helm/dicom-server/README.md | 2 +- helm/dicom-server/templates/deployment.yaml | 2 +- helm/dicom-server/values.yaml | 5 ++-- helm/dicom-viewer/README.md | 2 +- helm/dicom-viewer/templates/deployment.yaml | 2 +- helm/dicom-viewer/values.yaml | 5 ++-- helm/fence/README.md | 2 +- helm/fence/templates/fence-deployment.yaml | 2 +- helm/fence/values.yaml | 5 ++-- helm/frontend-framework/README.md | 4 ++-- .../templates/deployment.yaml | 2 +- helm/frontend-framework/values.yaml | 5 ++-- helm/guppy/README.md | 2 +- helm/guppy/templates/deployment.yaml | 2 +- helm/guppy/values.yaml | 5 ++-- helm/hatchery/README.md | 2 +- helm/hatchery/templates/deployment.yaml | 2 +- helm/hatchery/values.yaml | 5 ++-- helm/indexd/README.md | 2 +- helm/indexd/templates/deployment.yaml | 2 +- helm/indexd/values.yaml | 5 ++-- helm/manifestservice/README.md | 2 +- .../manifestservice/templates/deployment.yaml | 2 +- helm/manifestservice/values.yaml | 5 ++-- helm/metadata/README.md | 2 +- helm/metadata/templates/deployment.yaml | 2 +- helm/metadata/values.yaml | 5 ++-- helm/peregrine/README.md | 2 +- helm/peregrine/templates/deployment.yaml | 2 +- helm/peregrine/values.yaml | 5 ++-- helm/portal/README.md | 2 +- helm/portal/templates/deployment.yaml | 2 +- helm/portal/values.yaml | 5 ++-- helm/requestor/README.md | 2 +- helm/requestor/templates/deployment.yaml | 2 +- helm/requestor/values.yaml | 5 ++-- helm/revproxy/README.md | 2 +- helm/revproxy/templates/deployment.yaml | 2 +- helm/revproxy/values.yaml | 5 ++-- helm/sheepdog/README.md | 2 +- helm/sheepdog/templates/deployment.yaml | 2 +- helm/sheepdog/values.yaml | 5 ++-- helm/sower/README.md | 2 +- helm/sower/templates/deployment.yaml | 2 +- helm/sower/values.yaml | 5 ++-- helm/ssjdispatcher/README.md | 2 +- helm/ssjdispatcher/templates/deployment.yaml | 2 +- helm/ssjdispatcher/values.yaml | 5 ++-- helm/wts/README.md | 2 +- helm/wts/templates/deployment.yaml | 2 +- helm/wts/values.yaml | 5 ++-- 67 files changed, 123 insertions(+), 101 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 8a860132..dc77ee06 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-08-29T17:51:56Z", + "generated_at": "2024-09-04T14:39:52Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -163,7 +163,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 62, + "line_number": 61, "type": "Secret Keyword" }, { @@ -220,7 +220,7 @@ "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_secret": false, "is_verified": false, - "line_number": 80, + "line_number": 81, "type": "Secret Keyword" } ], @@ -243,7 +243,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 125, + "line_number": 124, "type": "Secret Keyword" }, { @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1955, + "line_number": 1956, "type": "Secret Keyword" } ], @@ -396,7 +396,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 189, + "line_number": 190, "type": "Secret Keyword" } ], @@ -492,7 +492,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 51, "type": "Secret Keyword" }, { @@ -563,7 +563,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 59, + "line_number": 58, "type": "Secret Keyword" } ], @@ -571,13 +571,13 @@ { "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 471, + "line_number": 472, "type": "Base64 High Entropy String" }, { "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 474, + "line_number": 475, "type": "Base64 High Entropy String" } ], @@ -586,7 +586,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 60, "type": "Secret Keyword" }, { @@ -668,7 +668,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 57, "type": "Secret Keyword" } ], diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index b27aa25b..fd3c6475 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -24,9 +24,9 @@ A Helm chart for deploying ambassador for gen3 | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | fullnameOverride | string | `"ambassador-deployment"` | Override the full name of the deployment. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/datawire/ambassador","tag":"1.4.2"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/datawire/ambassador"` | Docker repository. | diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index e9043a46..618ebfc5 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index 420f9801..44e9f85c 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -5,8 +5,6 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -15,6 +13,9 @@ global: # -- (int) Number of replicas for the deployment. replicaCount: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) Docker image information. image: # -- (string) Docker repository. diff --git a/helm/arborist/README.md b/helm/arborist/README.md index cae81cba..8fbfab48 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -39,7 +39,6 @@ A Helm chart for gen3 arborist | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any arborist secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -57,6 +56,7 @@ A Helm chart for gen3 arborist | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/arborist","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/arborist"` | Docker repository. | diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index f8f361a5..36eeb59e 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index 6c50b706..d1908e9f 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -53,8 +53,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -66,6 +64,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index aa08fc77..6e965226 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -30,9 +30,9 @@ A Helm chart for gen3 Argo Wrapper Service | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | environment | string | `"default"` | Environment name. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/argo-wrapper"` | Docker repository. | diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index 45e5ec6c..ac9c578c 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index d2265ecb..834b2807 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -7,13 +7,14 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # Deployment # -- (map) Annotations to add to the pod. podAnnotations: {"gen3.io/network-ingress": "argo-wrapper"} diff --git a/helm/audit/README.md b/helm/audit/README.md index b0d92f5f..6b2e00c4 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -49,7 +49,6 @@ A Helm chart for Kubernetes | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -67,6 +66,7 @@ A Helm chart for Kubernetes | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/audit-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/audit-service"` | The Docker image repository for the audit service | diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index d2be0972..cbb29240 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 025298fa..cf0c6078 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -52,8 +52,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -65,6 +63,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "audit-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 4e1367b5..97d73795 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -32,9 +32,9 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/aws-es-proxy"` | Docker repository. | diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index c73793c1..03630299 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} netvpc: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index edc2b8ff..0d7bc4d2 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -15,8 +15,6 @@ global: awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -27,6 +25,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 17f87e0e..472462b5 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -22,9 +22,9 @@ A Helm chart for gen3 Dicom Server | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/gen3-orthanc"` | Docker repository. | diff --git a/helm/dicom-server/templates/deployment.yaml b/helm/dicom-server/templates/deployment.yaml index 27f4b00f..f175fc73 100644 --- a/helm/dicom-server/templates/deployment.yaml +++ b/helm/dicom-server/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index a4361072..24c76159 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -7,13 +7,14 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # Deployment # -- (map) Configuration for autoscaling the number of replicas diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 86d269ff..c90c22ae 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -22,9 +22,9 @@ A Helm chart for gen3 Dicom Viewer | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ohif-viewer","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ohif-viewer"` | Docker repository. | diff --git a/helm/dicom-viewer/templates/deployment.yaml b/helm/dicom-viewer/templates/deployment.yaml index 997a7394..9fbfb0a2 100644 --- a/helm/dicom-viewer/templates/deployment.yaml +++ b/helm/dicom-viewer/templates/deployment.yaml @@ -23,7 +23,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 10fc893f..5264ce5e 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -7,13 +7,14 @@ global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # Deployment # -- (map) Configuration for autoscaling the number of replicas diff --git a/helm/fence/README.md b/helm/fence/README.md index d305c867..ca216868 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -112,7 +112,6 @@ A Helm chart for gen3 Fence | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any fence secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -132,6 +131,7 @@ A Helm chart for gen3 Fence | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 7cedc75e..c185b94f 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 4c6932a4..79026afa 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -65,8 +65,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -78,6 +76,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "fence-config" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index a54f0cae..cf2de3f8 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -31,7 +31,7 @@ A Helm chart for the gen3 frontend framework | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | env | list | `[]` | List of environment variables to add to the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","grafanaEnabled":false,"hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -40,7 +40,6 @@ A Helm chart for the gen3 frontend framework | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `10` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -58,6 +57,7 @@ A Helm chart for the gen3 frontend framework | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/frontend-framework"` | Docker repository. | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index f5cf096d..40a05237 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -15,7 +15,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} {{- with .Values.podAnnotations }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 8018a1a5..ffefdfae 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -53,8 +53,9 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: 10 - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false + +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/guppy/README.md b/helm/guppy/README.md index d9f63344..5fcb6134 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -45,7 +45,6 @@ A Helm chart for gen3 Guppy Service | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -64,6 +63,7 @@ A Helm chart for gen3 Guppy Service | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index 56bf0814..381b6d9e 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index a29d8c01..c2f2844b 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -55,13 +55,14 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) Configuration for autoscaling the number of replicas autoscaling: # -- (bool) Whether autoscaling is enabled diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index be6baf3f..0f9d5c08 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -32,7 +32,6 @@ A Helm chart for gen3 Hatchery | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -50,6 +49,7 @@ A Helm chart for gen3 Hatchery | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index 72793850..b1c322a3 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 2c96fd36..675e7bb3 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -53,13 +53,14 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index ef08ef09..60305284 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -39,7 +39,6 @@ A Helm chart for gen3 indexd | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -58,6 +57,7 @@ A Helm chart for gen3 indexd | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/indexd"` | The Docker image repository for the indexd service | diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index e58b7b50..d432e51e 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 50bafa32..97b8ba02 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -55,8 +55,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -68,6 +66,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "indexd-service-creds" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 191c9850..c96f7b12 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -41,9 +41,9 @@ A Helm chart for Kubernetes | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/manifestservice"` | Docker repository. | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index be8af14d..d140e8fd 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -23,7 +23,7 @@ spec: public: "yes" userhelper: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index 2840c569..a7d88919 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -15,8 +15,6 @@ global: awsSecretAccessKey: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. environment: default - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -28,6 +26,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/metadata/README.md b/helm/metadata/README.md index b32f3df5..8b345e0a 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -58,7 +58,6 @@ A Helm chart for gen3 Metadata Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any metadata secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -76,6 +75,7 @@ A Helm chart for gen3 Metadata Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"feat_es-7"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/metadata-service"` | Docker repository. | diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index 31ea5349..188d0d9c 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: public: 'yes' userhelper: 'yes' annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index c24e6fbb..d3ff0c0d 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -53,8 +53,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -66,6 +64,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "metadata-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 3642c82f..d973d48e 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -39,7 +39,6 @@ A Helm chart for gen3 Peregrine service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any peregrine secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -56,6 +55,7 @@ A Helm chart for gen3 Peregrine service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/peregrine"` | The Docker image repository for the fence service | | image.tag | string | `"feat_jq-audience"` | Overrides the image tag whose default is the chart appVersion. | diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index 3e301605..73c38f2a 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index b0122736..487e3b14 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -50,8 +50,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -63,6 +61,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/portal/README.md b/helm/portal/README.md index 7ff22650..efa359bf 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -46,7 +46,6 @@ A Helm chart for gen3 data-portal | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -65,6 +64,7 @@ A Helm chart for gen3 data-portal | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 58d3a0f6..402ecf0b 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index db4068fb..77304c28 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -54,8 +54,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -63,6 +61,9 @@ global: # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. frontendRoot: "portal" +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 031f1af7..eef0c763 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -47,7 +47,6 @@ A Helm chart for gen3 Requestor Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any requestor secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -71,6 +70,7 @@ A Helm chart for gen3 Requestor Service | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | global.usersync | bool | `false` | Whether to run Fence usersync or not. | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/requestor","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/requestor"` | Docker repository. | diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 9c52122a..0f1018a5 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: public: 'yes' dbrequestor: 'yes' annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 22e06c09..ef15aa43 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -67,8 +67,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -80,6 +78,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 871af0be..03ff80b3 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -34,7 +34,6 @@ A Helm chart for gen3 revproxy | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -55,6 +54,7 @@ A Helm chart for gen3 revproxy | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.tls.cert | string | `nil` | | | global.tls.key | string | `nil` | | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index ca1002e4..3bd96748 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index d450804e..deb643f5 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -64,13 +64,14 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: # (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 9a201fd2..ed6ca4bb 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -48,7 +48,6 @@ A Helm chart for gen3 Sheepdog Service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sheepdog secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -66,6 +65,7 @@ A Helm chart for gen3 Sheepdog Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"bug_auth-audience"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index 4dd2eea5..1494a092 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: public: 'yes' s3: 'yes' annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 7f1b9a52..04b5c481 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -53,8 +53,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -66,6 +64,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" diff --git a/helm/sower/README.md b/helm/sower/README.md index cd09e63f..3dc6c3de 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -47,7 +47,6 @@ A Helm chart for gen3 sower | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -63,6 +62,7 @@ A Helm chart for gen3 sower | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index aef08c8e..e3c7487d 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: public: "yes" netnolimit: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 37df3fbf..6f7d04d6 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -53,8 +53,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (map) External Secrets settings. externalSecrets: # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. @@ -62,6 +60,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index baa86e25..7299bde3 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -42,7 +42,6 @@ A Helm chart for gen3 ssjdispatcher | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -60,6 +59,7 @@ A Helm chart for gen3 ssjdispatcher | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ssjdispatcher","tag":"2022.08"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ssjdispatcher"` | Docker repository. | diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index 7dbfbe41..6b34adde 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: netnolimit: "yes" public: "yes" annotations: - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index fdaf9dbe..fe09567a 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -53,13 +53,14 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/wts/README.md b/helm/wts/README.md index d0b56bbe..e5a0d838 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -37,7 +37,6 @@ A Helm chart for gen3 workspace token service | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any wts secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | @@ -55,6 +54,7 @@ A Helm chart for gen3 workspace token service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | hostname | string | `nil` | Hostname for the deployment. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/workspace-token-service","tag":"feat_wts_internalfence"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 2d11cab7..8a3f55a6 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.global.grafanaEnabled }} + {{- if .Values.grafanaEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index d30dc1ea..e986239a 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -53,8 +53,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. @@ -66,6 +64,9 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false +# -- (bool) Whether Grafana is enabled. +grafanaEnabled: false + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "Values.global.environment-.Chart.Name-creds" From 99c01c934567ae11ce16a4101861cba23325cc14 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Fri, 6 Sep 2024 09:16:28 -0600 Subject: [PATCH 213/279] changing grafanaEnabled to metricsEnabled for better organization --- .secrets.baseline | 26 +++++++++---------- helm/ambassador/README.md | 2 +- helm/ambassador/templates/deployment.yaml | 2 +- helm/ambassador/values.yaml | 4 +-- helm/arborist/README.md | 2 +- helm/arborist/templates/deployment.yaml | 2 +- helm/arborist/values.yaml | 4 +-- helm/argo-wrapper/README.md | 2 +- helm/argo-wrapper/templates/deployment.yaml | 2 +- helm/argo-wrapper/values.yaml | 4 +-- helm/audit/README.md | 2 +- helm/audit/templates/deployment.yaml | 2 +- helm/audit/values.yaml | 4 +-- helm/aws-es-proxy/README.md | 2 +- helm/aws-es-proxy/templates/deployment.yaml | 2 +- helm/aws-es-proxy/values.yaml | 4 +-- helm/dicom-server/README.md | 2 +- helm/dicom-server/templates/deployment.yaml | 2 +- helm/dicom-server/values.yaml | 4 +-- helm/dicom-viewer/README.md | 2 +- helm/dicom-viewer/templates/deployment.yaml | 2 +- helm/dicom-viewer/values.yaml | 4 +-- helm/fence/README.md | 2 +- helm/fence/templates/fence-deployment.yaml | 2 +- helm/fence/values.yaml | 4 +-- helm/frontend-framework/README.md | 2 +- .../templates/deployment.yaml | 2 +- helm/frontend-framework/values.yaml | 4 +-- helm/guppy/README.md | 2 +- helm/guppy/templates/deployment.yaml | 2 +- helm/guppy/values.yaml | 4 +-- helm/hatchery/README.md | 2 +- helm/hatchery/templates/deployment.yaml | 2 +- helm/hatchery/values.yaml | 4 +-- helm/indexd/README.md | 2 +- helm/indexd/templates/deployment.yaml | 2 +- helm/indexd/values.yaml | 4 +-- helm/manifestservice/README.md | 2 +- .../manifestservice/templates/deployment.yaml | 2 +- helm/manifestservice/values.yaml | 4 +-- helm/metadata/README.md | 2 +- helm/metadata/templates/deployment.yaml | 2 +- helm/metadata/values.yaml | 4 +-- helm/peregrine/README.md | 2 +- helm/peregrine/templates/deployment.yaml | 2 +- helm/peregrine/values.yaml | 4 +-- helm/portal/README.md | 2 +- helm/portal/templates/deployment.yaml | 2 +- helm/portal/values.yaml | 4 +-- helm/requestor/README.md | 2 +- helm/requestor/templates/deployment.yaml | 2 +- helm/requestor/values.yaml | 4 +-- helm/revproxy/README.md | 2 +- helm/revproxy/templates/deployment.yaml | 2 +- helm/revproxy/values.yaml | 4 +-- helm/sheepdog/README.md | 2 +- helm/sheepdog/templates/deployment.yaml | 2 +- helm/sheepdog/values.yaml | 4 +-- helm/sower/README.md | 2 +- helm/sower/templates/deployment.yaml | 2 +- helm/sower/values.yaml | 4 +-- helm/ssjdispatcher/README.md | 2 +- helm/ssjdispatcher/templates/deployment.yaml | 2 +- helm/ssjdispatcher/values.yaml | 4 +-- helm/wts/README.md | 2 +- helm/wts/templates/deployment.yaml | 2 +- helm/wts/values.yaml | 4 +-- 67 files changed, 101 insertions(+), 101 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index dc77ee06..dd73e482 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-09-04T14:39:52Z", + "generated_at": "2024-09-06T15:16:10Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -140,7 +140,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 51, "type": "Secret Keyword" }, { @@ -330,14 +330,14 @@ "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", "is_secret": false, "is_verified": false, - "line_number": 49, + "line_number": 48, "type": "Secret Keyword" }, { "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 51, + "line_number": 50, "type": "Secret Keyword" } ], @@ -371,7 +371,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 58, + "line_number": 57, "type": "Secret Keyword" } ], @@ -380,14 +380,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 45, + "line_number": 44, "type": "Secret Keyword" }, { "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", "is_secret": false, "is_verified": false, - "line_number": 53, + "line_number": 52, "type": "Secret Keyword" } ], @@ -412,7 +412,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 52, + "line_number": 51, "type": "Secret Keyword" }, { @@ -602,14 +602,14 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 46, "type": "Secret Keyword" }, { "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", "is_secret": false, "is_verified": false, - "line_number": 77, + "line_number": 74, "type": "Secret Keyword" } ], @@ -627,7 +627,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 61, + "line_number": 60, "type": "Secret Keyword" }, { @@ -711,7 +711,7 @@ "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", "is_secret": false, "is_verified": false, - "line_number": 218, + "line_number": 219, "type": "Secret Keyword" } ], @@ -720,7 +720,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 50, + "line_number": 49, "type": "Secret Keyword" }, { diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index fd3c6475..cc66f836 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -26,12 +26,12 @@ A Helm chart for deploying ambassador for gen3 | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/datawire/ambassador","tag":"1.4.2"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/datawire/ambassador"` | Docker repository. | | image.tag | string | `"1.4.2"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | | partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index 618ebfc5..8b2cb2d8 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml index 44e9f85c..3c6e1398 100644 --- a/helm/ambassador/values.yaml +++ b/helm/ambassador/values.yaml @@ -13,8 +13,8 @@ global: # -- (int) Number of replicas for the deployment. replicaCount: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) Docker image information. image: diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 8fbfab48..87670b6c 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -56,12 +56,12 @@ A Helm chart for gen3 arborist | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/arborist","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/arborist"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | | partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index 36eeb59e..4b31f3a5 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index d1908e9f..f49035ef 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -64,8 +64,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6e965226..0507e7fc 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -32,13 +32,13 @@ A Helm chart for gen3 Argo Wrapper Service | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/argo-wrapper"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | indexdAdminUser | string | `"fence"` | Admin user for Indexd. | | internalS3Bucket | string | `"argo-internal-bucket"` | Name of the internal Argo bucket for Argo artifacts (does not allow pre-signed URLs). | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Apps-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"argo-wrapper"}` | Annotations to add to the pod. | | pvc | string | `"test-pvc"` | PVC for Argo. | diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index ac9c578c..7f70f28a 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -29,7 +29,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index 834b2807..e0045f6d 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -12,8 +12,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # Deployment # -- (map) Annotations to add to the pod. diff --git a/helm/audit/README.md b/helm/audit/README.md index 6b2e00c4..c840cd72 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -66,7 +66,6 @@ A Helm chart for Kubernetes | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/audit-service","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/audit-service"` | The Docker image repository for the audit service | @@ -74,6 +73,7 @@ A Helm chart for Kubernetes | imagePullSecrets | list | `[]` | Docker image pull secrets. | | initEnv | list | `{}` | Volumes to attach to the init container. | | initVolumeMounts | list | `[]` | Volumes to mount to the init container. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. This can be used to provide a unique name for a chart | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Logging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index cbb29240..77c723da 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index cf0c6078..4e58d5aa 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -63,8 +63,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 97d73795..27fe4289 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -34,11 +34,11 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/aws-es-proxy"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `nil` | Annotations to add to the pod | | ports | list | `[{"containerPort":9200}]` | List of container ports | diff --git a/helm/aws-es-proxy/templates/deployment.yaml b/helm/aws-es-proxy/templates/deployment.yaml index 03630299..70c2ec12 100644 --- a/helm/aws-es-proxy/templates/deployment.yaml +++ b/helm/aws-es-proxy/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} netvpc: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index 0d7bc4d2..b053eb5e 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -25,8 +25,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 472462b5..644f3d32 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -24,11 +24,11 @@ A Helm chart for gen3 Dicom Server | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/gen3-orthanc"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Imaging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | diff --git a/helm/dicom-server/templates/deployment.yaml b/helm/dicom-server/templates/deployment.yaml index f175fc73..596285ca 100644 --- a/helm/dicom-server/templates/deployment.yaml +++ b/helm/dicom-server/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index 24c76159..7bd4413c 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -12,8 +12,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # Deployment diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index c90c22ae..141f8c65 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -24,11 +24,11 @@ A Helm chart for gen3 Dicom Viewer | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ohif-viewer","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ohif-viewer"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Imaging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | diff --git a/helm/dicom-viewer/templates/deployment.yaml b/helm/dicom-viewer/templates/deployment.yaml index 9fbfb0a2..bab4bbac 100644 --- a/helm/dicom-viewer/templates/deployment.yaml +++ b/helm/dicom-viewer/templates/deployment.yaml @@ -23,7 +23,7 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} public: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/dicom-viewer/values.yaml b/helm/dicom-viewer/values.yaml index 5264ce5e..7e3eb080 100644 --- a/helm/dicom-viewer/values.yaml +++ b/helm/dicom-viewer/values.yaml @@ -12,8 +12,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # Deployment diff --git a/helm/fence/README.md b/helm/fence/README.md index ca216868..30d682be 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -131,7 +131,6 @@ A Helm chart for gen3 Fence | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image.pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | | image.repository | string | `"quay.io/cdis/fence"` | The Docker image repository for the fence service | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | @@ -144,6 +143,7 @@ A Helm chart for gen3 Fence | labels.public | string | `"yes"` | Grants ingress from the revproxy service for pods labeled with public=yes | | labels.userhelper | string | `"yes"` | Grants ingress from pods in usercode namespaces for gen3 pods labeled with userhelper=yes | | logo | string | `nil` | | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index c185b94f..ba4ad72c 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 79026afa..026811a7 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -76,8 +76,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index cf2de3f8..9c86f89c 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -57,12 +57,12 @@ A Helm chart for the gen3 frontend framework | global.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/test/user.yaml"` | Path to the user.yaml file in S3. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/frontend-framework","tag":"develop"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/frontend-framework"` | Docker repository. | | image.tag | string | `"develop"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 40a05237..f1da90dd 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -15,7 +15,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} {{- with .Values.podAnnotations }} diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index ffefdfae..02f8d7b7 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -54,8 +54,8 @@ global: # -- (int) Number of dispatcher jobs. dispatcherJobNum: 10 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 5fcb6134..a6fb665e 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -63,12 +63,12 @@ A Helm chart for gen3 Guppy Service | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/guppy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/guppy"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | indices | list | `[{"index":"dev_case","type":"case"},{"index":"dev_file","type":"file"}]` | Elasticsearch index configurations | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index 381b6d9e..788b1760 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index c2f2844b..1f2ec669 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -60,8 +60,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) Configuration for autoscaling the number of replicas autoscaling: diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 0f9d5c08..74059ee6 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -49,7 +49,6 @@ A Helm chart for gen3 Hatchery | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | @@ -63,6 +62,7 @@ A Helm chart for gen3 Hatchery | image.repository | string | `"quay.io/cdis/hatchery"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | | partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index b1c322a3..4a22be93 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 675e7bb3..b1cd4c10 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -58,8 +58,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 60305284..17430159 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -57,12 +57,12 @@ A Helm chart for gen3 indexd | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/indexd","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/indexd"` | The Docker image repository for the indexd service | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"S3-GS"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index d432e51e..85656b54 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 97b8ba02..97b71d49 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -66,8 +66,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index c96f7b12..03d6d3c0 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -43,7 +43,6 @@ A Helm chart for Kubernetes | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/manifestservice","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/manifestservice"` | Docker repository. | @@ -53,6 +52,7 @@ A Helm chart for Kubernetes | manifestserviceG3auto.awssecretkey | string | `""` | AWS secret access key. | | manifestserviceG3auto.bucketName | string | `"testbucket"` | Bucket for the manifestservice to read and write to. | | manifestserviceG3auto.prefix | string | `"test"` | Directory name to use within the s3 bucket. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Workspace-tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index d140e8fd..7c2cee70 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -23,7 +23,7 @@ spec: public: "yes" userhelper: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/manifestservice/values.yaml b/helm/manifestservice/values.yaml index a7d88919..87578372 100644 --- a/helm/manifestservice/values.yaml +++ b/helm/manifestservice/values.yaml @@ -26,8 +26,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 8b345e0a..c81a3f00 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -75,7 +75,6 @@ A Helm chart for gen3 Metadata Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/metadata-service","tag":"feat_es-7"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/metadata-service"` | Docker repository. | @@ -86,6 +85,7 @@ A Helm chart for gen3 Metadata Service | initResources.limits.cpu | string | `0.8` | The maximum amount of CPU the container can use | | initResources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | | initVolumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"}]` | Volumes to mount to the init container. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Discovery-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index 188d0d9c..a8ec17ad 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: public: 'yes' userhelper: 'yes' annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index d3ff0c0d..97d13e7c 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -64,8 +64,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index d973d48e..0272b818 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -55,11 +55,11 @@ A Helm chart for gen3 Peregrine service | global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image.pullPolicy | string | `"IfNotPresent"` | When to pull the image. | | image.repository | string | `"quay.io/cdis/peregrine"` | The Docker image repository for the fence service | | image.tag | string | `"feat_jq-audience"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index 73c38f2a..978b5a68 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 487e3b14..79c488dd 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -61,8 +61,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/portal/README.md b/helm/portal/README.md index efa359bf..6b93faa1 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -64,12 +64,12 @@ A Helm chart for gen3 data-portal | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. | | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/data-portal","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/data-portal"` | Docker repository. | | image.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector to apply to the pod | | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 402ecf0b..75c188c1 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 77304c28..be861167 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -61,8 +61,8 @@ global: # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. frontendRoot: "portal" -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index eef0c763..01e5bf48 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -70,7 +70,6 @@ A Helm chart for gen3 Requestor Service | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | global.userYamlS3Path | string | `"s3://cdis-gen3-users/helm-test/user.yaml"` | Path to the user.yaml file in S3. | | global.usersync | bool | `false` | Whether to run Fence usersync or not. | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/requestor","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/requestor"` | Docker repository. | @@ -80,6 +79,7 @@ A Helm chart for gen3 Requestor Service | initResources.limits | map | `{"cpu":0.8,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | initResources.limits.cpu | string | `0.8` | The maximum amount of CPU the container can use | | initResources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Authentication"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 0f1018a5..61510d29 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: public: 'yes' dbrequestor: 'yes' annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index ef15aa43..e64454ad 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -78,8 +78,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 03ff80b3..430e223e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -54,7 +54,6 @@ A Helm chart for gen3 revproxy | global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | global.tls.cert | string | `nil` | | | global.tls.key | string | `nil` | | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"nginx","tag":"stable-perl"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"nginx"` | Docker repository. | @@ -66,6 +65,7 @@ A Helm chart for gen3 revproxy | ingress.enabled | bool | `false` | Whether to create the ingress | | ingress.hosts | list | `[{"host":"chart-example.local","paths":[{"path":"/","pathType":"Prefix"}]}]` | Where to route the traffic. | | ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node selector labels. | | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index 3bd96748..b2fcf788 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index deb643f5..f2748347 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -69,8 +69,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index ed6ca4bb..f785ceaa 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -65,12 +65,12 @@ A Helm chart for gen3 Sheepdog Service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sheepdog","tag":"bug_auth-audience"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sheepdog"` | Docker repository. | | image.tag | string | `"bug_auth-audience"` | Overrides the image tag whose default is the chart appVersion. | | indexdUrl | string | `"http://indexd-service"` | URL for the indexd service | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"sheepdog"}` | Annotations to add to the pod | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index 1494a092..296595db 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: public: 'yes' s3: 'yes' annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 04b5c481..268b1223 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -64,8 +64,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/sower/README.md b/helm/sower/README.md index 3dc6c3de..ce3cb4ac 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -62,12 +62,12 @@ A Helm chart for gen3 sower | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/sower","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/sower"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index e3c7487d..504bec5e 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: public: "yes" netnolimit: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 6f7d04d6..b4d1d955 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -60,8 +60,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 7299bde3..1b15dcf0 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -59,13 +59,13 @@ A Helm chart for gen3 ssjdispatcher | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/ssjdispatcher","tag":"2022.08"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/ssjdispatcher"` | Docker repository. | | image.tag | string | `"2022.08"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | | indexing | string | `"707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/indexs3client:2022.08"` | Image to use for the "indexing" job. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Workspace-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index 6b34adde..8c6ab9cb 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: netnolimit: "yes" public: "yes" annotations: - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} spec: diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index fe09567a..f7d75a06 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -58,8 +58,8 @@ global: # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (int) Number of replicas for the deployment. replicaCount: 1 diff --git a/helm/wts/README.md b/helm/wts/README.md index e5a0d838..18eaaf50 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -54,13 +54,13 @@ A Helm chart for gen3 workspace token service | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | hostname | string | `nil` | Hostname for the deployment. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/workspace-token-service","tag":"feat_wts_internalfence"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/workspace-token-service"` | Docker repository. | | image.tag | string | `"feat_wts_internalfence"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | | nodeSelector | map | `{}` | Node Selector for the pods | | oidc_client_id | string | `nil` | Id for the OIDC client. | diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 8a3f55a6..464607e9 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.grafanaEnabled }} + {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index e986239a..e00aa2fe 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -64,8 +64,8 @@ global: # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false -# -- (bool) Whether Grafana is enabled. -grafanaEnabled: false +# -- (bool) Whether Metrics are enabled. +metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: From b9f8c129d82039eaee8970c475e69c23c9300dd2 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Fri, 6 Sep 2024 09:19:16 -0600 Subject: [PATCH 214/279] removing grafanaEnabled from umbrella chart as it is no longer enabled globally. --- .secrets.baseline | 6 +++--- helm/gen3/README.md | 1 - helm/gen3/values.yaml | 2 -- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index dd73e482..9ded372f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-09-06T15:16:10Z", + "generated_at": "2024-09-06T15:19:06Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -353,7 +353,7 @@ "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", "is_secret": false, "is_verified": false, - "line_number": 122, + "line_number": 121, "type": "Secret Keyword" } ], @@ -362,7 +362,7 @@ "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", "is_secret": false, "is_verified": false, - "line_number": 200, + "line_number": 198, "type": "Secret Keyword" } ], diff --git a/helm/gen3/README.md b/helm/gen3/README.md index e85672b3..4f271e96 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -100,7 +100,6 @@ Helm chart to deploy Gen3 Data Commons | global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | | global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | -| global.grafanaEnabled | bool | `false` | Whether Grafana is enabled. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | | global.netPolicy | bool | `true` | Whether network policies are enabled. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index bcd0d15d..d644eaa4 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -64,8 +64,6 @@ global: netPolicy: true # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" - # -- (bool) Whether Grafana is enabled. - grafanaEnabled: false # -- (map) If you would like to add any extra values to the manifest-global configmap. manifestGlobalExtraValues: {} # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. From cfa50ca55966e9c77e888dcdfe6d2d2d6180021d Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:01:13 -0600 Subject: [PATCH 215/279] adding a backoff limit to the usersync cron to avoid generating an endless amount of failing jobs --- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/usersync-cron.yaml | 3 +++ helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 0224cedd..b591966e 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.22 +version: 0.1.23 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 30d682be..3a5f4b18 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.22](https://img.shields.io/badge/Version-0.1.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 7bf9d8b8..67eb5d0a 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -17,8 +17,11 @@ metadata: name: usersync spec: schedule: {{ .Values.usersync.schedule | quote }} + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 jobTemplate: spec: + backoffLimit: 4 template: metadata: labels: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index e108c0f0..2171b621 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.22 + version: 0.1.23 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.41 +version: 0.1.42 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 4f271e96..125bd1ca 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.41](https://img.shields.io/badge/Version-0.1.41-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.42](https://img.shields.io/badge/Version-0.1.42-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.10 | | file://../common | common | 0.1.14 | | file://../etl | etl | 0.1.1 | -| file://../fence | fence | 0.1.22 | +| file://../fence | fence | 0.1.23 | | file://../frontend-framework | frontend-framework | 0.1.3 | | file://../guppy | guppy | 0.1.13 | | file://../hatchery | hatchery | 0.1.10 | From 941781041a26583e30450a7f05a933b8e4ca07af Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:12:56 -0600 Subject: [PATCH 216/279] adding "concurrentcyPolicy" to "Forbid" so new usersync pods won't be generated if the last one is stuck or still running. --- helm/fence/templates/usersync-cron.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 67eb5d0a..55e93310 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -22,6 +22,7 @@ spec: jobTemplate: spec: backoffLimit: 4 + concurrencyPolicy: Forbid template: metadata: labels: From 415e34742da578b21385579a3185955b9af0b4c9 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:39:13 -0600 Subject: [PATCH 217/279] adding a concurrencyPolicy to usersync job --- helm/fence/templates/usersync-cron.yaml | 2 +- helm/gen3/README.md | 4 ++-- helm/gen3/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 55e93310..2349f8ce 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -19,10 +19,10 @@ spec: schedule: {{ .Values.usersync.schedule | quote }} successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 + concurrencyPolicy: Forbid jobTemplate: spec: backoffLimit: 4 - concurrencyPolicy: Forbid template: metadata: labels: diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 125bd1ca..e9021725 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -66,10 +66,10 @@ Helm chart to deploy Gen3 Data Commons | elasticsearch.singleNode | bool | `true` | | | etl.enabled | bool | `true` | Whether to deploy the etl subchart. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | -| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/1 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | | fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | -| fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | +| fence.usersync.schedule | string | `"*/1 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | | fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | | fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index d644eaa4..8e708541 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -118,7 +118,7 @@ fence: # -- (bool) Whether to run Fence usersync or not. usersync: false # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. - schedule: "*/30 * * * *" + schedule: "*/1 * * * *" # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml From 91c3594efb440cad906e75877f19a6b677c0e4a3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:40:28 -0600 Subject: [PATCH 218/279] reverting change I used for testing --- helm/gen3/README.md | 4 ++-- helm/gen3/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index e9021725..125bd1ca 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -66,10 +66,10 @@ Helm chart to deploy Gen3 Data Commons | elasticsearch.singleNode | bool | `true` | | | etl.enabled | bool | `true` | Whether to deploy the etl subchart. | | fence.enabled | bool | `true` | Whether to deploy the fence subchart. | -| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/1 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | +| fence.usersync | map | `{"addDbgap":false,"onlyDbgap":false,"schedule":"*/30 * * * *","slack_send_dbgap":false,"slack_webhook":"None","syncFromDbgap":false,"userYamlS3Path":"s3://cdis-gen3-users/helm-test/user.yaml","usersync":false}` | Configuration options for usersync cronjob. | | fence.usersync.addDbgap | bool | `false` | Force attempting a dbgap sync if "true", falls back on user.yaml | | fence.usersync.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | -| fence.usersync.schedule | string | `"*/1 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | +| fence.usersync.schedule | string | `"*/30 * * * *"` | The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. | | fence.usersync.slack_send_dbgap | bool | `false` | Will echo what files we are seeing on dbgap ftp to Slack. | | fence.usersync.slack_webhook | string | `"None"` | Slack webhook endpoint used with certain jobs. | | fence.usersync.syncFromDbgap | bool | `false` | Whether to sync data from dbGaP. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 8e708541..d644eaa4 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -118,7 +118,7 @@ fence: # -- (bool) Whether to run Fence usersync or not. usersync: false # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default. - schedule: "*/1 * * * *" + schedule: "*/30 * * * *" # -- (bool) Whether to sync data from dbGaP. syncFromDbgap: false # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml From 247dddbb8d8c45fd41285e996adb446540f68afe Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:56:42 -0600 Subject: [PATCH 219/279] adding metricsEnabled to presigned url fence --- helm/fence/templates/presigned-url-fence.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index 166106a8..a4c5628f 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -13,10 +13,13 @@ spec: app: presigned-url-fence template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.metricsEnabled }} + {{- include "common.grafanaAnnotations" . | nindent 8 }} + {{- end }} labels: app: presigned-url-fence spec: From 83ab43b0bf59b12b5f3e4485ca696da2aa77c14d Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 14:23:52 -0600 Subject: [PATCH 220/279] removing extraLabels from the overall deployment --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/sower/templates/deployment.yaml | 1 - helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/ssjdispatcher/templates/deployment.yaml | 1 - 9 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 9ded372f..221322d3 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-09-06T15:19:06Z", + "generated_at": "2024-09-09T20:23:45Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -686,7 +686,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 55, + "line_number": 54, "type": "Secret Keyword" }, { diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2171b621..a5b103f4 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -84,11 +84,11 @@ dependencies: repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.10 + version: 0.1.11 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.12 + version: 0.1.13 condition: sower.enabled repository: "file://../sower" - name: wts diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 125bd1ca..99d28c0f 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -39,8 +39,8 @@ Helm chart to deploy Gen3 Data Commons | file://../requestor | requestor | 0.1.12 | | file://../revproxy | revproxy | 0.1.17 | | file://../sheepdog | sheepdog | 0.1.15 | -| file://../sower | sower | 0.1.12 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.10 | +| file://../sower | sower | 0.1.13 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.11 | | file://../wts | wts | 0.1.14 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index a428ef00..5e6090aa 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index ce3cb4ac..ff634448 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index 504bec5e..e051994d 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -10,7 +10,6 @@ spec: selector: matchLabels: {{- include "sower.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} revisionHistoryLimit: 2 strategy: {{- toYaml .Values.strategy | nindent 8 }} diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 2a0aa0b5..2e96e49d 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 1b15dcf0..2e476daf 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index 8c6ab9cb..f54e3029 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -8,7 +8,6 @@ spec: selector: matchLabels: {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} revisionHistoryLimit: 2 strategy: {{- toYaml .Values.strategy | nindent 8 }} From 31fb50058e168793b4c5ca1edb487ce09c34ab4a Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 14:51:45 -0600 Subject: [PATCH 221/279] - Use configmap when not fetching remote user.yaml - Add nodeSelector to portal --- helm/fence/templates/useryaml-job.yaml | 2 +- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/portal/templates/deployment.yaml | 4 ++++ 6 files changed, 9 insertions(+), 5 deletions(-) diff --git a/helm/fence/templates/useryaml-job.yaml b/helm/fence/templates/useryaml-job.yaml index 064c4f2a..6fd72be7 100644 --- a/helm/fence/templates/useryaml-job.yaml +++ b/helm/fence/templates/useryaml-job.yaml @@ -1,4 +1,3 @@ -{{ if not .Values.usersync.usersync }} kind: ConfigMap apiVersion: v1 metadata: @@ -6,6 +5,7 @@ metadata: data: useryaml: {{ .Values.USER_YAML | toYaml | nindent 4}} --- +{{ if not .Values.usersync.usersync }} apiVersion: batch/v1 kind: Job metadata: diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index a5b103f4..0534061a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.16 + version: 0.1.17 repository: "file://../portal" condition: portal.enabled - name: requestor diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 99d28c0f..ed27d3c7 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -35,7 +35,7 @@ Helm chart to deploy Gen3 Data Commons | file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.14 | | file://../pidgin | pidgin | 0.1.11 | -| file://../portal | portal | 0.1.16 | +| file://../portal | portal | 0.1.17 | | file://../requestor | requestor | 0.1.12 | | file://../revproxy | revproxy | 0.1.17 | | file://../sheepdog | sheepdog | 0.1.15 | diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 249f13c6..5eac7025 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 6b93faa1..3a868761 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 75c188c1..4ca45131 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -28,6 +28,10 @@ spec: {{- include "common.extraLabels" . | nindent 8 }} public: "yes" spec: + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} From a5dced94f6b504bce39fcb5078344298101ced84 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Sep 2024 14:58:35 -0600 Subject: [PATCH 222/279] removing datadog from manifest-global --- helm/gen3/templates/global-manifest.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/gen3/templates/global-manifest.yaml b/helm/gen3/templates/global-manifest.yaml index 24842a25..7a1ac1d9 100644 --- a/helm/gen3/templates/global-manifest.yaml +++ b/helm/gen3/templates/global-manifest.yaml @@ -13,7 +13,6 @@ data: "tier_access_limit": {{ .Values.global.tierAccessLimit | quote }} "netpolicy": {{ .Values.global.netPolicy | quote }} "dispatcher_job_num": {{ .Values.global.dispatcherJobNum | quote }} - "dd_enabled": {{ .Values.global.ddEnabled | quote }} "frontend_root": {{ .Values.global.frontendRoot | quote }} {{- with .Values.global.origins_allow_credentials }} "origins_allow_credentials": {{ . | toJson | quote }} From 7590268dbe4ed8003ccd9da43cb7ad84e3b5c359 Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:40:37 -0500 Subject: [PATCH 223/279] Update README.md fix a broken link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4c7ac9b9..bd0b0da2 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ There's also an auto-generated table of basic configuration options here: [README.md for gen3 chart](./helm/gen3/README.md) (auto-generated documentation) or -To see documentation around setting up gen3 developer environments see [gen3_developer_environments.md](./docs/gen3_developer_environments.md) +To see documentation around setting up gen3 developer environments see [our Example Deployment](https://docs.gen3.org/docs/Deployment/Example%20Deployment/). Use the following as a template for your `values.yaml` file for a minimum deployment of gen3 using these helm charts. From f14b293cabf4845b2c3811655240582fc5f366f1 Mon Sep 17 00:00:00 2001 From: Ed Date: Mon, 30 Sep 2024 08:52:56 -0500 Subject: [PATCH 224/279] feat(grafana-alerting): Added default grafana alerts to lgtm-distributed chart --- helm/ambassador/README.md | 2 + helm/arborist/README.md | 2 + helm/argo-wrapper/README.md | 2 + helm/audit/README.md | 2 + helm/aws-es-proxy/README.md | 2 + helm/common/README.md | 2 + helm/dicom-server/README.md | 2 + helm/dicom-viewer/README.md | 2 + helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 4 +- helm/fence/README.md | 2 + helm/frontend-framework/README.md | 2 + helm/gen3/README.md | 2 + helm/guppy/README.md | 2 + helm/hatchery/README.md | 2 + helm/indexd/README.md | 2 + helm/lgtm-distributed/README.md | 189 +++++++++++++++++++++++ helm/lgtm-distributed/values.yaml | 244 ++++++++++++++++++++++++++++++ helm/manifestservice/README.md | 2 + helm/metadata/README.md | 2 + helm/peregrine/README.md | 2 + helm/pidgin/README.md | 2 + helm/portal/README.md | 2 + helm/requestor/README.md | 2 + helm/revproxy/README.md | 2 + helm/sheepdog/README.md | 2 + helm/sower/README.md | 2 + helm/ssjdispatcher/README.md | 2 + helm/wts/README.md | 2 + 29 files changed, 487 insertions(+), 2 deletions(-) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 2e684849..8f658431 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -60,3 +60,5 @@ A Helm chart for deploying ambassador for gen3 | tolerations | list | `[]` | Tolerations to use for the deployment. | | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 74cb57d6..5ccdc021 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -105,3 +105,5 @@ A Helm chart for gen3 arborist | volumeMounts | list | `[]` | Volume mounts to attach to the container | | volumes | list | `[]` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index d6ce7750..b7b131ec 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -64,3 +64,5 @@ A Helm chart for gen3 Argo Wrapper Service | volumeMounts | list | `[{"mountPath":"/argo.json","name":"argo-config","readOnly":true,"subPath":"argo.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/audit/README.md b/helm/audit/README.md index 8d4ffa2c..15ee8891 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -123,3 +123,5 @@ A Helm chart for Kubernetes | volumeMounts | list | `[]` | Volumes to mount to the container. | | volumes | list | `[]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 873a0e41..2d5cbba8 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -67,3 +67,5 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | | volumes | list | `nil` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/README.md b/helm/common/README.md index 75e6a5d7..61cc086b 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -29,3 +29,5 @@ A Helm chart for provisioning databases in gen3 | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index f95924f0..7a1fa3a5 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -53,3 +53,5 @@ A Helm chart for gen3 Dicom Server | volumeMounts | list | `[{"mountPath":"/etc/orthanc/orthanc_config_overwrites.json","name":"config-volume-g3auto","readOnly":true,"subPath":"orthanc_config_overwrites.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 28eec517..e4e6ddb5 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -40,3 +40,5 @@ A Helm chart for gen3 Dicom Viewer | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index c5b08a7b..3a862865 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index faa4d2f2..9c1bac65 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -103,3 +103,5 @@ A Helm chart for gen3 etl | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/fence/README.md b/helm/fence/README.md index ea03a462..25586f37 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -199,3 +199,5 @@ A Helm chart for gen3 Fence | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 8c515bb3..2f264174 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -93,3 +93,5 @@ A Helm chart for the gen3 frontend framework | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 7be42ca8..e94e4a43 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -164,3 +164,5 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 7cf3ec1c..b872e6d4 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -96,3 +96,5 @@ A Helm chart for gen3 Guppy Service | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 3ebadfc2..4bce3c89 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -86,3 +86,5 @@ A Helm chart for gen3 Hatchery | volumeMounts | list | `[{"mountPath":"/hatchery.json","name":"hatchery-config","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 8d7057cb..2f81977e 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -107,3 +107,5 @@ A Helm chart for gen3 indexd | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/lgtm-distributed/README.md b/helm/lgtm-distributed/README.md index aa7ee6a6..2c00f225 100644 --- a/helm/lgtm-distributed/README.md +++ b/helm/lgtm-distributed/README.md @@ -33,6 +33,193 @@ Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack | Key | Type | Default | Description | |-----|------|---------|-------------| +| grafana.alerting."contactpoints.yaml".secret.apiVersion | int | `1` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].name | string | `"slack"` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].orgId | int | `1` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.group | string | `"slack"` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.summary | string | `"{{ `{{ include \"default.message\" . }}` }}\n"` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.url | string | `"https://hooks.slack.com/services/XXXXXXXXXX"` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].type | string | `"Slack"` | | +| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].uid | string | `"first_uid"` | | +| grafana.alerting."rules.yaml".apiVersion | int | `1` | | +| grafana.alerting."rules.yaml".groups[0].folder | string | `"Alerts"` | | +| grafana.alerting."rules.yaml".groups[0].interval | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].name | string | `"Alerts"` | | +| grafana.alerting."rules.yaml".groups[0].orgId | int | `1` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].annotations.summary | string | `"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.expr | string | `"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].title | string | `"HTTP 500 errors detected"` | | +| grafana.alerting."rules.yaml".groups[0].rules[0].uid | string | `"edwb8zgcvq96oc"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].annotations.description | string | `"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}."` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].annotations.summary | string | `"Error Logs Detected in Usersync Job"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.expr | string | `"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].title | string | `"Error Logs Detected in Usersync Job"` | | +| grafana.alerting."rules.yaml".groups[0].rules[1].uid | string | `"adwb9vhb7irr4b"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].annotations.description | string | `"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}."` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].annotations.summary | string | `"Hatchery panic"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.expr | string | `"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].title | string | `"Hatchery panic in {{`{{ env.name }}`}}"` | | +| grafana.alerting."rules.yaml".groups[0].rules[2].uid | string | `"ddwbc12l6wc8wf"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].annotations.description | string | `"Detected 431 HTTP status codes in the logs within the last 5 minutes."` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].annotations.summary | string | `"Http status code 431"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.expr | string | `"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].title | string | `"Http status code 431"` | | +| grafana.alerting."rules.yaml".groups[0].rules[3].uid | string | `"cdwbcbphz1zb4a"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].annotations.description | string | `"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}."` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].annotations.summary | string | `"Indexd is getting an excessive amount of traffic"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.expr | string | `"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].title | string | `"Indexd is getting an excessive amount of traffic"` | | +| grafana.alerting."rules.yaml".groups[0].rules[4].uid | string | `"bdwbck1lgwdfka"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].annotations.description | string | `"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found."` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].annotations.summary | string | `"Karpenter Resource Mismatch"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.expr | string | `"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].title | string | `"Karpenter Resource Mismatch"` | | +| grafana.alerting."rules.yaml".groups[0].rules[5].uid | string | `"fdwbe5t439zpcd"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].annotations.description | string | `"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes."` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].annotations.summary | string | `"Nginx is logging excessive \" limiting requests, excess:\""` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].condition | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].datasourceUid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.datasource.type | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.datasource.uid | string | `"loki"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.editorMode | string | `"code"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.expr | string | `"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.hide | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.intervalMs | int | `1000` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.maxDataPoints | int | `43200` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].queryType | string | `"instant"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].refId | string | `"A"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].relativeTimeRange.from | int | `600` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].relativeTimeRange.to | int | `0` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].execErrState | string | `"KeepLast"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].for | string | `"5m"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].isPaused | bool | `false` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].labels | object | `{}` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].noDataState | string | `"OK"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].notification_settings.receiver | string | `"Slack"` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].title | string | `"Nginx is logging excessive \" limiting requests, excess:\""` | | +| grafana.alerting."rules.yaml".groups[0].rules[6].uid | string | `"fdwbeuftc7400c"` | | | grafana.datasources | object | `{"datasources.yaml":{"apiVersion":1,"datasources":[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]}}` | Grafana data sources config. Connects to all three by default | | grafana.datasources."datasources.yaml".datasources | list | `[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]` | Datasources linked to the Grafana instance. Override if you disable any components. | | grafana.enabled | bool | `true` | Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. | @@ -42,3 +229,5 @@ Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack | tempo.enabled | bool | `true` | Deploy Tempo if enabled. See [upstream readme](https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/README.md#values) for full values reference. | | tempo.ingester.replicas | int | `3` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/lgtm-distributed/values.yaml b/helm/lgtm-distributed/values.yaml index 688abc19..24a0a422 100644 --- a/helm/lgtm-distributed/values.yaml +++ b/helm/lgtm-distributed/values.yaml @@ -37,6 +37,249 @@ grafana: serviceMap: datasourceUid: prom + + alerting: + rules.yaml: + apiVersion: 1 + groups: + - orgId: 1 + name: Alerts + folder: Alerts + interval: 5m + rules: + - uid: edwb8zgcvq96oc + title: HTTP 500 errors detected + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({cluster=~".+"} | json | http_status_code="500" [1h])) > 0 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + summary: 'Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}' + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: adwb9vhb7irr4b + title: Error Logs Detected in Usersync Job + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster, namespace) (count_over_time({ app="gen3job", job_name=~"usersync-.*"} |= "ERROR - could not revoke policies from user `N/A`" [5m])) > 1 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}. + summary: Error Logs Detected in Usersync Job + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: ddwbc12l6wc8wf + title: Hatchery panic in {{`{{ env.name }}`}} + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({app="hatchery"} |= "panic" [5m])) > 1 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}. + summary: Hatchery panic + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: cdwbcbphz1zb4a + title: Http status code 431 + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum(count_over_time({cluster=~".+"} | json | http_status_code="431" [5m])) >= 2 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Detected 431 HTTP status codes in the logs within the last 5 minutes. + summary: Http status code 431 + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: bdwbck1lgwdfka + title: Indexd is getting an excessive amount of traffic + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({cluster=~".+", app="indexd", status="info"} [5m])) > 50000 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}. + summary: Indexd is getting an excessive amount of traffic + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: fdwbe5t439zpcd + title: Karpenter Resource Mismatch + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: | + sum by (cluster) (count_over_time({namespace="karpenter", cluster=~".+"} |= "ERROR" |= "not found" |= "getting providerRef" [5m])) > 10 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found. + summary: Karpenter Resource Mismatch + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: fdwbeuftc7400c + title: Nginx is logging excessive " limiting requests, excess:" + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (app, cluster) (count_over_time({app=~".+", cluster=~".+"} |= "status:error" |= "limiting requests, excess:" [5m])) > 1000 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: 'More than 1000 "limiting requests, excess" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.' + summary: Nginx is logging excessive " limiting requests, excess:" + labels: {} + isPaused: false + notification_settings: + receiver: Slack + contactpoints.yaml: + secret: + apiVersion: 1 + contactPoints: + - orgId: 1 + name: slack + receivers: + - uid: first_uid + type: Slack + settings: + url: https://hooks.slack.com/services/XXXXXXXXXX + group: slack + summary: | + {{ `{{ include "default.message" . }}` }} + + loki: # -- Deploy Loki if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/loki-distributed#values) for full values reference. enabled: true @@ -106,3 +349,4 @@ tempo: enabled: true ingester: replicas: 3 + \ No newline at end of file diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 11fc1f39..4236568c 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -85,3 +85,5 @@ A Helm chart for Kubernetes | volumeMounts | list | `[{"mountPath":"/var/gen3/config/","name":"config-volume","readOnly":true}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/metadata/README.md b/helm/metadata/README.md index c9553ba9..294abb91 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -124,3 +124,5 @@ A Helm chart for gen3 Metadata Service | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8d9884c5..8d1e3674 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -102,3 +102,5 @@ A Helm chart for gen3 Peregrine service | volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 21914338..06e094e3 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -82,3 +82,5 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/portal/README.md b/helm/portal/README.md index daafacfc..91329bc4 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -101,3 +101,5 @@ A Helm chart for gen3 data-portal | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 85792b12..da178289 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -117,3 +117,5 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 59baa504..8d4bb54e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -104,3 +104,5 @@ A Helm chart for gen3 revproxy | tolerations | list | `[]` | Tolerations to use for the deployment. | | userhelperEnabled | bool | `false` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index afbdd189..1f744fa3 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -110,3 +110,5 @@ A Helm chart for gen3 Sheepdog Service | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/README.md b/helm/sower/README.md index 9644ad2e..62fd6a20 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -181,3 +181,5 @@ A Helm chart for gen3 sower | volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 3bb1ab0a..53df78fc 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -112,3 +112,5 @@ A Helm chart for gen3 ssjdispatcher | volumeMounts | list | `[{"mountPath":"/credentials.json","name":"ssjdispatcher-creds-volume","readOnly":true,"subPath":"credentials.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/wts/README.md b/helm/wts/README.md index f755b799..3e545b7e 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -105,3 +105,5 @@ A Helm chart for gen3 workspace token service | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 42fa48057f04a302b80bc7ac0aa73eb5129315c5 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:27:07 -0600 Subject: [PATCH 225/279] - adding base alloy helm chart with README.md - adding base faro collector alloy helm chart with README.md - creating a new lgtm umbrella chart with only one dependency and pre-configured values. Also adding a README.md --- helm/alloy/Chart.yaml | 30 + helm/alloy/SETUP.md | 55 + helm/alloy/templates/alloy-config.yaml | 9 + helm/alloy/values.yaml | 445 +++++++ helm/ambassador/README.md | 2 - helm/arborist/README.md | 2 - helm/argo-wrapper/README.md | 2 - helm/audit/README.md | 2 - helm/aws-es-proxy/README.md | 2 - helm/common/README.md | 2 - helm/dicom-server/README.md | 2 - helm/dicom-viewer/README.md | 2 - helm/etl/README.md | 2 - helm/faro-collector/Chart.yaml | 30 + helm/faro-collector/SETUP.md | 154 +++ .../templates/alloy-config.yaml | 9 + helm/faro-collector/values.yaml | 77 ++ helm/fence/README.md | 2 - helm/frontend-framework/README.md | 2 - helm/gen3/README.md | 2 - helm/guppy/README.md | 2 - helm/hatchery/README.md | 2 - helm/indexd/README.md | 2 - helm/lgtm-distributed/Chart.yaml | 62 - helm/lgtm-distributed/README.md | 233 ---- helm/lgtm-distributed/templates/NOTES.txt | 1 - helm/lgtm-distributed/templates/_helpers.tpl | 18 - helm/lgtm-distributed/values.yaml | 352 ------ helm/manifestservice/README.md | 2 - helm/metadata/README.md | 2 - helm/observability/Chart.yaml | 31 + helm/observability/SETUP.md | 298 +++++ helm/observability/image.png | Bin 0 -> 98453 bytes .../templates/observability-sa.yaml | 7 + helm/observability/values.yaml | 1108 +++++++++++++++++ helm/peregrine/README.md | 2 - helm/pidgin/README.md | 2 - helm/portal/README.md | 2 - helm/requestor/README.md | 2 - helm/revproxy/README.md | 2 - helm/sheepdog/README.md | 2 - helm/sower/README.md | 2 - helm/ssjdispatcher/README.md | 2 - helm/test.yaml | 1 + helm/wts/README.md | 2 - 45 files changed, 2254 insertions(+), 718 deletions(-) create mode 100644 helm/alloy/Chart.yaml create mode 100644 helm/alloy/SETUP.md create mode 100644 helm/alloy/templates/alloy-config.yaml create mode 100644 helm/alloy/values.yaml create mode 100644 helm/faro-collector/Chart.yaml create mode 100644 helm/faro-collector/SETUP.md create mode 100644 helm/faro-collector/templates/alloy-config.yaml create mode 100644 helm/faro-collector/values.yaml delete mode 100644 helm/lgtm-distributed/Chart.yaml delete mode 100644 helm/lgtm-distributed/README.md delete mode 100644 helm/lgtm-distributed/templates/NOTES.txt delete mode 100644 helm/lgtm-distributed/templates/_helpers.tpl delete mode 100644 helm/lgtm-distributed/values.yaml create mode 100644 helm/observability/Chart.yaml create mode 100644 helm/observability/SETUP.md create mode 100644 helm/observability/image.png create mode 100644 helm/observability/templates/observability-sa.yaml create mode 100644 helm/observability/values.yaml create mode 100644 helm/test.yaml diff --git a/helm/alloy/Chart.yaml b/helm/alloy/Chart.yaml new file mode 100644 index 00000000..3ebd99ee --- /dev/null +++ b/helm/alloy/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: alloy +description: A Helm chart for deploying Grafana Alloy + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "master" + +# Dependencies +dependencies: + - name: alloy + version: "0.9.1" + repository: "https://grafana.github.io/helm-charts" diff --git a/helm/alloy/SETUP.md b/helm/alloy/SETUP.md new file mode 100644 index 00000000..0b3e1c74 --- /dev/null +++ b/helm/alloy/SETUP.md @@ -0,0 +1,55 @@ +# Grafana Alloy + +## Overview + +This document provides a guide for deploying Grafana Alloy to your Kubernetes cluster using Helm. Grafana Alloy is a powerful observability tool that collects and ships logs and metrics from your services to Grafana Loki and Mimir for storage and analysis. By deploying Alloy, you can gain deep insights into your system’s performance, track key metrics, and troubleshoot issues efficiently. + +In this deployment, the Alloy ConfigMap plays a crucial role in configuring which logs are collected for Loki and which metrics are gathered for Mimir. It also specifies the endpoints for Loki and Mimir where the data will be sent. + +Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the SETUP.md observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. + +## Configuring Alloy + +### Helm Chart Configuration + +The Alloy configuration is the key component that allows users to customize what logs are collected for Loki and which metrics are collected for Mimir. Through this configuration, you can define the specific endpoints where logs and metrics should be sent, ensuring that data is properly routed for observability and analysis. + +In this configuration, it is important to replace the placeholder hostnames (*.example.com) with the actual Loki and Mimir hostnames that were configured in the "observability" Helm chart. This ensures that logs are sent to the correct Loki endpoint and metrics are forwarded to the appropriate Mimir endpoint, allowing your observability stack to function effectively. Additionally, you can fine-tune the alloyConfigmapData to suit your environment's needs. Please click [here](https://grafana.com/docs/alloy/latest/reference/components/#components) to see in-depth documentation on how to do so. + +```yaml + // Write Endpoints + // prometheus write endpoint + prometheus.remote_write "default" { + external_labels = { + cluster = "{{ .Values.cluster }}", + project = "{{ .Values.project }}", + } + endpoint { + url = "https://mimir.example.com/api/v1/push" + + headers = { + "X-Scope-OrgID" = "anonymous", + } + + } + } + + // loki write endpoint + loki.write "endpoint" { + external_labels = { + cluster = "{{ .Values.cluster }}", + project = "{{ .Values.project }}", + } + endpoint { + url = "https://loki.example.com/loki/api/v1/push" + } + } +``` +### Helm Chart Links +The link below will take you to the Grafana Alloy chart, providing a comprehensive list of configurable options to help you further customize your setup. + +[Alloy Helm Chart](https://github.com/grafana/alloy/blob/main/operations/helm/charts/alloy/values.yaml) + +--- + +By following this guide, you'll successfully configure Alloy to send logs and metrics to Grafana Loki and Mimir. The setup will ensure that Alloy collects the necessary observability data from your environment and forwards logs to Loki and metrics to Mimir for analysis and storage. This configuration will allow you to monitor your system's logs and metrics efficiently through Grafana. \ No newline at end of file diff --git a/helm/alloy/templates/alloy-config.yaml b/helm/alloy/templates/alloy-config.yaml new file mode 100644 index 00000000..0bf02875 --- /dev/null +++ b/helm/alloy/templates/alloy-config.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alloy-gen3 +data: + config: | + {{- with .Values.alloy.alloyConfigmapData }} + {{- toYaml . | nindent 4 }} + {{ end }} \ No newline at end of file diff --git a/helm/alloy/values.yaml b/helm/alloy/values.yaml new file mode 100644 index 00000000..146cb8ea --- /dev/null +++ b/helm/alloy/values.yaml @@ -0,0 +1,445 @@ +alloy: + controller: + type: "deployment" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - us-east-1a + + alloy: + stabilityLevel: "public-preview" + uiPathPrefix: /alloy + # -- Extra ports to expose on the Alloy container. + extraPorts: + - name: "otel-grpc" + port: 4317 + targetPort: 4317 + protocol: "TCP" + - name: "otel-http" + port: 4318 + targetPort: 4318 + protocol: "TCP" + clustering: + enabled: true + configMap: + name: alloy-gen3 + key: config + resources: + requests: + cpu: 1000m + memory: 1Gi + + alloyConfigmapData: | + logging { + level = "info" + format = "json" + write_to = [loki.write.endpoint.receiver] + } + + /////////////////////// OTLP START /////////////////////// + + otelcol.receiver.otlp "default" { + grpc {} + http {} + + output { + metrics = [otelcol.processor.batch.default.input] + traces = [otelcol.processor.batch.default.input] + } + } + + otelcol.processor.batch "default" { + output { + metrics = [otelcol.exporter.prometheus.default.input] + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.prometheus "default" { + forward_to = [prometheus.remote_write.default.receiver] + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://monitoring-tempo-distributor.monitoring:4317" + // Configure TLS settings for communicating with the endpoint. + tls { + // The connection is insecure. + insecure = true + // Do not verify TLS certificates when connecting. + insecure_skip_verify = true + } + } + } + + + /////////////////////// OTLP END /////////////////////// + + // discover all pods, to be used later in this config + discovery.kubernetes "pods" { + role = "pod" + } + + // discover all services, to be used later in this config + discovery.kubernetes "services" { + role = "service" + } + + // discover all nodes, to be used later in this config + discovery.kubernetes "nodes" { + role = "node" + } + + // Generic scrape of any pod with Annotation "prometheus.io/scrape: true" + discovery.relabel "annotation_autodiscovery_pods" { + targets = discovery.kubernetes.pods.targets + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_scrape"] + regex = "true" + action = "keep" + } + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_job"] + action = "replace" + target_label = "job" + } + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_instance"] + action = "replace" + target_label = "instance" + } + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_path"] + action = "replace" + target_label = "__metrics_path__" + } + + // Choose the pod port + // The discovery generates a target for each declared container port of the pod. + // If the metricsPortName annotation has value, keep only the target where the port name matches the one of the annotation. + rule { + source_labels = ["__meta_kubernetes_pod_container_port_name"] + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_portName"] + regex = "(.+)" + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_pod_container_port_name"] + action = "keepequal" + target_label = "__tmp_port" + } + + // If the metrics port number annotation has a value, override the target address to use it, regardless whether it is + // one of the declared ports on that Pod. + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_port", "__meta_kubernetes_pod_ip"] + regex = "(\\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})" + replacement = "[$2]:$1" // IPv6 + target_label = "__address__" + } + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_port", "__meta_kubernetes_pod_ip"] + regex = "(\\d+);((([0-9]+?)(\\.|$)){4})" // IPv4, takes priority over IPv6 when both exists + replacement = "$2:$1" + target_label = "__address__" + } + + rule { + source_labels = ["__meta_kubernetes_pod_annotation_prometheus_io_scheme"] + action = "replace" + target_label = "__scheme__" + } + + + // add labels + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "pod" + } + rule { + source_labels = ["__meta_kubernetes_pod_container_name"] + target_label = "container" + } + rule { + source_labels = ["__meta_kubernetes_pod_controller_name"] + target_label = "controller" + } + + rule { + source_labels = ["__meta_kubernetes_namespace"] + target_label = "namespace" + } + + + rule { + source_labels = ["__meta_kubernetes_pod_label_app"] + target_label = "app" + } + + // map all labels + rule { + action = "labelmap" + regex = "__meta_kubernetes_pod_label_(.+)" + } + } + + // Generic scrape of any service with + // Annotation Autodiscovery + discovery.relabel "annotation_autodiscovery_services" { + targets = discovery.kubernetes.services.targets + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_scrape"] + regex = "true" + action = "keep" + } + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_job"] + action = "replace" + target_label = "job" + } + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_instance"] + action = "replace" + target_label = "instance" + } + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_path"] + action = "replace" + target_label = "__metrics_path__" + } + + // Choose the service port + rule { + source_labels = ["__meta_kubernetes_service_port_name"] + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_portName"] + regex = "(.+)" + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_service_port_name"] + action = "keepequal" + target_label = "__tmp_port" + } + + rule { + source_labels = ["__meta_kubernetes_service_port_number"] + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_port"] + regex = "(.+)" + target_label = "__tmp_port" + } + rule { + source_labels = ["__meta_kubernetes_service_port_number"] + action = "keepequal" + target_label = "__tmp_port" + } + + rule { + source_labels = ["__meta_kubernetes_service_annotation_prometheus_io_scheme"] + action = "replace" + target_label = "__scheme__" + } + } + + prometheus.scrape "metrics" { + job_name = "integrations/autodiscovery_metrics" + targets = concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output) + honor_labels = true + clustering { + enabled = true + } + forward_to = [prometheus.relabel.metrics_service.receiver] + } + + + // Node Exporter + // TODO: replace with https://grafana.com/docs/alloy/latest/reference/components/prometheus.exporter.unix/ + discovery.relabel "node_exporter" { + targets = discovery.kubernetes.pods.targets + rule { + source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_instance"] + regex = "monitoring-extras" + action = "keep" + } + rule { + source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"] + regex = "node-exporter" + action = "keep" + } + rule { + source_labels = ["__meta_kubernetes_pod_node_name"] + action = "replace" + target_label = "instance" + } + } + + prometheus.scrape "node_exporter" { + job_name = "integrations/node_exporter" + targets = discovery.relabel.node_exporter.output + scrape_interval = "60s" + clustering { + enabled = true + } + forward_to = [prometheus.relabel.node_exporter.receiver] + } + + prometheus.relabel "node_exporter" { + rule { + source_labels = ["__name__"] + regex = "up|node_cpu.*|node_network.*|node_exporter_build_info|node_filesystem.*|node_memory.*|process_cpu_seconds_total|process_resident_memory_bytes" + action = "keep" + } + forward_to = [prometheus.relabel.metrics_service.receiver] + } + + // Logs from all pods + discovery.relabel "all_pods" { + targets = discovery.kubernetes.pods.targets + rule { + source_labels = ["__meta_kubernetes_namespace"] + target_label = "namespace" + } + rule { + source_labels = ["__meta_kubernetes_pod_name"] + target_label = "pod" + } + rule { + source_labels = ["__meta_kubernetes_pod_container_name"] + target_label = "container" + } + rule { + source_labels = ["__meta_kubernetes_pod_controller_name"] + target_label = "controller" + } + + rule { + source_labels = ["__meta_kubernetes_pod_label_app"] + target_label = "app" + } + + // map all labels + rule { + action = "labelmap" + regex = "__meta_kubernetes_pod_label_(.+)" + } + + } + + loki.source.kubernetes "pods" { + targets = discovery.relabel.all_pods.output + forward_to = [loki.write.endpoint.receiver] + } + + // kube-state-metrics + discovery.relabel "relabel_kube_state_metrics" { + targets = discovery.kubernetes.services.targets + rule { + source_labels = ["__meta_kubernetes_namespace"] + regex = "monitoring" + action = "keep" + } + rule { + source_labels = ["__meta_kubernetes_service_name"] + regex = "monitoring-extras-kube-state-metrics" + action = "keep" + } + } + + prometheus.scrape "kube_state_metrics" { + targets = discovery.relabel.relabel_kube_state_metrics.output + job_name = "kube-state-metrics" + metrics_path = "/metrics" + forward_to = [prometheus.remote_write.default.receiver] + } + + // Kubelet + discovery.relabel "kubelet" { + targets = discovery.kubernetes.nodes.targets + rule { + target_label = "__address__" + replacement = "kubernetes.default.svc.cluster.local:443" + } + rule { + source_labels = ["__meta_kubernetes_node_name"] + regex = "(.+)" + replacement = "/api/v1/nodes/${1}/proxy/metrics" + target_label = "__metrics_path__" + } + } + + prometheus.scrape "kubelet" { + job_name = "integrations/kubernetes/kubelet" + targets = discovery.relabel.kubelet.output + scheme = "https" + scrape_interval = "60s" + bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token" + tls_config { + insecure_skip_verify = true + } + clustering { + enabled = true + } + forward_to = [prometheus.relabel.kubelet.receiver] + } + + prometheus.relabel "kubelet" { + rule { + source_labels = ["__name__"] + regex = "up|container_cpu_usage_seconds_total|kubelet_certificate_manager_client_expiration_renew_errors|kubelet_certificate_manager_client_ttl_seconds|kubelet_certificate_manager_server_ttl_seconds|kubelet_cgroup_manager_duration_seconds_bucket|kubelet_cgroup_manager_duration_seconds_count|kubelet_node_config_error|kubelet_node_name|kubelet_pleg_relist_duration_seconds_bucket|kubelet_pleg_relist_duration_seconds_count|kubelet_pleg_relist_interval_seconds_bucket|kubelet_pod_start_duration_seconds_bucket|kubelet_pod_start_duration_seconds_count|kubelet_pod_worker_duration_seconds_bucket|kubelet_pod_worker_duration_seconds_count|kubelet_running_container_count|kubelet_running_containers|kubelet_running_pod_count|kubelet_running_pods|kubelet_runtime_operations_errors_total|kubelet_runtime_operations_total|kubelet_server_expiration_renew_errors|kubelet_volume_stats_available_bytes|kubelet_volume_stats_capacity_bytes|kubelet_volume_stats_inodes|kubelet_volume_stats_inodes_used|kubernetes_build_info|namespace_workload_pod|rest_client_requests_total|storage_operation_duration_seconds_count|storage_operation_errors_total|volume_manager_total_volumes" + action = "keep" + } + forward_to = [prometheus.relabel.metrics_service.receiver] + } + + // Cluster Events + loki.source.kubernetes_events "cluster_events" { + job_name = "integrations/kubernetes/eventhandler" + log_format = "logfmt" + forward_to = [loki.write.endpoint.receiver] + } + + prometheus.relabel "metrics_service" { + forward_to = [prometheus.remote_write.default.receiver] + } + + + // Write Endpoints + // prometheus write endpoint + prometheus.remote_write "default" { + external_labels = { + cluster = "{{ .Values.cluster }}", + project = "{{ .Values.project }}", + } + endpoint { + url = "https://mimir.example.com/api/v1/push" + + headers = { + "X-Scope-OrgID" = "anonymous", + } + + } + } + + // loki write endpoint + loki.write "endpoint" { + external_labels = { + cluster = "{{ .Values.cluster }}", + project = "{{ .Values.project }}", + } + endpoint { + url = "https://loki.example.com/loki/api/v1/push" + } + } \ No newline at end of file diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 8f658431..2e684849 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -60,5 +60,3 @@ A Helm chart for deploying ambassador for gen3 | tolerations | list | `[]` | Tolerations to use for the deployment. | | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 5ccdc021..74cb57d6 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -105,5 +105,3 @@ A Helm chart for gen3 arborist | volumeMounts | list | `[]` | Volume mounts to attach to the container | | volumes | list | `[]` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index b7b131ec..d6ce7750 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -64,5 +64,3 @@ A Helm chart for gen3 Argo Wrapper Service | volumeMounts | list | `[{"mountPath":"/argo.json","name":"argo-config","readOnly":true,"subPath":"argo.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/audit/README.md b/helm/audit/README.md index 15ee8891..8d4ffa2c 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -123,5 +123,3 @@ A Helm chart for Kubernetes | volumeMounts | list | `[]` | Volumes to mount to the container. | | volumes | list | `[]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 2d5cbba8..873a0e41 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -67,5 +67,3 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | | volumes | list | `nil` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/common/README.md b/helm/common/README.md index 61cc086b..75e6a5d7 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -29,5 +29,3 @@ A Helm chart for provisioning databases in gen3 | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 7a1fa3a5..f95924f0 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -53,5 +53,3 @@ A Helm chart for gen3 Dicom Server | volumeMounts | list | `[{"mountPath":"/etc/orthanc/orthanc_config_overwrites.json","name":"config-volume-g3auto","readOnly":true,"subPath":"orthanc_config_overwrites.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index e4e6ddb5..28eec517 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -40,5 +40,3 @@ A Helm chart for gen3 Dicom Viewer | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/etl/README.md b/helm/etl/README.md index 9c1bac65..9d9640e3 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -103,5 +103,3 @@ A Helm chart for gen3 etl | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/faro-collector/Chart.yaml b/helm/faro-collector/Chart.yaml new file mode 100644 index 00000000..3ebd99ee --- /dev/null +++ b/helm/faro-collector/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: alloy +description: A Helm chart for deploying Grafana Alloy + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "master" + +# Dependencies +dependencies: + - name: alloy + version: "0.9.1" + repository: "https://grafana.github.io/helm-charts" diff --git a/helm/faro-collector/SETUP.md b/helm/faro-collector/SETUP.md new file mode 100644 index 00000000..85f024eb --- /dev/null +++ b/helm/faro-collector/SETUP.md @@ -0,0 +1,154 @@ +# Grafana Alloy and Faro + +## Overview + +This guide provides a step-by-step approach to configuring an Alloy instance to collect Grafana Faro logs sent over the internet, similar to Real User Monitoring (RUM). The Portal service generates Faro logs, which Alloy collects and forwards to Loki for storage and analysis in Grafana. Additionally, this guide explains how to enable metrics in the Fence service and adjust the Faro URL in the Gen3 Portal configuration to route metrics to your Alloy instance. Future updates will enable more Gen3 services to offer metric collection. + +Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. + +### Why Does Faro Require an Internet-Facing Ingress? + +Grafana Faro collects Real User Monitoring (RUM) data, such as performance metrics, errors, and user interactions, via the Fence and Portal services. This data is sent from user devices to the backend, which in this case is Alloy. To enable this communication, an internet-facing ingress is required to expose the Faro endpoint to the public, allowing users' browsers to send RUM data to the Alloy instance over the internet. + +## Configuring Alloy for Faro Logs + +### Helm Chart Configuration + +The ingress is configured with AWS ALB (Application Load Balancer) to expose the Alloy Faro port (12347) to the internet. The alb.ingress.kubernetes.io/scheme annotation ensures that the ALB is internet-facing, allowing users to send logs from their browsers to Alloy. + +When configuring the Faro collector, you will need to update the hosts section of the values.yaml file to match the hostname you plan to use for the Faro collector. For example, replace "faro.example.com" with your desired hostname. + +Additionally, it is highly recommended that you uncomment and adjust the annotations provided for AWS ALB (Application Load Balancer) to fit your environment. These annotations will help ensure proper configuration of the load balancer, SSL certificates, and other key settings. For instance, make sure to replace the placeholder values such as "cert arn", "ssl policy", and "environment name" with your specific details. + +```yaml +alloy: + extraPorts: + - name: "faro" + port: 12347 + targetPort: 12347 + protocol: "TCP" + clustering: + enabled: true + configMap: + name: alloy-gen3 + key: config + +ingress: + enabled: true + ingressClassName: "alb" + annotations: + alb.ingress.kubernetes.io/certificate-arn: + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/ssl-policy: + alb.ingress.kubernetes.io/ssl-redirect: '443' + alb.ingress.kubernetes.io/tags: Environment= + alb.ingress.kubernetes.io/target-type: ip + labels: {} + path: / + faroPort: 12347 + hosts: + - faro.example.com + +alloy-configmap-data: | + logging { + level = "info" + format = "json" + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://grafana-tempo-distributor.monitoring:4317" + tls { + insecure = true + insecure_skip_verify = true + } + } + } + + loki.write "endpoint" { + endpoint { + url = "http://grafana-loki-gateway.monitoring:80/loki/api/v1/push" + } + } + + faro.receiver "default" { + server { + listen_address = "0.0.0.0" + listen_port = 12347 + cors_allowed_origins = ["*"] + } + + extra_log_labels = { + service = "frontend-app", + app_name = "", + app_environment = "", + app_namespace = "", + app_version = "", + } + output { + logs = [loki.write.endpoint.receiver] + traces = [otelcol.exporter.otlp.tempo.input] + } + } +``` + +### Helm Chart Links +The link below will take you to the Grafana Alloy chart, providing a comprehensive list of configurable options to help you further customize your setup. + +[Alloy Helm Chart](https://github.com/grafana/alloy/blob/main/operations/helm/charts/alloy/values.yaml) + +--- + +## Enabling Faro Metrics in Fence + +Fence now has built-in Faro metrics. To enable these metrics, you must update your Fence deployment. + +*** Note: you must be using Fence version 10.2.0 or later + +### Step 1: Enable Prometheus Metrics in the Fence Pod + +Update your Fence deployment with the following annotations to allow Prometheus to scrape the metrics: + +```yaml +fence: + podAnnotations: + prometheus.io/path: /metrics + prometheus.io/scrape: "true" +``` + +### Step 2: Enable Metrics in the Fence Configuration + +Modify the FENCE_CONFIG_PUBLIC section to enable Prometheus metrics: + +```yaml +fence: + FENCE_CONFIG_PUBLIC: + ENABLE_PROMETHEUS_METRICS: true + ENABLE_DB_MIGRATION: true +``` + +--- + +## Updating Faro URL in Gen3 Portal + +If you need to change the Faro URL that metrics are sent to, you will need to update the "grafanaFaroUrl" field by modifying the "gitops.json" value in your values.yaml. You can refer to [this link](https://github.com/uc-cdis/data-portal/blob/master/docs/portal_config.md) for more information. + +```yaml +portal: + # -- (map) GitOps configuration for portal + gitops: + # -- (string) multiline string - gitops.json + json: | + { + "grafanaFaroConfig": { + "grafanaFaroEnable": true, // optional; flag to turn on Grafana Faro RUM, default to false + "grafanaFaroNamespace": "DEV", // optional; the Grafana Faro RUM option specifying the application’s namespace, for example: prod, pre-prod, staging, etc. Can be determined automatically if omitted. But it is highly recommended to customize it to include project information, such as 'healprod' + "grafanaFaroUrl": "", // optional: the Grafana Faro collector url. Defaults to https://faro.example.com/collect + "grafanaFaroSampleRate": 1, // optional; numeric; the Grafana Faro option specifying the percentage of sessions to track: 1 for all, 0 for none. Default to 1 if omitted + }, +``` +--- + +By following this guide, you'll have successfully set up Alloy to receive Grafana Faro logs and metrics while exposing the service over the internet using Kubernetes ingress. You’ll also be able to monitor Faro metrics through Fence and make necessary configurations in Gen3 Portal for seamless Faro integration. \ No newline at end of file diff --git a/helm/faro-collector/templates/alloy-config.yaml b/helm/faro-collector/templates/alloy-config.yaml new file mode 100644 index 00000000..0bf02875 --- /dev/null +++ b/helm/faro-collector/templates/alloy-config.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alloy-gen3 +data: + config: | + {{- with .Values.alloy.alloyConfigmapData }} + {{- toYaml . | nindent 4 }} + {{ end }} \ No newline at end of file diff --git a/helm/faro-collector/values.yaml b/helm/faro-collector/values.yaml new file mode 100644 index 00000000..90326bc9 --- /dev/null +++ b/helm/faro-collector/values.yaml @@ -0,0 +1,77 @@ +alloy: + alloy: + extraPorts: + - name: "faro" + port: 12347 + targetPort: 12347 + protocol: "TCP" + clustering: + enabled: true + configMap: + name: alloy-gen3 + key: config + + ingress: + # -- Enables ingress for Alloy (Faro port) + enabled: true + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + ingressClassName: "alb" + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internet-facing + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: ip + labels: {} + path: / + faroPort: 12347 + hosts: + - faro.example.com + + alloyConfigmapData: | + logging { + level = "info" + format = "json" + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://grafana-tempo-distributor.monitoring:4317" + tls { + insecure = true + insecure_skip_verify = true + } + } + } + + // loki write endpoint + loki.write "endpoint" { + endpoint { + url = "http://grafana-loki-gateway.monitoring:80/loki/api/v1/push" + } + } + + faro.receiver "default" { + server { + listen_address = "0.0.0.0" + listen_port = 12347 + cors_allowed_origins = ["*"] + } + + extra_log_labels = { + service = "frontend-app", + app_name = "", + app_environment = "", + app_namespace = "", + app_version = "", + } + output { + logs = [loki.write.endpoint.receiver] + traces = [otelcol.exporter.otlp.tempo.input] + } + } \ No newline at end of file diff --git a/helm/fence/README.md b/helm/fence/README.md index 25586f37..ea03a462 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -199,5 +199,3 @@ A Helm chart for gen3 Fence | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":true},"name":"yaml-merge"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 2f264174..8c515bb3 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -93,5 +93,3 @@ A Helm chart for the gen3 frontend framework | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index e94e4a43..7be42ca8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -164,5 +164,3 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/guppy/README.md b/helm/guppy/README.md index b872e6d4..7cf3ec1c 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -96,5 +96,3 @@ A Helm chart for gen3 Guppy Service | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 4bce3c89..3ebadfc2 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -86,5 +86,3 @@ A Helm chart for gen3 Hatchery | volumeMounts | list | `[{"mountPath":"/hatchery.json","name":"hatchery-config","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 2f81977e..8d7057cb 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -107,5 +107,3 @@ A Helm chart for gen3 indexd | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/lgtm-distributed/Chart.yaml b/helm/lgtm-distributed/Chart.yaml deleted file mode 100644 index 1c6e5d9a..00000000 --- a/helm/lgtm-distributed/Chart.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -apiVersion: v2 -name: lgtm-distributed -description: Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack -type: application -version: 1.0.1 -appVersion: "6.59.4" - -home: https://grafana.com/oss/ -icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 - -sources: - - https://grafana.github.io/helm-charts - - https://github.com/grafana/grafana - - https://github.com/grafana/loki - - https://github.com/grafana/mimir - - https://github.com/grafana/tempo - -keywords: - - monitoring - - traces - - metrics - - logs - -annotations: - "artifacthub.io/license": Apache-2.0 - "artifacthub.io/links": | - - name: Chart Source - url: https://github.com/grafana/helm-charts - - name: Grafana - url: https://github.com/grafana/grafana - - name: Loki - url: https://github.com/grafana/loki - - name: Mimir - url: https://github.com/grafana/mimir - - name: Tempo - url: https://github.com/grafana/tempo - -maintainers: - - name: timberhill - -dependencies: - - name: grafana - alias: grafana - condition: grafana.enabled - repository: https://grafana.github.io/helm-charts - version: "^7.3.9" - - name: loki-distributed - alias: loki - condition: loki.enabled - repository: "https://grafana.github.io/helm-charts" - version: "^0.74.3" - - name: mimir-distributed - alias: mimir - condition: mimir.enabled - repository: "https://grafana.github.io/helm-charts" - version: "^5.3.0" - - name: tempo-distributed - alias: tempo - condition: tempo.enabled - repository: "https://grafana.github.io/helm-charts" - version: "^1.9.9" diff --git a/helm/lgtm-distributed/README.md b/helm/lgtm-distributed/README.md deleted file mode 100644 index 2c00f225..00000000 --- a/helm/lgtm-distributed/README.md +++ /dev/null @@ -1,233 +0,0 @@ -# lgtm-distributed - -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) - -Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| timberhill | | | - -## Source Code - -* -* -* -* -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://grafana.github.io/helm-charts | grafana(grafana) | ^7.3.9 | -| https://grafana.github.io/helm-charts | loki(loki-distributed) | ^0.74.3 | -| https://grafana.github.io/helm-charts | mimir(mimir-distributed) | ^5.3.0 | -| https://grafana.github.io/helm-charts | tempo(tempo-distributed) | ^1.9.9 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| grafana.alerting."contactpoints.yaml".secret.apiVersion | int | `1` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].name | string | `"slack"` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].orgId | int | `1` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.group | string | `"slack"` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.summary | string | `"{{ `{{ include \"default.message\" . }}` }}\n"` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].settings.url | string | `"https://hooks.slack.com/services/XXXXXXXXXX"` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].type | string | `"Slack"` | | -| grafana.alerting."contactpoints.yaml".secret.contactPoints[0].receivers[0].uid | string | `"first_uid"` | | -| grafana.alerting."rules.yaml".apiVersion | int | `1` | | -| grafana.alerting."rules.yaml".groups[0].folder | string | `"Alerts"` | | -| grafana.alerting."rules.yaml".groups[0].interval | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].name | string | `"Alerts"` | | -| grafana.alerting."rules.yaml".groups[0].orgId | int | `1` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].annotations.summary | string | `"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.expr | string | `"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].title | string | `"HTTP 500 errors detected"` | | -| grafana.alerting."rules.yaml".groups[0].rules[0].uid | string | `"edwb8zgcvq96oc"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].annotations.description | string | `"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}."` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].annotations.summary | string | `"Error Logs Detected in Usersync Job"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.expr | string | `"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].title | string | `"Error Logs Detected in Usersync Job"` | | -| grafana.alerting."rules.yaml".groups[0].rules[1].uid | string | `"adwb9vhb7irr4b"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].annotations.description | string | `"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}."` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].annotations.summary | string | `"Hatchery panic"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.expr | string | `"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].title | string | `"Hatchery panic in {{`{{ env.name }}`}}"` | | -| grafana.alerting."rules.yaml".groups[0].rules[2].uid | string | `"ddwbc12l6wc8wf"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].annotations.description | string | `"Detected 431 HTTP status codes in the logs within the last 5 minutes."` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].annotations.summary | string | `"Http status code 431"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.expr | string | `"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].title | string | `"Http status code 431"` | | -| grafana.alerting."rules.yaml".groups[0].rules[3].uid | string | `"cdwbcbphz1zb4a"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].annotations.description | string | `"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}."` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].annotations.summary | string | `"Indexd is getting an excessive amount of traffic"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.expr | string | `"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].title | string | `"Indexd is getting an excessive amount of traffic"` | | -| grafana.alerting."rules.yaml".groups[0].rules[4].uid | string | `"bdwbck1lgwdfka"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].annotations.description | string | `"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found."` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].annotations.summary | string | `"Karpenter Resource Mismatch"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.expr | string | `"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].title | string | `"Karpenter Resource Mismatch"` | | -| grafana.alerting."rules.yaml".groups[0].rules[5].uid | string | `"fdwbe5t439zpcd"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].annotations.description | string | `"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes."` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].annotations.summary | string | `"Nginx is logging excessive \" limiting requests, excess:\""` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].condition | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].datasourceUid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.datasource.type | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.datasource.uid | string | `"loki"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.editorMode | string | `"code"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.expr | string | `"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.hide | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.intervalMs | int | `1000` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.maxDataPoints | int | `43200` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].model.refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].queryType | string | `"instant"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].refId | string | `"A"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].relativeTimeRange.from | int | `600` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].data[0].relativeTimeRange.to | int | `0` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].execErrState | string | `"KeepLast"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].for | string | `"5m"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].isPaused | bool | `false` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].labels | object | `{}` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].noDataState | string | `"OK"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].notification_settings.receiver | string | `"Slack"` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].title | string | `"Nginx is logging excessive \" limiting requests, excess:\""` | | -| grafana.alerting."rules.yaml".groups[0].rules[6].uid | string | `"fdwbeuftc7400c"` | | -| grafana.datasources | object | `{"datasources.yaml":{"apiVersion":1,"datasources":[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]}}` | Grafana data sources config. Connects to all three by default | -| grafana.datasources."datasources.yaml".datasources | list | `[{"isDefault":false,"name":"Loki","type":"loki","uid":"loki","url":"http://{{ .Release.Name }}-loki-gateway"},{"isDefault":true,"name":"Mimir","type":"prometheus","uid":"prom","url":"http://{{ .Release.Name }}-mimir-nginx/prometheus"},{"isDefault":false,"jsonData":{"lokiSearch":{"datasourceUid":"loki"},"serviceMap":{"datasourceUid":"prom"},"tracesToLogsV2":{"datasourceUid":"loki"},"tracesToMetrics":{"datasourceUid":"prom"}},"name":"Tempo","type":"tempo","uid":"tempo","url":"http://{{ .Release.Name }}-tempo-query-frontend:3100"}]` | Datasources linked to the Grafana instance. Override if you disable any components. | -| grafana.enabled | bool | `true` | Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. | -| loki.enabled | bool | `true` | Deploy Loki if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/loki-distributed#values) for full values reference. | -| mimir | object | `{"alertmanager":{"resources":{"requests":{"cpu":"20m"}}},"compactor":{"resources":{"requests":{"cpu":"20m"}}},"distributor":{"resources":{"requests":{"cpu":"20m"}}},"enabled":true,"ingester":{"replicas":2,"resources":{"requests":{"cpu":"20m"}},"zoneAwareReplication":{"enabled":false}},"minio":{"resources":{"requests":{"cpu":"20m"}}},"overrides_exporter":{"resources":{"requests":{"cpu":"20m"}}},"querier":{"replicas":1,"resources":{"requests":{"cpu":"20m"}}},"query_frontend":{"resources":{"requests":{"cpu":"20m"}}},"query_scheduler":{"replicas":1,"resources":{"requests":{"cpu":"20m"}}},"rollout_operator":{"resources":{"requests":{"cpu":"20m"}}},"ruler":{"resources":{"requests":{"cpu":"20m"}}},"store_gateway":{"resources":{"requests":{"cpu":"20m"}},"zoneAwareReplication":{"enabled":false}}}` | Mimir chart values. Resources are set to a minimum by default. | -| mimir.enabled | bool | `true` | Deploy Mimir if enabled. See [upstream values.yaml](https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml) for full values reference. | -| tempo.enabled | bool | `true` | Deploy Tempo if enabled. See [upstream readme](https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/README.md#values) for full values reference. | -| tempo.ingester.replicas | int | `3` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/lgtm-distributed/templates/NOTES.txt b/helm/lgtm-distributed/templates/NOTES.txt deleted file mode 100644 index 482f35c8..00000000 --- a/helm/lgtm-distributed/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Release name should be limited to 25 characters to not exceed the resource name limits of 63 characters. diff --git a/helm/lgtm-distributed/templates/_helpers.tpl b/helm/lgtm-distributed/templates/_helpers.tpl deleted file mode 100644 index 4c1d430f..00000000 --- a/helm/lgtm-distributed/templates/_helpers.tpl +++ /dev/null @@ -1,18 +0,0 @@ - {{/* -Create a default fully qualified app name without trimming it at all. -If release name contains chart name it will be used as a full name. -This value is essentially the same as "mimir.fullname" in the upstream chart. -*/}} -{{- define "mimir.fullname" -}} -{{- if .Values.mimir.fullnameOverride -}} -{{- .Values.mimir.fullnameOverride | trunc 25 | trimSuffix "-" -}} -{{- else -}} -{{- $name := .Values.mimir.nameOverride | default ( include "mimir.infixName" . ) | trunc 25 | trimSuffix "-" -}} -{{- $releasename := .Release.Name | trunc 25 | trimSuffix "-" -}} -{{- if contains $name .Release.Name -}} -{{- $releasename -}} -{{- else -}} -{{- printf "%s-%s" $releasename $name -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/helm/lgtm-distributed/values.yaml b/helm/lgtm-distributed/values.yaml deleted file mode 100644 index 24a0a422..00000000 --- a/helm/lgtm-distributed/values.yaml +++ /dev/null @@ -1,352 +0,0 @@ ---- -grafana: - # -- Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. - enabled: true - - # -- Grafana data sources config. Connects to all three by default - datasources: - datasources.yaml: - apiVersion: 1 - # -- Datasources linked to the Grafana instance. Override if you disable any components. - datasources: - # https://grafana.com/docs/grafana/latest/datasources/loki/#provision-the-loki-data-source - - name: Loki - uid: loki - type: loki - url: http://{{ .Release.Name }}-loki-gateway - isDefault: false - # https://grafana.com/docs/grafana/latest/datasources/prometheus/#provision-the-data-source - - name: Mimir - uid: prom - type: prometheus - url: http://{{ .Release.Name }}-mimir-nginx/prometheus - isDefault: true - # https://grafana.com/docs/grafana/latest/datasources/tempo/configure-tempo-data-source/#provision-the-data-source - - name: Tempo - uid: tempo - type: tempo - url: http://{{ .Release.Name }}-tempo-query-frontend:3100 - isDefault: false - jsonData: - tracesToLogsV2: - datasourceUid: loki - lokiSearch: - datasourceUid: loki - tracesToMetrics: - datasourceUid: prom - serviceMap: - datasourceUid: prom - - - alerting: - rules.yaml: - apiVersion: 1 - groups: - - orgId: 1 - name: Alerts - folder: Alerts - interval: 5m - rules: - - uid: edwb8zgcvq96oc - title: HTTP 500 errors detected - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum by (cluster) (count_over_time({cluster=~".+"} | json | http_status_code="500" [1h])) > 0 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - summary: 'Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}' - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: adwb9vhb7irr4b - title: Error Logs Detected in Usersync Job - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum by (cluster, namespace) (count_over_time({ app="gen3job", job_name=~"usersync-.*"} |= "ERROR - could not revoke policies from user `N/A`" [5m])) > 1 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}. - summary: Error Logs Detected in Usersync Job - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: ddwbc12l6wc8wf - title: Hatchery panic in {{`{{ env.name }}`}} - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum by (cluster) (count_over_time({app="hatchery"} |= "panic" [5m])) > 1 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}. - summary: Hatchery panic - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: cdwbcbphz1zb4a - title: Http status code 431 - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum(count_over_time({cluster=~".+"} | json | http_status_code="431" [5m])) >= 2 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: Detected 431 HTTP status codes in the logs within the last 5 minutes. - summary: Http status code 431 - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: bdwbck1lgwdfka - title: Indexd is getting an excessive amount of traffic - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum by (cluster) (count_over_time({cluster=~".+", app="indexd", status="info"} [5m])) > 50000 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}. - summary: Indexd is getting an excessive amount of traffic - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: fdwbe5t439zpcd - title: Karpenter Resource Mismatch - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: | - sum by (cluster) (count_over_time({namespace="karpenter", cluster=~".+"} |= "ERROR" |= "not found" |= "getting providerRef" [5m])) > 10 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found. - summary: Karpenter Resource Mismatch - labels: {} - isPaused: false - notification_settings: - receiver: Slack - - uid: fdwbeuftc7400c - title: Nginx is logging excessive " limiting requests, excess:" - condition: A - data: - - refId: A - queryType: instant - relativeTimeRange: - from: 600 - to: 0 - datasourceUid: loki - model: - datasource: - type: loki - uid: loki - editorMode: code - expr: sum by (app, cluster) (count_over_time({app=~".+", cluster=~".+"} |= "status:error" |= "limiting requests, excess:" [5m])) > 1000 - hide: false - intervalMs: 1000 - maxDataPoints: 43200 - queryType: instant - refId: A - noDataState: OK - execErrState: KeepLast - for: 5m - annotations: - description: 'More than 1000 "limiting requests, excess" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.' - summary: Nginx is logging excessive " limiting requests, excess:" - labels: {} - isPaused: false - notification_settings: - receiver: Slack - contactpoints.yaml: - secret: - apiVersion: 1 - contactPoints: - - orgId: 1 - name: slack - receivers: - - uid: first_uid - type: Slack - settings: - url: https://hooks.slack.com/services/XXXXXXXXXX - group: slack - summary: | - {{ `{{ include "default.message" . }}` }} - - -loki: - # -- Deploy Loki if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/loki-distributed#values) for full values reference. - enabled: true - -# -- Mimir chart values. Resources are set to a minimum by default. -mimir: - # -- Deploy Mimir if enabled. See [upstream values.yaml](https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml) for full values reference. - enabled: true - alertmanager: - resources: - requests: - cpu: 20m - compactor: - resources: - requests: - cpu: 20m - distributor: - resources: - requests: - cpu: 20m - ingester: - replicas: 2 - zoneAwareReplication: - enabled: false - resources: - requests: - cpu: 20m - overrides_exporter: - resources: - requests: - cpu: 20m - querier: - replicas: 1 - resources: - requests: - cpu: 20m - query_frontend: - resources: - requests: - cpu: 20m - query_scheduler: - replicas: 1 - resources: - requests: - cpu: 20m - ruler: - resources: - requests: - cpu: 20m - store_gateway: - zoneAwareReplication: - enabled: false - resources: - requests: - cpu: 20m - minio: - resources: - requests: - cpu: 20m - rollout_operator: - resources: - requests: - cpu: 20m - -tempo: - # -- Deploy Tempo if enabled. See [upstream readme](https://github.com/grafana/helm-charts/blob/main/charts/tempo-distributed/README.md#values) for full values reference. - enabled: true - ingester: - replicas: 3 - \ No newline at end of file diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4236568c..11fc1f39 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -85,5 +85,3 @@ A Helm chart for Kubernetes | volumeMounts | list | `[{"mountPath":"/var/gen3/config/","name":"config-volume","readOnly":true}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 294abb91..c9553ba9 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -124,5 +124,3 @@ A Helm chart for gen3 Metadata Service | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/observability/Chart.yaml b/helm/observability/Chart.yaml new file mode 100644 index 00000000..67ac2013 --- /dev/null +++ b/helm/observability/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +name: lgtma-chart +description: A Helm chart for deploying the LGTM stack with additional resources + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" + +# Dependencies +dependencies: + - name: lgtm-distributed + version: "2.1.0" + alias: lgtm + repository: "https://grafana.github.io/helm-charts" \ No newline at end of file diff --git a/helm/observability/SETUP.md b/helm/observability/SETUP.md new file mode 100644 index 00000000..206a71fb --- /dev/null +++ b/helm/observability/SETUP.md @@ -0,0 +1,298 @@ +# Observability Helm Chart + +## Overview + +This Helm chart provides an all-in-one solution for deploying Mimir, Loki, and Grafana to your Kubernetes cluster, enabling a complete observability stack for metrics, logs, and visualization. + +### Grafana: +A leading open-source platform for data visualization and monitoring. Grafana allows you to create rich, interactive dashboards from a variety of data sources, making it easy to analyze metrics and logs from your systems. + +### Mimir: +Grafana Mimir is a highly scalable time-series database optimized for storing and querying metrics. It enables powerful alerting and querying for real-time monitoring of your infrastructure and applications. + +### Loki: +Grafana Loki is a log aggregation system designed to efficiently collect, store, and query logs from your applications. It works seamlessly with Grafana, providing an integrated way to visualize logs alongside metrics. + +By deploying this Helm chart, you'll set up these three components together, allowing you to monitor your systems and applications comprehensively with metrics from Mimir, logs from Loki, and dashboards and alerts in Grafana. +## General Architecture + +The Alloy Helm chart can be deployed across one or more environments or clusters. In this setup, Loki and Mimir are configured with internal ingress resources, enabling Alloy to send metrics and logs securely via VPC peering connections. Both Loki and Mimir write the ingested data to Amazon S3 for scalable and durable storage. This data can be queried and visualized through Grafana, which is hosted behind an internet-facing ingress. Access to Grafana can be restricted using CIDR ranges defined through the ALB ingress annotation: alb.ingress.kubernetes.io/inbound-cidrs: "cidrs". Additionally, the chart supports SAML authentication for Grafana, configured through the grafana.ini field, ensuring secure user access. + +![Grafana Architecture](image.png) + +### Fips compliant images + +Gen3 provides FIPS-compliant images, which are set as the default in the values file for Grafana, Mimir, and Loki. These images are self-hosted and maintained by the Gen3 platform team, ensuring secure and compliant operations. While the platform team manages image upgrades, the service versions will be updated as needed to align with operational requirements and best practices. + +### Helm Chart Links +The links below will take you to the Grafana LGTM chart, as well as the Grafana, Loki, and Mimir charts, providing a comprehensive list of configurable options to help you further customize your setup. +#### Link to lgtm Helm chart +- [LGTM Helm Chart](https://github.com/grafana/helm-charts/tree/main/charts/lgtm-distributed) +#### Full Configuration Options for all Components +- [Grafana](https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml) +- [Loki](https://github.com/grafana/helm-charts/blob/main/charts/loki-distributed/values.yaml) +- [Mimir](https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml) + +### Affinity Rules + +The affinity rule in the values.yaml file controls pod scheduling to specific nodes or zones. By default, pods are restricted to nodes in us-east-1a using a node label (topology.kubernetes.io/zone). + +Customize these rules to align with your cluster’s zones or labels to ensure pods can schedule properly. Mismatched configurations can lead to scheduling failures. + +```yaml + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a +``` + +### IRSA Role Setup + +This Helm chart automatically creates a service account named "observability" for use with Loki and Mimir. To ensure proper access to the storage buckets holding Loki and Mimir data, you’ll need to associate an AWS IAM Role with this service account. Configure the role with the necessary permissions to access the relevant S3 buckets, and then provide the role’s ARN in the appropriate section of your values.yaml file. + +```yaml +lgtm: + # -- (map) Configuration for IRSA role to use with service accounts. + role: + # -- (string) The arn of the aws role to associate with the service account that will be used for Loki and Mimir. + # Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + arn: +``` + +## Configuring Grafana + +When configuring the Grafana, you will need to update the hosts section of the values.yaml file to match the hostname you plan to use. For example, replace "grafana.example.com" with your desired hostname. + +### Ingress + +Grafana will require an internet-facing ingress in order to access the visualizations, alerts, etc. It is highly recommended that you uncomment and adjust the annotations provided for AWS ALB (Application Load Balancer) to fit your environment (if deploying via AWS). These annotations will help ensure proper configuration of the load balancer, SSL certificates, and other key settings. For instance, make sure to replace the placeholder values such as "cert arn", "ssl policy", and "environment name" with your specific details. Access to Grafana can be restricted using CIDR ranges defined through the ALB ingress annotation: alb.ingress.kubernetes.io/inbound-cidrs: "cidrs". + +```yaml +grafana: + ingress: + # -- (bool) Enable or disable ingress for Grafana. + enabled: true + # -- (map) Annotations for Grafana ingress. + annotations: + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internet-facing + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: 'ip' + # alb.ingress.kubernetes.io/inbound-cidrs: + # -- (list) Hostname(s) for Grafana ingress. + hosts: + - grafana.example.com + # -- (string) Ingress class name to be used (e.g., 'alb' for AWS Application Load Balancer). + ingressClassName: "alb" +``` + +### Built-in Gen3 Alerts + +This Helm chart comes equipped with built-in Gen3 alerts, defined in the 'alerting' section of the values.yaml. These alerts enable you to immediately leverage your logs and metrics as soon as Grafana is up and running. + +### Built-in Gen3 Dashboards + +We'll soon be releasing Gen3 dashboards, providing users with Gen3-specific visualizations. Please check back here to see if they have been released. + +## Configuring Mimir + +When configuring the Mimir, you will need to update the hosts section of the values.yaml file to match the hostname you plan to use. For example, replace "mimir.example.com" with your desired hostname. + +### Ingress + +Mimir will require an internal ingress in order to access the visualizations, alerts, etc. It is highly recommended that you uncomment and adjust the annotations provided for AWS ALB (Application Load Balancer) to fit your environment (if deploying via AWS). These annotations will help ensure proper configuration of the load balancer, SSL certificates, and other key settings. For instance, make sure to replace the placeholder values such as "cert arn", "ssl policy", and "environment name" with your specific details. + +```yaml +mimir: + ingress: + # -- (map) Annotations to add to mimir ingress. + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internal + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: ip + # -- (bool) Enable or disable mirmir ingress. + enabled: true + # -- (string) Class name for ingress. + ingressClassName: "alb" + # -- (map) Additional paths to add to the ingress. + paths: + # -- (list) Additional paths to add to the query frontend. + query-frontend: + - path: /prometheus/api/v1/query + # -- (list) hostname for mimir ingress. + hosts: + - mimir.example.com +``` + +### Storage Configuration + +The structuredConfig section in Mimir’s configuration defines how backend storage is set up to persist metrics and time-series data. This configuration ensures that data is safely stored and retrievable over time, even if Mimir instances restart or scale. + +If you are utilizing Amazon S3 for storage, make sure to uncomment "bucket_name" and input a value. + +```yaml +mimir: + # -- (map) Structured configuration settings for mimir. + structuredConfig: + common: + storage: + # -- (string) Backend storage configuration. For example, s3 for AWS S3 storage. + backend: s3 + s3: + # -- (string) The S3 endpoint to use for storage. Ensure this matches your region. + endpoint: s3.us-east-1.amazonaws.com + # -- (string) AWS region where your S3 bucket is located. + region: us-east-1 + # # -- (string) Name of the S3 bucket used for storage. + # bucket_name: +``` + +### Mimir Components +Mimir is a high-performance time-series database, typically used for storing and querying metrics. +1. **Alertmanager** + - **Pods**: `grafana-mimir-alertmanager-*` + - **Purpose**: Manages alert notifications and routing. + - **Function**: Sends alerts to different channels like email, Slack, etc., based on defined rules. + +2. **Compactor** + - **Pods**: `grafana-mimir-compactor-*` + - **Purpose**: Compacts time-series data to optimize storage. + - **Function**: Periodically reduces the size of stored metrics by merging smaller chunks. + +3. **Distributor** + - **Pods**: `grafana-mimir-distributor-*` + - **Purpose**: Accepts incoming metric data and distributes it to ingesters. + - **Function**: Acts as a load balancer for metric ingestion. + +4. **Ingester** + - **Pods**: `grafana-mimir-ingester-*` + - **Purpose**: Temporarily holds and processes incoming metric data. + - **Function**: Ingesters store time-series data in memory before flushing to long-term storage. + +5. **Querier** + - **Pods**: `grafana-mimir-querier-*` + - **Purpose**: Handles metric queries. + - **Function**: Retrieves time-series data from ingesters and long-term storage for queries. + +6. **Query Frontend** + - **Pods**: `grafana-mimir-query-frontend-*` + - **Purpose**: Coordinates and optimizes query execution. + - **Function**: Distributes query workloads to ensure performance and efficiency. + +7. **Query Scheduler** + - **Pods**: `grafana-mimir-query-scheduler-*` + - **Purpose**: Schedules query jobs across queriers. + - **Function**: Ensures balanced query processing across components. + +8. **Ruler** + - **Pods**: `grafana-mimir-ruler-*` + - **Purpose**: Evaluates recording and alerting rules. + - **Function**: Generates time-series data or alerts based on predefined rules. + +9. **Store Gateway** + - **Pods**: `grafana-mimir-store-gateway-*` + - **Purpose**: Provides access to long-term storage. + - **Function**: Optimizes retrieval of historical data from object stores. + +## Configuring Loki + + +When configuring the Loki, you will need to update the hosts section of the values.yaml file to match the hostname you plan to use. For example, replace "loki.example.com" with your desired hostname. + +### Ingress + +Loki will require an internal ingress in order to access the visualizations, alerts, etc. It is highly recommended that you uncomment and adjust the annotations provided for AWS ALB (Application Load Balancer) to fit your environment (if deploying via AWS). These annotations will help ensure proper configuration of the load balancer, SSL certificates, and other key settings. For instance, make sure to replace the placeholder values such as "cert arn", "ssl policy", and "environment name" with your specific details. + +```yaml +loki: + ingress: + # -- (map) Annotations to add to loki ingress. + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internal + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: ip + # -- (bool) Enable or disable loki ingress. + enabled: true + # -- (string) Class name for ingress. + ingressClassName: "alb" + # -- (list) Hosts for loki ingress. + hosts: + # -- (string) Hostname for loki ingress. + - host: loki.example.com +``` + +### Storage Configuration + +The structuredConfig section in Loki’s configuration defines how backend storage is set up to persist log data. This configuration ensures that logs are safely stored and retrievable over time, even if Loki instances restart or scale. + +If you are utilizing Amazon S3 for storage, make sure to uncomment "bucketnames" and input a value. + +```yaml +loki: + # -- (map) Structured configuration settings for Loki. + structuredConfig: + common: + # -- (string) Path prefix where Loki stores data. + path_prefix: /var/loki + storage: + # -- (null) Filesystem storage is disabled. + filesystem: null + s3: + # -- (string) AWS region for S3 storage. + region: us-east-1 + # # -- (string) S3 bucket names for Loki storage. + # bucketnames: +``` + +### Loki Components +Loki is used for log aggregation, querying, and management. Each Loki component has a specialized role in the log pipeline. +1. **Distributor** + - **Pods**: `grafana-loki-distributor-*` + - **Purpose**: Accepts log entries and forwards them to ingesters. + - **Function**: It load-balances logs from sources and ensures efficient distribution to ingesters. + +2. **Gateway** + - **Pods**: `grafana-loki-gateway-*` + - **Purpose**: Acts as an API gateway or entry point for requests. + - **Function**: Can be used for proxying queries to the appropriate backend components. + +3. **Ingester** + - **Pods**: `grafana-loki-ingester-*` + - **Purpose**: Receives and stores log entries in chunks. + - **Function**: Ingesters temporarily hold logs in memory and periodically flush them to storage (like S3 or other object stores). + +4. **Querier** + - **Pods**: `grafana-loki-querier-*` + - **Purpose**: Handles log queries from users. + - **Function**: Retrieves logs from ingesters and long-term storage for querying purposes. + +5. **Query Frontend** + - **Pods**: `grafana-loki-query-frontend-*` + - **Purpose**: Distributes and coordinates queries. + - **Function**: Splits large queries into smaller ones for faster execution by the queriers. \ No newline at end of file diff --git a/helm/observability/image.png b/helm/observability/image.png new file mode 100644 index 0000000000000000000000000000000000000000..7ed5d6ac93764c9f17cd6fb8dcafef69664c896c GIT binary patch literal 98453 zcmdSBg;O0tvp0Os!QCZza3@G`4G`Sj-Ccsq0TSHZU4y&3ySuwXaEFiQ)_be&^Cx`O zwKcP|GQB<1-M{Ug-4J@X*+z~NRmoSx)0nmQdVFAD(3jpMQPWjyMJ~sdWA{z*R_$-0{Y0C!v?@^FUHpKtd zfx-VdQ5f``2>=KJBt(Ri-GFC0FyQ$9JKxpHnF4XFY8*&WsMdkVP>O1?>ONa^DZ{ej zD?7swhWm=@K5T>m?7RU`vA&Q3BvyX0b5qCN$IJNHnRjcWXX9eS+IZK-qUk}JJL~3{ z-G=8)CS4#2yE^=T6Ppy!wN~z2SPJ;xBnm`GwHB+w{J%8h55i_M5hBO$SM2(~3{YCh`AevI_J6KWuK$@6^#q(qk(fk5$X0EQzcKf*6zN6x0sgcTDNzq&ry$ zRVf>%8U9DK@R6X2>S=dfd#Ljss1y4s=UsAP23EM#yk@(oM9?rM=fiO@?$}=B4gV@P z$*_Ge+X-oS)1poJMm$wS`g{ zUPyL3iCF|d@X3&Yms}VYC0BL>BUnhO1^g(=f#85*jhEuKk zU4aX^FZU)Z(w3_qsb3?#jX!&lkH#Fj2q0auXkI6RASYq99B4u`~G`YyY7$bwM zMV=xU$BNOLOyaiF%x^kb{>|h2u=~kveSLk6{q~RJ#mcPbg0S7a@chv*i*$!{cjrSV z89G{@G?!g2h+os(Vs$I?FIl9-@0>3==bnMI_vSS6UYJ9JoEl!rBQ_ygl{Tvb*GOx& z12%8GqieDl0>9W`E#%loK@a{&L9# z`NNi)AdR@O`Le1P*>RHZ1B}kn=aXEkR-sKLM&zEatgJkQt!4cc0vb`?0*6UAF&INs zB<`V1qjoP|NjB!~epT+G?MC+L=`c%$e}c2H?7o;L`gFLB?m<8?-aE$Iejxlyh>yi{ z(Ye!qG^$_1Pdh5EU!q_wk((;pV(Pv$-%Gq+`D3Z3LveqL8!FKQu@nbK#8%iefu7Nw4I6 z;0x7IoBK@xFc6zchFd<7UV~K6_pNj+<*IH~^U1gWiYCbRY$;cRp5J zc3HIn)~Sx{4Vw*zF?CR5P|3#2QVb^CA<*(P0y7m%^Pli3M~nX&JwfA z^`2*-y8HimhwL}ZBj+h&!O6x+6uXAHwRtxCHOUfyxh8LUW2jWTj81{BFn;XJHNU7s ziC_!EL&+Ea;ZDG@6Ld1Bggi-Xv+) z@s#NGuM=hO?O_w<@c8Q&Zf6p(oCv$RZ}ghWDj$o-Em4ifuX>RxCnh`!`_Q2}i>#5M z7_$A6qDMaxjY zabW=(wddu@TDeF1&v1Pjm^4rZa;kU-v4HhPIzW_aO+}2b@T9*$@@x9>0t3BYwPaHG z()W~AkuGDO@Iyq*#<%CiPUv8F)V0iDHn!h;&Az-$K|~&H%BqQ_p5dJ?Htl7at+I&> zS~O97_hrgzYNJc%uJK$>2Q+U5eh@H{eBtKoY>)-OCq#T^>5Ari!>ea+^xqlOps$+M zL>#tdyf0_U(uzxOe}+$Xqs(Xk3yr>=ZXQTg#apsd#(r_N^^Q&(pQH6Muj9H-7A5db z{_INO5)(Lm>Hi4i^;<2$LB_5+EG$}X{0}&A{sr&cLh4qTQ(q(Q@m)>~9CA{yU$dS6 zr{*m0{lx34PM5_islMhu2>qCq1*vG*&BZ3R7C$|2cP|j%Hk#N+oiu@ut{UA}I@8^h zwhNgOQ<@wxj`BQ1e7W%ww)yoM-=r_P`}+CsBJ&gCk2QJ!G|^gUuMGT-Y3FS7ND>-o z?;;--b9rBi1<$>1vAwfexwy{vJNE7icMCug9rOdEEuakdt~mEw*c2D{L`ch0oH4xf z-MbjEH{=dT1e0`0UV|?OAh-OMB6C{{Lmd^qu$oGJ`ED8C_Wpbd_1o5adlO<9@VK7^$ckkuWOc=$o{1$Rck$_;OF%Ev=b2*JVlhKs3?A9+iWBh(HiF~1 z|0KcOa{t~=?b5g8O#u1@AI-)1wllcWq1J!fv2bA0#%ifiIu_TM@Swz=XJ6 z?(LAUc{ehxKrV|2)vs%juq;Nb+x>4v#h;yrjv*_I6uuX_Wv9t?bbUz^q-A%!&CdYB%Z>wT7Ssz(_!jRTwgbH*y5KGyfAu8=y=J??GwUjW5%X43^sW%e|LnFW3^_==-YBx) zi?SJbvqk$wz_e6EJG1R(0&&@VHsYV8CQXnoMr@U~wAp_wGS&-mzXM{6T|W-QnUljr z`SImbPLp@(Cw}=vFpIf@vO-Eu`KMfU&@Sn*41o`L3nZmDKk%uM%tzvJsNe>Q9xnn= z3cHgjTsjS4v^f!BI$}}v2h5t!APZBo zNj@;GK3Mfbysh>}=11nhD_k)8lNm)iU-CIP81r8iH1V?tzw4wryQj(8?4DLnOp)E0 zAJ6i7D;}FvB1D0pfT`iJoHB^kRioV0z8ph=$&gh*aoF?@-$t=g>OrCLKj&7r%fezE zIk1G!mO7Li747nhilJ+6M0XJSUtI@odbgSU&_wZxj`+(LiyCi>%fN;V;l?xhV0>hg zE4h&SIe0y%2;3~6Sx%BBRE|(D1xWnR-=O~04@AGKoGP>2Sp~$hzV4;%Y|$x?Xj|J{ zj%LhPhwfFGa4Y4$Pu7VaG@bSGm7 zJAdge11Q){KIFx=>4MaLcuuegBgVh4774n@=Vup$x!410| zYU&Lc@L`Ki*npq+x9i=i!@_Bj2q6dr1(7Nq+fQunDcc^zQ7l_)=_kNYU>+CPDc$YN z=~Jgb%>)H*Wy75@ru0EgfQc{$0ugi(lr=RDHIZt+BT-;eE+;+uC62*nOUZ*y68$!Fv zY_>!S+NQWg`yA(imB@i%9R3f{9Rk#E`V z3E!70IR&aN?Wc`yu~_dkJOu@0+LT05riQg(iI{?;4@|`mr+XTwikGa5)snXs z^^i)+czSp}_X90>`f~0`3f@Z3bII4jy5yRQLZOqtmIaU=5glM+1R7~waV#i(Qny@g z0FJf-PQ?7lA2f?mM+br(5iwimV8G~r+HKXXMTbE4q5knWzw%!I#|sKq%3OItYG?|F z=2;v24_O-d`0S9pc%YPN?vTiL{zInK#|bY^@lnUkCw%=ddj6&=Sk*yP9X9Ik)L zT1b^p0GXT_a4}ySKvq)PAFC5)vvxt@H!Sg*nXI+u@7zw$cKuv8;#?lbqG^HKe6!ut z_n|-e1yQ*|Z6B!ese&<#T=9@=X9D?OD6p$>*GW>;@71X>k1(g|&J7GKip9jTd$qV5 zMT52^rSnd1Rm=`a7N&?(xD~EsioT*Ms6$d=oi28vQi|%%iOj_P4oTv7&9Eyp8(-(Z zh~{!pUOTw1o?H?0yIA>H5v%W!8((**HsGQ1qYT|@!@oez&Ih7fbz7Nz>k3Jy0{wN~ zqRCGu;OLS~)A}JVdz+-ca}7S-118b%OFANc}!w~Mo0m^)C5x}*ws!J$-1(Cn-}?u}H> z(|aqv$RV1-7Sj_EatbkH)nT}uuyz0KG(}6ku!w>Z@f$$Pfk5cTN?fs(3y3LLQVg8e zVh0avK!S>-{Rk*Qg|V@KF}SIV*o~Y68%Bk~v9mWuF~9r!&cv3ObKj?9mI!SG>n1=D zO@h_l9(VO`71y(A5jL@^KDUyt5D!aDweh)#G_fI>++|cgT=##$-lH1Gx~%fRERs-d z2(p<;M*hK{X78!2d7F8cX|5-)HeSN`!Y_vTC@<2^k8W_t%er`$_q(Yx;L;c#uXShxCX%f3!w z3|*~!ofgG-$6q;HP<@3@V{$Z0AcJRg_)P!uzPJ)w-SIjImjLFIKT$LMVouseHCy;r zS$|n|HLE0eSKstTF_0}j0a>(xE`$~Ut!hW-K-jD}=bD?Tv;y`Uy0zdxY!aRT6N88C zx_oV*8;t#C z+_h#LJ(U6xyl9i@!^q;kWOPCE`FJ4#h(a=OLP)nDV}cR zpbo_H&UR%Kyi#sN`pl!cBW=D!pVaukr>Sl`>m^xqLM~m3gV2Zoc;Avl@E0K@&J_Au zMmL`JdINmDdePW@qm{xCd?PZMac~7*4&c3R?qfwuWFe`w)LbRggWmMd&_2pBLT1pW~Ti zvy{kk8KYgZ-29F#rsty$@VaCAVAbPJ{k?Kd0X2cr(DYuog|LA_wvr$QPj1jcz4s9; z=b~y8Txt`1P(E$W7lgulV={Sz$or z738Sl&o6m}WHGe@tP2%s?101rbm(!lop__j5;wSAFG&5-X@TK04_pV#)r zoK30paa!CRi~v$Pj2vOL6QK*l@%?boOrkCk<;V_xfQwa3=#cRWJyV2GdwrEju8QJ) z+{%DQP2;S)AP)I$&{zW534VsQv^w3N5~do-6%E_Va4qa!ejouCnC<_;(T(QV^pXoi z!l%FV;nkVo+Q)1@NIku3B?mUBeDoRi-V+LMU;Hv|#iwv*pxACJIg~vl4S$;s?8y-< z0)Iwh348w7P}>F{b8@17Q_xUcH;X#zLk&wD4dq`AE}g`^!|tIt+gIknbnDf;?{7HD zX>A;db#NQ9-TBfImRe_s);K5R5JSw`96YB(X7A{8l(E#NVX|)hu{$&;)NO%UA5c@b zoSy@D(QGLH8Hs+E5uS_tw7vhl z-Rs}KfA_0;BV(}W5`o{^>E532Ad=yStt#8ULcm1EBC+F!+KCu1I`E8)b8J$Ss+Rxs zXfgB?$8m9s{sXUx8E13ujQ7%rAP=DZdaE-8ML%dXKgeZ=J+xDcAm60)cgi9=#M%ma z9q2X(F8N-+m95rtiDg*!Qh1R#9FODuvs_0jOvY328q(%!I}rkRR7eNYYB`C{vQ9BE zF+77a07D!#pi>fs!q?vrM|GPGWX}I8Z4=k}a{Q77Qkodqs}Q`G;mQR7G47JXsVAtz z@xS#O;zu>g7w92r}j%Ek1k{C<8WiMlF#rhikM$+C(+bqjA)h zmJHbq(fb`6qO~1r5jJ^lv7&t16mAZgCu=9z+?O9x2B3&aWpU3L(+=%?RuxZi(@}r6 zDo!lw_8Jngq(-XH`TIq#i}s5lm;JxBulD6_Q#!pkm(JgfW-wQ#kwyM2kS-?$ZILQ% zJ?e8x{UjJ9yF?S@ave{(ao*vI`%u&KCjWc~tOcP7zH!;*y%$22nKY>Tn56A-Oq^d>2(4XIzL)8F5zWxJmhJ|(iQ=tg zIo-f)p}%1hwH^*ST9n;%QqJ0nx`{#hBj%SLKp9JtVWPL;>Q7ONF;F%Clpc`%1(pjp zwL4}qRv2+41!-w{ua}WOIO2+=|Cc#_TY9eWEuUJ*Iv5tQZ}| z06DL7+iw^fs(MW3IUy#b9jJkNLGtE@<v_=}WX)$Pb=7UEts>lh z*0ESov$)|Y{uaS85;V&nE5+EXJi-6sdcFDa;{!e2-q9*TJZ-;ft z@!H~ZCSBzHh4y}~sd;p0PV>nwiFlPUbdU6~Qn!+2n>sy7w?3{B#(HDdG$lBeX)8wY zF^-n$K`NUb(6tBQ<}VHhku%-Dt)Mr%!Z}9K1uduX<`L0zJ9LUcKrr!>rXxsPz zP^XC`#G9)KSMATx8pkLHgqYA!*!7IeWQ|AR-ggNnVj}@n=WJ0&<4hUvH3Z@f z{7ZL=-epA&{7G+CA%jOG^XhEvg80iadsZ7m`Whf^EBy~r(nt0ccdSi!T!DEFoiIt8 zdOXFDm)7RwaZ9vXEd2Uo=k_2&cI~R!*zP^`S4s|hi!DS*A@33aF67AlkBe1f%{Bv)qaz18B;rP%> z5%}g*cK2EG=9b~QNY!wo>S&8MU54b_kQhSCdge>Ck zUh9O8$HWuyAs7#VKC{I8bvKhS%tj4he>W&WrSI`QRKx48o7pqy>Z0*(k>FwJ@Dd}L zIJH%Lod}S_rc(@XcV7LkXaj*-`DODD+mlb-MrM~4jFTid%pNo&c!Vu>%ObIyclXd| zdr+D!YGqGnfDm+ZhE^hSVw+UlO?jDcJKGvKsbuZAS<81K(({Fcj#^( z_-K34VnW>c_G}e1M&W#2s?BL2>e4ga8IKXg^}|Gr6;qDy^>>+e^AFXYv9924GIH>G z0RczTl)f&cY+FO5#%#UdLzCEqh5bKHxP|UZZNAsZ9Aby7VKSXZeQ!Hqpd!g(b_kpK za82bh=~&Yq=hdKolL7$&T<%!C$I^&^QlWGVU1eL1#NVH#okexCCrm)7pFe*yLQrD2 z*_?;69W&qmtf0>BAPc%|mcIPHMKkN<)G5IWAngbc2pvCKAcg0_V>D?8aiHd+mNx5C z0u(sThANP);urC)FmAIhqPmu zWXtCDWWp$YfvIIWF_g;H9FBrO&=;zp#ymXVaqvYTmSM z@(;>#FRs=y{0^3O^{dvWfZ*Syz5Fjd)h6vp~%x~T_rrwiSDpCgoZ1suUrVr`cv}okh zE^!K&hg`k`6-rjuMV-YsA9tkI#v<_y*m!1js=jGCB+%Z_R%-cQ@Rr3g#DMn2Z#P+S zLttjb&S~-z_&JI1K6m>_=>7~8HrUyBm4|zxU3XlIEkl;5jH6Q3oS9YKKKxJz$v zvA9_P2|vR6FQmws$^@B%LKt0`e&~0J(#y#koE{4YGR{6HQ1^0;xnO7+0ws%&Fz{IZq$!+g(bQF}v7d&e z_=FY&?IGV?26^n4e{;!Uk@zq=5sl{>u6Y2#xKBPieok_kE0QZFdJAAb9bo-Bp3~St zf`|_nk6fcD;=!uTNWMxxq^(tb-v)>+a7A$^=LOH6T#hnXm3DskoSPhLC{&cazu#4U z6w!lt%HK18EmX$f{Je#A+3HhE;=b&oUKv5hmUsS~H(p9k^@4_rUUIlDBrXwM z_16a>u^}*y(^#TpxZGI57(94%4=O1H9P+Rlt9Ih4l_qBC;ko{YCi@^eI5ogo;4A8) z;Rd7jX>NI{F6DmHqwHwM9)ZH#Pq49IEDf?y3{ZYf!;m+07ZrVQ_ z5g3lP8DSuPEqYwxQXD@8auAM`N2d~#qKIDiDAxz`$MiHsSj#f?A5oxBm}&l48QIA% z*|dBbJ_gnZM>1^)nc0t8mmFUWbei}5>yX@K;pmF2MS&6H-kiOR}@0J3j?FMW~&|= zb2&m$E%!zJuj{TUL)4R01OAQ>(ui)^K|_C9Hv9@BL@ljG%3u&yJSaWBF7i$0H&$Lk z!jprQeiACQyJutQ+SFRZKwU$oe*62~Xn7G#K~^C(Z(%9sjUj58%h6?<>?W}0PLts;vJ!WOQ`|!6P_m|KZ9zPk)8HAMIt5VlV@Ifci zioE}SfPi_4p}+J#`&LMc)SLwiL9z5z#)TS7Kl8&lKzbr}5$Ov{!`SEW1#%xpS@RTK za`{V7$US%P7s^>&x==#>xZGgKalN#=qsyHo!rZnC!l2-OH?ANefS>vUmAN$NEHJ7s zw7eu^7*yA-m<>y<&sntappC|sm>0|iBje>N)p1C$uT=Dtz)Vp2pEn@;^pD4+KC$dmE@jb{fwUTSQW_?jqqAU+K=Vh=(1Lkt!l69+PdtkZbQ zm=fqH8o@Uw+S-)un}!|INsfCiBK>6bB6_l{Zc9kfeB8*W+Q)|!icQ*BUJ zZyWuydH%=X22B4}CG2I>k)pc4+#U1XeCI)0%QA(5+RWqp;{ay=G^+>Qzu8~JKArO7 z*EO7sz+I*Ns4V_-fnD=KcJmfi@*N!{x2xlw&3!i5;`HE`$TC;lA){2=tI{Xp8K&+` zNHSF5*^a958m%=RPqox&uTaH1*%pKM*)kN|I@f?h|Mp~F9NCevr9``)Z3j(NQMhiO z()Cc#F{}ADJ|!eXck0OqVdLoBx?Ro6voCWIMU+_Y%@L5PBrPfRBr}x(+ZhAeqHKtp zeafoD+Y3^Ok_zuMhW5DNcH+B--km}|x9qlv~ zudHUD6fb5Eu*8c+(El}B-g}O;hl%#>Nh&6bc$MA2Nfd%A;-Abr^tn}4zFNhE*+Dv; z7Bobi+XS0e6!PNLmB^0M1B0arq0ZY-M2sdPJB6)DsTJy#GHKPXDd(Z; zn@$<)9X2Y@wldAUqo!dWL2~(~N9;TPxMhfe#AMM1N-%jO&u;jf86G>wxKnJFd`V+^ z8}DtF24nW;E7|daMJ(uW;0b$3L^)8tgV0p-_l$u78$PI&VJ@3D1e?&vY{3bkIH&9W z8OeFSpZk(JKK8$FCvaQ7ZT(I3gZOnS?4=Su&kR%oU}oXd^Q8SyAenagavn;q zZkK47A>wE4GW=(w{WIy(p(ERW(X!_$fi|NZ@AD+5F>l67&tB)oBOiE4CCNeI4k>$n z;9TR|V8UxbKJ}i~ybm6C77#dWz7KgmISHt#_^bM(0Qh}Fp)yw1zuVQ$D~Ip21=F1B zum6_1Lyk1R?ufzEN(jw>xOyV#t70e@1t7HOb6? z!vtBQ|f+y*Gqk)S8OFP9~e;ELEm*q-c{ ziqS#Cmvfkk5eqmw0@>_4JJw2Ic7>%|6Zy$UYn)af=^M)Ny5cmhy>^PH-QVvKxEBx*eCkQZ7bWc~DiS%d6d}S;Txh^?JFL~`s4B)StEjX;y$mPm=L->Po z94~5XayJhY5oF78xH+%@ate3l2UVz%Y7}54_#)PDl(pSO{a!S_<9Lf<9Dh6_9|!J% zsAX+C#F(|d@$V0-#%*X9>po3tg%cqo1ERGnusDSBShcWY1f(do56$%xK514vO+^C2_G$q#mjAbSQn3oAC^Hc`(iXgutmXNzufM?JmMo9_w z;t6rzUBA}j8_uL81v?01xw0ZgzB32luUR>A7D+SoY?2)Z^ehXo;NX^|(BG+F)=-iD zH6lOn-$wZKwbm0;N#CDx*KA^Kml@;R$WLny{rSb324krblqU+*+Y%)FY3g5gj!gV4 z>9UT+I-9adJQqzcZxa-si*XnS&;Y2x;mssQ;)^IM1bhUCo&J1?HovS) zw;7~=e^gv`@Dk(p+0P64J-$m>yj2^Ph<%-DC}8Q|(yAyB?23mYDUezvFdONM$`)AU z*n$~cprANfJv#K5jw4D=cFu5M6O14@x#Ee4`&?fs@);0DC1s4EQJPqMCrcpai=>c= z5QPRR`VUl5Q04v9j#pljzL|5<`@O%sY(Tge<8v=ZD(6cS+uL|OVxZ-*kK*aJKlve) z!?IV&BIxlg$@*vl)81aTJktEi`8P7Uzloj!L@?)*B~=dQr5p1Xt9Hr_rlDci2~Sej zOnSxkAGtv?FLQ#AFx5IFjU;zmvi2f16^bI?rg5JCmW=Qe5&Bru^+1Ut>ypH^%s5E9EUK>?ucQ(35L>NT;dDItcMxN3XN?8iw7%VIU@t*$^&(CfZX&!e8mbj%1h$M6B!%W`$3vBP8FQiP@<2ddJNg$Ec<6!W~YF*!G+G;u%W^JxG@JN zvYnNN%qb(}RAim%a-yi1jn|ImeN~S!;bFs9agD;3rgwpH;%2GTk6$YbBl4eZ>v>Xf z7SIUISLC(ItdHTjH_(Pr&x={7zxkqt?sq2wV-s|G(T#o&WW&miwhrhWRS;81PHKC$ z0PX4eFxZ+|aQ2l3oHOZb&BoOAA{J>&z}@-EMXUFUsbZ1&$X497jJCzC^X?&BTWJ|G z&1N!!Szp|;6G|6*&5SUapLU;nM4ipqa1@#HON7Q@yKdGoi=kx%$H5Q3^Hp0F6lXX6 z_|2*q-F?q1rsWqp-!pfN9Y5yg>M(|izq5k1K!s+RPrFYtqn}M=?8(*OaLdSDzUjkk zzV9Yd{%d_H#lJZybgm1cl2v^KYt{ov9jE1^nF5k#>q7tjIorZ9oxP>Cu9Q75oV)S- zTNy=pavYz_4oX=cBsWP4H7srXt91qY#37T=X@F61fLn;>m($1ZCBxij&m(k9lEbB> z%pq0U(BHVo*6n*KdNxZdI~ZEeY65lw9q(jim0$&G7U9%WdGNaWyojk#LkBkvv&AY_ zsFnpNci%0oVyFZVhIg}|R9^Fbz9iVjNhDniWq3`1b4%>!Rh0HlN-I?llXP5CP}y`m zjmhs{M)4sT*mG1xrD^w5r&6E@u>Hio08drvz%c? zrxPPZ0XJn3XR|h@s|8;X??c#uo*v@)f)`Tg#qmh}{0u8fK_;i^?{GX8g^>}dd^M9V zeFi4~Bw(~G9ri!y1p?WVUP)n0;pyMywZk@ImZEhEh)9t_H$5II#P@U*n8n#w%ps@) z^~hH*Ik6e_UlkFi)OLcd#ECI?x=ljm>51fGj+?l^F>tlMq0|c8m0x_r-iKhfbJeW= zOyWkaQ<4l??bRYx+%jsjFvT&ALHFh87(2tt|`0i_z1hdb}w&k}4{;n4A14I+W5c2KGuNtbJSl zb}ibBwjhK}jLX|min`vcf{qW|r_MB6h5h2PGD!6m&58GQsG8-%v>fTBp-@7Xm?r88 zEGGn=BR{!9a9n6tN0|w+#GnlzIT8rVvRzBuyCu6#OO&;BM7+g2t_lC=pWAZ~zlFU1 zaT7Bh@72oFTAvgj-q7uo08vt_ZSzPQi^JJ+ZBe@O1eBr|PoC>X zxJsh*&BiD)WoP;2DF?9n$B558b0xdvLh+e@^1Eja7o(GpFNbl4n>qJPZ#W2T|z&2+NYwY#$;EJDZnwM4P3*TdhI;9HvcIEsFYISE7R z)<@xbt4I%NS!VoxXUug`>#ss6sqV&JnMS^E6`AJMu4+c7uWTcgvmK)?V3wSCG}P1;Oc?t@zwij zHhx&*(n+^Wr&ZPV`Nrhrux)e3T{vK4TZ|EU5Ea4}!GhPK1bKajYmRX3HDXDIRM=I` z&}>~-l*Hx;8!5gc7W4Fw&HkSv1j(l5nUcMlEG&<6(<; z)gqEqB3=Gaapq88nFLIwrMR#h)|qwMp99v&H| zHOzB=6m1@YP+1IC>NKt=4|QXb^xP#H@N2PbjpmWl42a@GB3q8_VpYfL&pFyzLs}Qj zg+qQ)%roylKUPN&P~H$3l9_pJxa#uU7-6s-# z_ZbgkFf}HQTzy9F*%z)r)2?9dc2mgTFnf}JYf@X(Bl!pk*DU$1 z>7~Hn6;AQ}^^fBFrdIxYai;`?>Yp_UG~su~Y%!xGN}4z?T}z`3}ovuUfI+K&AEmi*3PU5Elq$hnX96uytx*=YQ`&8+x1?Lzp;Q&M2;@navWM008O(`I5e@~}8o6z#O7Pl( z=2Vaqg|c3CNHZm$JSIDbCimZ%-7E$&P|hB@OL2ya8^5}QEl^(nD^Hl*9MX(}@_Pe|0(qjbW5UY~$cLe@iG~*n3Qh)k|_5$Dd1%>-UCZZR1(_uePTMcWn~ zgzWVhthS*`i@YntT_-@tRM2HMxFim!z{-NEhI@cF4)DR6v45 zTBMopc)zz}urW^`-SJ&-qc2%V4sW)J`El?I%b$m_%*dY|Q)N(75&4#_d4G^OPTHuA zGH~cpJn;SF%=AMTuZFt9&`*%rM!b4;qYGvxCs0F2A=R4+D3r0LMueyShsPvoN~mz^ zS@BJit{L+`F;_kq-da-QLmF{n(=Q@UbR4|mBVB&*Whr#0ftO69o+$ppN{9=nDE6YK zL6Je|Ci;Mik~Q@c_6@a>Ltern?zUu@(r?)cK?tFLDeT*8-c8YO)Ph~7*}!yX@;$J` zJ+w1HPMUvIN+m>V=g?R(O^{It*5<25b$BCPb|VGK4(GSBY#f#@hW%!NP)HtutWoD9 zO)-*Z2zmEh5(n)-+qf}nL#q&GRzFG*?Yp9I%gc@GocOT#5sN|W{frP(vlJv{vRnO~ z4^p!9ru2AiZ3S8Hpp^a4{f|v2TWW7l=19~oPa6L)r-a9I1*%x@8L-#A*8JvFi9WS9 z1UbPR7sBe&vRgsLWx7JCZB|D+v}`93yb}cu6@V_>bg7b?2p-&Sk4pNzC(D}^Vnmuh zEO3QLWh^*t(99(G?7yKdpW(e?%=PqpcW*j~D8a7tMYUnWLn_$=V2|{u|D&6@G7DP! z)$&n?yORb)Pg@l?+ea)Kw^kwwknmWF_JuF5j_Cii_)B%!w;NM1WtYvbjdF$PdvI)M zi2uk2_q4$GG|FbWP)-mfz<{ezV49>H_j$j#8c*~9P51pzss{)*hi^ARN&XN`GcrHC z)H)3$n)}SZL6@$71EOQMPfH$=bmjZu@3f6zAsCN?V=T?&Vclma!|($LW#gdx@)4cf za*leg67Tw_9}$(g)tlG@8n_yi+4BBPa)}l(GjiS5r&uM+xe^~~`1-J>ojF8%-R&l^ zT!s~Ki%N@i)wO+epcDM6f|dbD0%^VSvXm+V(+eSs@(Q3Ywhk?;MZrM*Js}Nspl5~-}8B$Mx=i=sk4&KiMQMQUL{8A`ZHrOOnv#sH~)y#_x@)HTR&kD0}J%6PEU z8Pzq^w}jOQQ^c^N$3Z%gi4(Cw50O_t$uQ>I5W3(3mQK}$aHllR;HN5XHa{?p_JS0WEkR33AKm~7E?o&^7A2+M zW#RB%SVdyvhDSg7G4>$Bts#F&#rG}prY+h4L7@jMgmiHP#~pUw9njNbs|G3Efh)B= zslMh8-q-4BG5>=p1Am$bKoce03yx5pv)*@c#0DG-c4YlE%cD&Z~AKvhmf>65ZoPge@_?!V?h^kmahS) z)Bz~W!7Zv29iWayeEH4U0+br9Mn3FDiC`@JRpB$`gRN*~te5zi@=;-1Dcq_YI#YtA z3;eqiR3#Oee;V2SsX+;Xy!Y3f0!n&AKsVP&CJ2o3GH6g=Rn15c;ti~(S@%eUdMaF5cVGJ@q%Zpn zcT8~`{nqC_DxckWEP&H@9Ri#TV5**Qp;Q7ek!wTlO@RHmjNA?UFkzb=TP#nm1K&yD zXgJh{)5&j5mrINNGnR{-7xXcO_YA0M<~Z$#gbHWUs8@&=j;+4mefsf$A8ln@2D zVMnfp;&&v_PfC}}l3tNtOMPiT>t$iUGcmYoR;mvqfcczHALa2$mRX%VGI@!o>hgpf3jQ067}4JY9;-3gzhEM{4!aRM@PP!`9Vr&Y_eMGf*Ez*1_sa6+a0ZoFRb zT=zj$Aftb!CQLCSJflUBYZX zav(=DdtvoYt^pl&m=J=YPpZ;V`8Wne$+9vyT!qJaFrT_@;5WfOL%kvzfenCe+Z_KV zS@c4wOrQRQ^ey*h4W0~Gnzy1}dToA)G*BeR6)rhU08I2RS5a0XJ<0=$+eCXmN=X?& zKX2b=dpXnu$rOP>JQe=(~00nKIV%Qjw zFaMj=EBxygD$Y<8gWA%a&XD2ttEB9chsFQX=TblZM2T&<4cw%Fbw2l9alQYT$dWH~ zb-|gcKKgE{^O4Jh6)V^?T+LIV)msgpc2z6&d%R@(V{pV|7y+a_{kOGkK7<``Q{@x!5vPrD`z982?!E&!Ri@eI1@tPz7eB&F&TxB zzuEmm^630c%E1^In4`@wOM8?^jz$#yQdw3i6&0m8FHyU;w5_8&(;lFyT^wrS4vjtH zCr*IR2W`9lK#B3%lAhvbyf#fR-;n`A@gXzO_q+2qkcM1EdCPpu1WDwa>ak6KV+75n zjZGgY%1U;@LMM-?Ij&%4`xJUYHJv8M#Zs?}Z3s+=^|yj$dH^trfN=R znWHI#xi&|0-yXXF1=`Cw?E)ky#wz3-G%3`KK~K%A8SPVKSbpV*!W^KYL$`q`fZho} zqhB49K1*lGivB~@AXi=9OQHu|DrFGQRlIYT_`ZDyVzr=fS6yhw$r2p9zts6Fr4Cm0 zfjb zMP}-@kVg2gjx;Jrz@)`Dn(LG%i=0@>3>TF1B!7J-SjD2E=C)@R~QE{f$ECwIOvZ$Wni)TKm;hsk}UZjW*m0+8)oou`(u+~<x^r*U;jW%CiHK>A__D{!PWN^$7rT~JLBCp&jO-A zdpV~CRF&>jl$?VmMcg8=PZ8s8hGE-^`|JNC^@qN5pO*DTPLP_iVHoHz${}7|-@#Hd z=_&vo4SuM1!hw&IREU;&X^I%4EM)`|;G&EZ6ISjek6s{BzeeRBD_>96jobm?A*#|5 zGbphYfRh&>#Y|jDg~|2Bi2WfsEER2$851ccD(Ji`JugmP6xH#VZ7_D4m_|+dU{jl5 zXlSnOF_{8pVkK}2hXHuXNPo}~04U%KiVs}O5OyHa33LdciBQR*cT5Sf5)u2T^bNBD zKJNSkc=f|X29L`An1jP)-j`g8++FcoGCiv;9BP*Tz)dP-?+pU7wz^K%uC0-(s)*FX zT@0OQ6Egu;=Bz>ltZonKtQQ=#!^A!hZN~igw#r$}?TeaF0G%%r=d?*&dn4}@$O~vH z2Ky8W^lX2yND6531Xs$2uU#VFAAXxe$_FUmq_zNKybWXJ8pZ?_#_SYR%FP-8VR}-= z_`Cp2B|hkjxI$8X&k5pM{7Iq%gtnR}RgiN&ET+K04d3B!5x3PY#rwIy>nhSeOO94Y;0;gycc9crk zUto9?Hwb=ctAQaq=(v~#0^?t6`Gnzj%* zyqN$_ZRAjsUaS)h(GnQOz**xrM*0|0ajvRk%0k1T0qBqsq*BLGZ#Ac`Q+~enT-D#c z2NZ~pt8L+&TKeUW0yzgw94t6Fa&X`Pmfk*vo=o#a7F|Y&G`8MHBAfj}JYOYqo4oal zWcVu=%i2AD3pXj-DUuU&Edn`0PkUuuQ@Offnb2_x$txGPyMsFeu6{b zc!&(!LDo(<5thJ1U`S~Z9>sC|(aXFpj{{MdggH9${c6GjdxG1bIk<;0NgKN&yjJ&> z{!Dh0tjW_oV)VZU;tK{sShU=TxJrRxs% zF`9B97Ze>e&edd}9KZ)n#r^NHw%lJz4?j>dz9k{uyJ?Ls#8S%kcFLu@;s7Vh1i<23_B}k3nd~);@w~rh?h(inE zThBEey6gKAz$qi=lzNEWl{$r6?>vDfEgmRj`xG2xIe z<1@CtS2+ERWpV~pFH9nBXT$+UD(3sEB#`qX#tXHiGS-Xn!brPrhG#uiq{u zb6>A1gq8nQ838Jkv-;v zVN2|;3-{YZfJMX+ByYIfc8t6^2zWw%F`Qe8jRC+&lfsGqC4vPT4dTjDCN0X+_ z$98f$tE#Hx=bwL;5hF%G6yCm}Z}sZc(z`c|-*#YVXn-Ch1`ut1oyKCdc(udm*MViV zS+$=6Y*zy0ws20{|8|>0TPc7h%R`_%3c=W?sH>w9K8mTdy%fVj&qK+Yyi#{;J&W+b=wJzahS9(!eS1|_ zmZ)Pn9HY`@g#krru=mah2? zs9jw+?!5EPFurAbznMYS=-$N08NTR{oPyfd`a8o!e=IqImRWYVO=X{Q^O)wNjW>8JlG&p!K_{No?@ z%3E)}FL&PgH{m4z{`>FC5l0*$Pd)XlTzB2Aa`)YTlOaQf$ZfaXD`UoNAqO3FpzN^2 zo-%v(bUF6eQ{>Gzr^?KkGiAw=C35Yxx5!aPO_C2j_*gEvNb7<6g%@6sv(7q8o__ji`R1F2GGfDF0?4K)5rJc6boF@9ply#mCdzr|ovG@w zX3ZLu_X9cn@B_5j1Mrn8X4V@&8ab~fhc+ECHe}18CijM5Z>z1gQuH84@5?X0ltT|a zR8BbI1bOkr7h6??*|TS>_NcAJZrBbEt5;Wv7e+42u>fNzFX!UR*THYG*%b^0+Q~UB zn0j=xg5;djWWa=?v$0P>|5)&orBe;hQ zdi5#?%f15V<%x6N<8{xT73v=2@>f|2E)zIbe&{iIVTqX_s!#!wX$Q7lv9+5idm$Z3 zM{;P+J@*gt+p{l}bI$oA0MA_6XP*OP)~x@@lTSV-XP#FgV-|C}Tvn-+p^}@WBUV zi!HX0dGqF>9cC$TNsu*h;zW7(-FIc_(xr078E2?E9DexW>X=>Z9o)NASAo-1-vFC!@$oS3i&90ff4UY0 zTFE)>T9q%}+TPw)TG!jmFUEuPZAe(J4LMH8VpnU!H*Al`c{Oq$YB9AD*!-Mku_utEE z00|HL98&C8UmsN5(kK=$)2=%XUu;4kE`!zKZI>?wb}{dQ${jOnP{98=(`QIx1MYULk8HzqTj&N}+mLm5~mBgS&Z zW8BX^`%L!Sb5A9j<279!(RucmF=OPGTW(R`A=6O2_}kz9R*pRKNLBBnk3L%Z_U$V# zzx=Xny6L6>g{LbWrr-SLH(2mgDnP{i(#2zb1Xx#JeYN5g-VS<@^LOW+cQT1wdF7Rg z+x6_T&#HV+J@r%-pCZs8fhK4hQ$VvLkfwU2{Zq&kKz}g{7ap}(R*Rfd`*R^zqq~$X zFXFjkw@*Rv!~ndbzz*~^F)@%+#EGG?>#)O{xV&q`AH2uyrj7UVgI!etTJfjY+pQH< z?ewU79C)A{wAVfgkVKV3T}Xo=ffb!5o4<)Y2LE3T09o6-%x85ozLXV4qz=qr*mUo+N zwviieyiuK#OI2E0nn;r_9=TTxyX>+{0$hF0;sQdoYXZrpj2#`PWxFB-f=%n((dFn0`2_%I z6xRlv9y-%yzldR=Jo~hBAmX}HF249eIqH9tup4a~RoxJFUGB8gUeLjL3OY(hV)xxj z9FKtr>2Ni%h5(pC4HSjNBoKz)5xFlRjks1VUm;(7FrnX8*Uh-u7CHta}wp?3Av&HEEG7YQ}2cYepPji zOr83MY`pPURUfXHU8pAw#L}sCI#8oB&Gt_lEGSd=i`*g;sI-3RrI#v&cIr7f!wx&_ zkhom6YL%kFvSrH>fHCpVanf8ov-6PAd-m+9-pO;)j^aJ;qGb6J0iX}mRF|5r`aJR6 zo^%-sBo+Xuk>Q+DCzd*|91AGP;6fayHWU~I^1|X!lP?Ai`dkX&M`dard2K{gjo_ki zC}svS=h0cZmdc#^+?h|Nb7%hfJZIVYWBU|ayXBK^>E2Bm{_>Z^oE_4=dfIrXro*z58I2J_g*N10X^>QVu!fNV)0WJ0J8xB@w9x|w(oPNO{RQd}q{H^rqQz@f17%VTm z@Epp1L!#PT91$#agxH;&&ib7%l)53~&<}NAG)ForP8YV^a!dK{yYG})1U{$8kzj@j z>#4zfpERRDMfmHlzg_{IfBoxUsZrH+OYyj|BQ;Qeiu!1~?z$^DhO1P$DDGr3lWjZ`pGWGDtzElTfhKaF9)9>?#r;do+nL6mcTozofpgkLDN$6_$~mV= zO%CzNSKFgVZ=a$NsW^J{Xr)j}MN(4_ZU-MYaG<)r_S$RZ*T4RC;+culnj;nC!`KnU z-819>aQ-21Y7VI7idL)#K~u4{TdwHSn)eu5Do^*|7OBNTf?EQ>jDNJfe7o=u6-ndH00jN;mRy zVUYrXfO?na+7Rqe_XzqGXm1bFdIS8?fiyQiaLCYr3P?$VCG<}-=_3i^ARXeVA36-L zS>N^q^9{9@(^*zl1_kSN z8?x-UBt_V69as5|%gJy|6aat-hnxA?k9ZBNf&k@doJaj=cL&#o6Se`*QN;~nI$bVA zhZ!&pi1cpE#`O@>M9`li9`JjhU*uIgRyEL3Kmh=UfXj>Y+Ey4rj@GTv{h3Z}X`cxo z9$c^p#DMC(aU4WE#IlpWMBv3|raV5>kKl=7I^JtfU|E?*YdO?3)cM61U#J~w{8lNR zV_tv!;~x{nF?8h(KASpqsxpe%r%xXRnz$gUudi21zWbzMjk)X_f0@71R4jD@`v<&HyUd z^d%k`j3hSF&omu*?wrU|>&RzDgvMtC6YL}Ur}NSxG0mkUkfC8#y|r13ns|?cGShJ2 zCUA-|BbE^;2ObdBYfV0SD>Oh8fL9#LCCbc*1T&`0EWhD6kz=MgRJvR$(>DCkbVH$0 zE?swBetp0Bycvg_qt*oOZZm-#BL32aY~wl85{#L^vJpIq5Hz9v%>#SvvJ_yO>wc?s zMETutp~P>dQMZ?U-S&n;>jXImP3#Aib@a`ZE^y27KKtyWtPoQ)@Y-vyDHiMr~lmYV4}lpoEz@4lN*G-YNHfTlW#=NKAbucIV}^}d==3ji?{S-UAB7T_PY zI|G3e{Y?>U(1sBMpP806@e()i+zCung7_b%(ebtU0_QVx&UcVQW8jp@%e<2VcwEkt5}mS6)$ED{`Lr%mgZe z(>{(Dt9kCC<8>hfez;~DEtYmG1iG;d><_fGJ%0T7q#|h`VK_mCx{UxNDRSbXF<#)qu3ml$G$2j6zJ-l)0_}7 z_b~O>4?y%Ir*U?qxbU^C$2>@x&8_I(rPNPZ+icuATWh z&rMt&+YW;uLc80D<=hAAA5H{WIG8co{Tk0G#a} z3cE>bWWj=^Lbn>^K+<%@dFP#{(k))RO!X7qe*F92 z|6ZjdxUa6R$9=sB;B(fWfRGy<9)0v#RX)uf)jCu3zs5}uRC4APf12v}@yC_wJ+x6o zHziA#u7EGRmdnDr$M^?^uY=?YxE49@yweqcr?JJWuDS@|C@eE(%#cces2QJp z4zN=tufO}2gs3f!Kmc^=smCdOJnHM6efCN6)prXd1Yko~E(A~9EJ4xptXW^kPe1(x zcP9UZ)7tx#&7&DJK2;8I?|b55MFTD@_QVE@Ol6@Ty_nidO3>tqyNOA)pqwmfGv6b3 z?(y3zFURHzI@az%r`m=0W4Ty9mXqaWxs_(u$h7hjyX zM>h=Ad7^lR6Bdo^IYUK7g`9E58O~b;f8MfP5e@>$6Ia1kDvJWr^7HcL%fYQVLg~Ux znsgk1F+?eFczehp$I7oJ9-;=g4?g%x@B?0<+V%P$W+Bx6}9X7jGUlel-BB4Hd^28zEazT&yrMW_nn_``1(#Zlid zedKAyTXJ*tgyo2u_fs>@XptQ4c3II}-W#Qp3c&tnM#{`OqSp6ZCy~Eh+2$NHv9xOP z#VAO76zn`r?NfA(!GaclogUU%cX~Ug*p6W8$Rm&Bt)d7T>{7>~>$h8KgM9z}_iE*@ zSAS8oX-|MBt_lOvd*}eE1(;dAW*tOTo5-0LUJ9|+4sypGqQpn_aknBACEaktt!fA5 z@y8zve{wrZH~T>TLY%pNJ7+2ge#q`i21qeMrsG;MI34{^?Nob+`gir&75PEY5V}l{| z(A{xw>eAi)@6FumKAldoY~RTz`_?{vZR_mr?AzJd*)2?PXRSBZ7nT3NS+q!si%YT0 z^a=ogA0R^{7dk#wX+X?Uht`GC@O(o&>;%s zPCxxjoRM~@Jn+E(VRbH3{{8$Lvh;sTv6T3Gx$dfKrM$FEUis$>Fmo|kjyv&WnLmGy zWLLo!RJolIR|$zzPyt&ZmfU!B50DKU@9Exu_aiAQE|<67dR_L}Wl!XnpeZavh75)@ zsua?<et&o!PSk32$VW)iEmTnD^1^En=~fbeB2U^5G2v1pfZP>Fg=q{foQ&1w7{=PK zEqNK>O3izh*SgA*e!qiIU?fnx}q@!6U^ff6lVllhT}8B=V;EH!FU z)bY6b>Z_$omoAN(ZXy!1L1*WyH|nK5@W4Oh=tB>Jl6M~^C4rH%twagUfC2sF>#x6u z;`7mJ{k>10!Sd)+PpEEBINuDUo_p^3IQQ&AfSkirS^Tlb{()t`)xz%;&>^C}QaGHg z0OGv!&XIG@`HhSoeTe$~``;gfUePM(E*&O|7B7W9++g+Bx9<>0xORiz^Q5S>Sbq1r zvmw#?0~D{%fK+FpJp1A+au#&!7}uCl2P3Y%usrw}6wB9Cr>i!L0E85<#Wa+0w_Fd& z*$DaU$AvgA?Kl8DTiW7zY`^~XSvYuh45U|kVtK8l?AmJ=NT3$WaYr4j$E{p?>2IK; z^`P|b-Ah)Nt(MUTjgsG-`D?tpTl(!gSnj_2FVLg1rA?+yNgl0^$L7O5yID7n7|P1P z@j{S-WjpW$#^HENOc5IP$jB)QOS?1$8i@isvyNyZkvJ*I_`s0ro}O)ClAJN$dAwgP zda7J!ic|>YIarh;Wq`@q7FwVpZnfmE$0!MQ9j#2#7#`MnBQwG+Ogbsv9ch@S#&RoH zt&vYZTP*nnxmX6mPM;P9(hT<;AV|N)%uB5@C%E2fwiieef|b&?bqh_FyT`agiU-Q( zjYUN$n;p%;dd0Ah{$i5{ z#z|eH%uM1lXq#X4B`>aSdQQJ&d5P_=Lfvs(oLaVHcJS?U6r# z5W3=$V#&?QQA_iiii>Ne%Ox(P&Gv;Ui~8rEE?wFJcrBGR>(@(b07vs<6C0XNAibF{ z#?9}p43q$6AwN8Kj+3DE>o-Ymex9CL$9TzcRxV!wI<-a^c+hvY6u~~ncuZ0 zM-wHSznweafzC|t`d{40Q!Fp`#1PK&mLtPr{4yRt2+vDQoJ17MW;yt z(~Qa31=BRnFyri(N~dhxY}mBgt@UZCLDx*gI1)vCu+kLw0HhTrtU}{_y;^0l?=XM?1VK+<|3@<|p{kbY} z;rGl;TMBB~vbko9ZK@E`8pu_&72$*v1x)nkV_awu&0E1QcA?R4L0+zc4T7`$6`xDs zlYd}j{8-|hh8B<~G!1^M*yrbZ@52?bDg(|3fMFi#`~W|8P%jFipj=;9|KT9qrcEnN zn;CTg!j{qf(!8($<;c@``Hjn71bzfPd=A6bSRwobab??9hi~mWwMQRf`UaLnpQxiI{$c8o9yQ=o)=Ar(!-0akAu7P{eo2{J<;KP7VX<*F|gYTi}@SLXxir(K!? ziJ}18Du3)Rnt`u#c z8GsMDJaOPRNeZPi z2AT+#LK*ZEluYPQ2fwBU#nACZ5i4@ji` z_y_0v>g2<{VA=|{p!Lmkym_IYyk+wxW7%wx?jt4GeHgxzwg#|b{kk|CbcLe2(D2G`)XJ2L+*pDqT>V9Q_ zUi9baVQJKS$1>Zp8?Ty;8hDs3WQB1qS> z&X6_DBl64oW_fY|d@`#H0P-8#CVyc{%_3#tavJ@!Jl=AWUUUYO&{rZL%9~M5C-TD4 z$K}E6kN19GS>zR$1G$UOB(nsSxI^Bz5I7OA7Oj%d6Bmi^(icT`9W4F@&tiFQgH%E9 zi*uFC^(#a^ctNU;zs7(jD=6Za&$LTZV5=zrbq7Cxb?EkPb-d|-Nu@xegC=E?;C9Mx zV(e2?fyriIFtU@_lUnWuMNX!ug8>E)43Dr!3`@PpV~#FIBpxs^Q%sXHbV`^MFkvvx zhzvg4n@Q{7hdlD6`yg!lga90QhF1`vA(iT_L6y4&o?JU%y@Vh^%7SDm13;Q$bpiu| z2oBm@;&OH51p`cq>bd&O^mMgd@xAlMZ{{aD@DmhNK6z1Gz{Idy>!>i^;`M7~!(q2* zdsfiI^ie(oI+T9l84@C0fFvlSPLlQq^FvzrARPug#Lp%<%ul3v_!cb(<6=3z{o3M+ z0uY9!s~OJT@vqVe>AQQHMA&8tb=i6eJ@~@GhrPsKv>Z!y?Zmfgq4+j! zkc{^q5n1s+2_1bY@{q0cVRwvl$?E#njHUmiDX=9J0ASh~bwsy>M5*Yv(Ls|Ef%YlF zITCDtfG$DUQblyONF+=;`>*Cx0Xn>}<66!WU{J}D*>exdv7JVR<1wF*~{TvCk>m{;ksZ_P? zj{4`aDuFTqbNv4ANg;ikroiSYfN`WQ-QLXyPWxzV3Tzk9MEevKod-$<6srBO3QQ*5 zY{f^Cy>g!TF&L>BKEfac12z3S(K{KWGGL-~{^$r^^n!sb!T!0chH>+niC?(KSmb@M z=D`gF%xcD>x#C;+y5@yhqJwVCDf_EZoBux&?4*2z=BC6oRmT1*unm|x^@F4r7(0>uQqr(KZz)M<*fUqa`wZC zh^o#wvOj%7Dq8O)rQQ2!IdXGZ9_nR9%fq(nEtk7@*E%Cl!UqLJh&N%9&J65G?ABj= z*!JyP{T0sD%ax4$wi0UI5enz?q;&7T=-60>$2o!W<9sP=-T_OMww%f0Q4+jGAT0?r zNk`d)DS+{WuBqtuHepI9H0zBHn#gR)h^ZPtk1X%QMgEX%I zRuR#rHvpp52AB;0jGK=6@pT!5WeenA%V4?`{zY$y%(_wixIYXN4Cjik>)@^M4;>Lm znka2j#!SG3?fzcJ_#2BpZjfY}s?^MxHYzd$SA7O8IN0K^H;X&ey|rDdkD3LG0^*wQ zxBjVe)E9D9 z=?tU&`gcD-g8zFH%W^BE3Vp4rJr2;WTq7A9zLg*j<_-fWRW|D^f$wHY`Rbm1`48FMB$H9f|^O0>DDmts|N~doC3#z0pAviNL{?0EoI2Y&_Hx5^N!^3QSSv ztuh)aX;SA2OF@)KabPz8lxKj!LwSyNo)Cco2R6J$@!#P9JQl^HuM1ZEi z>QAL`*?*;|>;6y%_e&v`=%~lU`lL&CSsPML=O>-NB73 zq_WdM$^PbF;tQ7Qf^#MGoP1?##0L;X1B3zWh~#7;0ErX%7~6l^r75sA6sQJHF}l4` z9Z{@Qa2}d=DMf+p1e#3$!`Y{xj!>v4^kn!0R^nMxQRb43#D)K@Zo`mdC=+*NWbew1Kdckx%PS1EVi*Z+h_w+zqd_r7cZCK|hi9v@Vq zswKepSg>MN}*~0$)gWv*O{SQjQ` zGCi1WYK=R1;OWz+3x5+QPSldJ&C|I)!7Ja@r^`e$1O9INYq)rSxI`Dv#Y&~TezMkm zq0-Q7n7PP-Z7{PpWjh01-n{;|$364GAKRK&LhU4-vuDqfS+m}d(W6Jhayz8Z5!y1Z zt_<$#&40L{jo{o0kyc$LW90`>_J-sMye8PHn`E!~QYu>Xkb=^0q^iYUl2`nbY%J`e zfQg1pvmxCMBR@#N8|60LPn$MPrc9Y4Z@>L^bv!QL?ppmJebb~VkZ{Rqlcq+~$-K$n zw?lr({K#*}^h|Prr5-RJE_HF~i)Zlg%3Uh%nSLqR;6P0V!YiMZai;w%9g;~O)&uK@ z^*67g($crz& zC}YNqkx7##DKO>PgZz=kIw?beykJVplLhVfPJ3agACja^-$*DMN8jYOk#J!L$zJ!N zRAn^-lY-=}bvMab^BK<1V|1;*T z(m|3$fmq2Y)jcRd)o~8T>Jcm)OYb@(O7aK8=9H+CCs<+zq{4E?9rwryCmf-4 z<(I0eZ1pf{($%=9e@@hDwp+HM5O(Lvw{MECY6YeP0jX-!SNxT$C8Go&Dl;3q={iZM zu#*H~!>m$~G8X8Y3`%9HJxivI$yt6LJDc`gIB~psHHTg`3sZD|H3YuJYqK!Xl z2Zzf*)ERJAhNHXZOdpD2$N)Jgl7XiEgA(Xy96&g*B#S)i$b zeO>*>8Be5l`)>Z+Gwt}`OWd&4ktF$M#E4PSym@n+W4J+6y7}gD!rxU_Q91&v)7;Py z$2sfYPHN9sBZ<@MvekLN#sY5=GzSiPs>e+b8?)J5+&*-Yvy|DqY< z`(e8HpbIkNd#lGN@31=W)~#DL__*bk@tU6>epoKuySE28xdu|A7#m9fB}Dv`iU0sW z07*naRK5=TNXBRX2MH6**H*2OiZ=ZvXVEjT2wovR@S&=9FiTLiPBO~AL0bf50!?_F z9uFg?gm8=PLm^jQu*6I{z%*>wSS-!WR-VT9vP9_eAzFm1Ac^-jlNr|(G#@t$2o&TCwM-P!d|M^e4 zjL7edqqMYAuZ*+)IBLe2s!ua#&Qz(WjSCzD$p6f0y_GRla~{nX^XVr3wxNK$)y6hA z@uhD!4n{+!@3toe8VxjYwom6kkv+x#>pB9OPmBk9cAbJ(7oYNiw11^nvgs33DO>fp zIYzK}@hTjQTaNnmVW7*D-25E9+7e4_yRa-!$K>8$ZK=Znos)XF)+9M>s)Z#JT_%tr5l^xQrK;!a{3X z4?g%1^wW6gFeFV`uq&01cz7feOiI)phsD$s{^sZBDkvo1XL(q5@A7L?C7rChPNfB(f@xWjn0-On5B_20)^UZ%&ug#h@lMcQ1k!vrz zQugS*r}qES5;OpU9QDu5C0JHdpatn{06?Q%A56JQ#9#Wogfem@oYw)%b*&_@;bSQ& z>@Q)MVF)(wA=#TglTZ$K(8Vf)n}nbq64&^|W#;R~O~A73wep8Q+$F#N{SEs4qmSN| z`R{)$efI4GAP0$95a<43Nv#q)SGg2u6Uv(X#6|4w$3gTN)+JpK205v-RtY+VushjJ zs$96HdZnouI@5Qxq0BpxPWf^HG^Nj;OZi%=mBFNdroWzQ3YfK0(--kOe0;y@w>tv` zxXfX?A<@!u0N_6#28s~PPe9kFic2b3f(&6tRBcE7jmUeA56Zff0x%4ogH%GH4!JEv1QL`m zHi_JE$2i$*uR+jVx>5Gtdk-wfmBSPX2UhH&1K^^57NHKM6576WHiz&qp%LyhMEnb1 zguc=$82JQ9X}&kkp<5{#RX<1-l)*p?c3G*6PM)tJX9BeNtYt%Z5=_XUU#zL)#e#-`0DJ@7sqYoCE1nXsuMXf-?9rER(@zlOOG;vUxuk zw_J_0=e`4N;2&saTa>|>F88sh84u)>HnJ`{_iQ=q^wZ^mNB%CKfAO^p?7uIo0BzXX zJ|&c1y+ub0clGuk8vP97Og%c@tBDY_HS%EAXH#~pZ#tHOaGs?kM#P~v+7`Ayz(7pG0>KE&*NdTaZE}c zK$DgW_bjJ@K^6<`2}Uc!QYzA7U&+D}TzOs(w4Y^CmAyNZ#@9-D^L-_M5Qi!L^-H=bnPGml{?7~?b=EP=rmQV{v#fQ>{xXjC?v12leFI97#Hj%sj`%#3U%ZqhE;1BdH&9Rw+Mg#_^PLD!#c zBMWUqfhPu0Kj<3@1+eqYB;1UagKH+rk_~I;1_B-Uc8LOdWw(UJbiRb3%amF4p_JtJ zgOWJ-R>7{4RSL`CIeVbpluA{>0GNdUAoAxaD1*2QpbGk5p<)RaFU26f0m7+GXn#M6 zlq|+lVu|?L9Vej{BQ!Cuq=-@!~ery9l=#x>3M!IL99@zF-PCHZ?@9Jp4 zZqmSnIJuy%SM@!u_!9u54-f=zKlrOz+NM9QoRqv#M+<*In;3?$O(`@^;A-HMK6|cl z2%ex+5)PU;aAjamFK2gPSD1;JGC1>V4cjD73Ce#unkG#F0%`|j2!t>)Mw|`Q#t4=t`d(&{?8tbYvVd&O`aoBMfjM9g)L-wJ0 z3S>|UV0qo^;A7;FXaNlLJr&4;P8Q;ztPu@}#oa0Q~kvMCDQ*=pZF+PL#@m{SZx9@&TX<%Rhx( zCoHiRtrIExpZJQt5Gnsm!j)?grUd!H(q2wi2^Q=Nur&mENBwF$wEQuBkQveWP4a`X zWCKW7W>o?-u`jUw8XzQKiss$gxwj&;43S9z-@BzpcdvZ_QD&fxd4ZcZj;3&L<+Pke z%Sd`~TxnuZFn#u1Q)qIv@|aN2rZm@_Ao9uGA_+3AsUUf#6PjWFx(vkUx zxr7qQyDnAsJw?8GbE519eWZ9U9x$Rmrw|?+Cf@sRRu@ZX*W;94l*p+xkAR6%Ie-i1 zr!IQO#-HqG(vCK5XkW<(Fhr+IV*tnjJmal`Vj4mXBGZ8!Y_aFEFW*PLvHnSGy4W_r zU3lS+M@V=h&YAPK0^n*U#qCeWvKmYgK#~#6EQHB{emJamsbpf=EeOd|-twv92XOLX zDGnkgM2dU`nnN#YcL3v763!@;P*ykOr@fRx$I1_B4~VS%Q0WU+$b7i=nE~5$l#UVr z>bZ7k&isZJVr5gXSG(=ghdH)?bJ}MjUBugews#+J`Afvr=oT$=BI0b!IMQd&H72za zmsUbS6SGAoK<1`bP7BfD-C&WpY^P(|5h=hW80TUKH5**w4|oj2?={<*lW5uu)CM2( z=hA5GtCayuh5$<#8+FS&^WbL89MI^fZ`1q0qvgxxpUXF&J(HAWIs&Fu?Z!%Z&!dsP zfg~=;aT!am(0z&KD>C|O?zYb#*B%JsoCRer(-;Vff(lR%?`j&xb-<6`Ts+=V=sNiNX{oP=g!`VVI#pbj%Z4sZE)T(l#q5Ae zz-$?ZKqFNg>EyMb%mKxIQBc9W@|`!|j=p?buR}QhPxnEG3A#yb&y;ds7s*?9y9Bd) zOIgOrQdKw<%Hd0;Dz^`$N6n?I&6&^YDt3l3mt0 zm%<5{_-yJ4oJ6Hg|7#M2ZG=oF1vD|==?>lqwYS41VUm^|u2?Yzatt%(wLbD287QSu zRD9p}ipS)?cl;8->HCBLCjzFDyxk-`?0S`6P|8Hb@0{!$$%X_ZD~HO`rYK!sKI7#* z>F+jUL3!JF4wp*tEBO*qz%qa%D01fymWmd?f_@VuNSQfO5g3f+HAs+P{E|xI<+=Mv zPU&>XDE+TwRDKJ^^q-&vz6?4_E5HCDVZy>-$lnnXggs&UpadJe0F-pc9dw;QWA7xv zOS^dGi1*GL#sMwwyYzi(Q-F0!38IsnvJS1DO<8|)b)MR#+i`Q3G|=QavAgcLButkq zQ52|a5J^=0O(h;5&65&zX~j!$mxJ0oGd&bdRb-E;bydK7T|oM4^2 zk8J@sN`Vvmrvpt5sr%F`-Hw~1goCC#j&;OxVnug#@6*>b1!_`&22ts}%wfx6LCrXu z@{=)B?v{daPjsJbY)S8W%%#%0AV)r2xJsHWepQRNTbqJ<0Th7}9l=uP?)!*zKSU~e z4}_Ei%K(%xaY+tGJIp(bqq}m^hF0>HO_F@AIMi>k{PRV&| zvdehF0y_n5Pmu8X88DZ!99#Q);uw=}CA;XK06(pzvc*IRls*g4R3bs>CzWUYLMn3) zL>=YgX8@_f*HJ0}kjld?0F(-0;1}i(Dp8jh1p|6eLReb0D%_eZZc!NOd#M4=h~oPe z1x|Zz913hka@shV*z#1oe43$SpJQWm;LrO$-aGI2RK8C*XljhY_CLN#`X2{7E#&N~ z_-UwI9~&bB=`<2X0Uo(S3-WZ{j+f$d-3Ds`w$Edg%3PmdKZ;Q zcuq_Ca>-hm``t^`xo@2x?aFJ4jh>~syGXBgIQhQ&L9(v*V9DnIiXUx3@X{U zgsGr_hx0<(lnXNmYV;A_IMq!x7ZJ-O&4MzKdMS=h`RQ^r#@3S2p(n065aBGrvRp?f zcIQcX;aQLpt;f+SeWldbR>FlBW5-(|4u~$0;tCj)EXPhe(KA=;jF#S5o)3%VDK#9LX9JZ{WiJ&rKhGSdeO@~bq1(GZ|O;oPgKBq64F4GrI zml=y^)QEP*lA6!_II{Cd^)s@oUD5hw!U2=?9r+q3H;mKE@4ffxF@^s`Ic)+mX^etE zCb_P>EGQc{7V9#C53_MQu#>Z6Q=~MT9m&l@I`%|Rzy@X>x#K#MixqteQyBb`-<({M zDR(7JIIf1V6+IV+x6+Z}Y#MpC?1C-qSTHV1J80w)W(BhIvLr7rM+y`y5in(;Khf&6>q8nv%KT9#8_7-G7L;o%*>70^ zAg#)PsQ{V`$n2oBuFM&PC@zO&sXMHZ=Sy+HDQK3kIA0#Xd3HXie(wtELL#Vx0CklB za7U$Cyc-eph@jt!5TTi6RHD%h8D$bxvnZAIn#h!^~cJt<|+`L_VLs)9qmIq zaYx!JdNyJpw4J&nr;V748c9uCJWVFgo~-ZU0VA*H;hhfC$JxtX)9cKoGizM=aO2z? z_1*P@Z$fV=kqJX4YyTpTR}nVCgpl1_QbC zfCdB8uBlMK7(34>WT){8H@xR)HI>pNI-ib#0OP>nxQ#pxfEAv3v)ElNFUTMjELH(1x^f^rEdT z1ubAfz_waXYPJC&DHC<3OLV9=TXw|~sp>Tm;8bDIq)w96+t!hseF=kaBrqj~+|Q@B zwwk~|v~^`};-PeAhZ&gh3<(O&Si8B`TS7;z0?NPB`G-rI#w@ zuaS>Nu%I0F!=_T+SkM|rneeCzqg z91tjVBKR^uL$exYULphh%g2L(8E6|EO&B-@a2~(nr@c*>LSVXP&uSYYPX|pX1*#_i zh_!CXDceOtldUtd1D`su8Z2>n4L0v(GQiBh4ny=vA5I2>080c+xY47G+!C+@OpM%n zzi+`_(s%bh+TJN4zkHAL<%2aJ%k&lR$@?p2$<6b|X?}u`vX1RCTn2X?uEuNG4^kOC zB@{H(StFhgg`G;J;{mIx-xMu@&IR1E_ghuJ+uTi6B~E3>U;%EALpW*kgobu`+yJ*q z8zbZXl(b823Pi?s%)qU#+|q)}wKA5*;u_g}il{kkh1cpW_9S3JJDjm3K?HkKRJQgLJ%S0GZX$uCisRV>fifOoXQji3irDR)B zRv?5%Nq|8e9`6HMzVB%)VmCe9JRMqm23bnr~6 zApM{|0bgqjI9po>PFj@%URa58aORI(BF(LhF&!>h6sQJHbxKYt!AVx?(RdwT8r5Z# zTsL@%jOZ{}Dl0h=3rbOGnMzoVr^HB=kU8ehwJo-5YunLGvy9bC#Yl3$=KDxL9E$DV z^8%T_W`WFKF<)+;KTiHIU*z>;-jQKl4lw;c7=O)xl~?jF#+gd4Q9)Bd$5P4fR3cwL z*R2)}It^Ycn-=HFrezW3jaojUFUS}|K)$Rn9udF+go6NQR}@Fnr5K%~nNQy-1z2~^ zvHn68s85dGX&09Qjv?8g>jy9*Gcj9E6zh{Q@k-|AWUTB19Pk|o;NVUv6#4YK@W=Om_;kEXocBlhPus^~{1uW}jOA2GKyFIUs3Yyvt zTp{1T*duOvDQVi{ge6MAO-pfjCW!pgd>l^@$B}%j2s&0I)tGc(K!tJA$9HL$`V`>c zO=n9O1OjduB=z&Yy>jRn7YA{IARb~%Q8w?nT;zxN+%Y-kk|FoUv!0o1mjoS5>EwgmDRGb9sc8K`^2Gwd`EVDM280)7J;(|;@-qtA8ciGHlE zcuh=;atB~5u!JO@U^<$Y#H5jqB{398w&b)Sxt#p&WHAZT1gR>okg|#@>;UC~(NU8g zbG= zIy?Gd$-wz>SGHlg=ySs<>B6{c!$a2g8SPWdi^~u5M%g3bUD~A*1qcQxrL0?WYP`|v zHSsxTyaY_#9XI8@TjY29Tp|_F<0D{Vd*sA{rZTd)ii63QnanUfJvSNiVG`lmuDg13 z$~5!`ki{z}bp%8NQB}~tB&eUd;4XP*#VZ=DU(3EyQCbPV#@7Nlm=r=OK9zt|qpgQ@ z7_df)mSOu(J&s_BKf2}f+DexL*45)X`Uxb}2UgmJ7hWg>2AF1lb%mh@jyvu+IsEX$ zg+Pc1+5L#32M-=B4?OS>6-BZ_*R0tnr<`&M?AH`XpFVx0ef#zrcFB^J)qZS^*BZnd zZ@eMD{N*p@#1l`H2OoS8JNwpaqwuC5&29RQ6o}Ws(v;aU3Xq2Uxwg!!Nf;<`wI4x- z_qz+TWhteGZ!0SY8TMaF*vxvlTWaL@L^wwyqn! zuwa3F`|V;N*|7d-Ozz+R{x^WonRvG7o_+ac`El6_`SHiaa`xG0%LNylA>VxSt(0T? z@3F@oDNC0wm9M_~0qeUJ^6{77z%JBAfTCkihp0?cB;zK)Vp?Ozj+NG}Tgyo&ogsJL zc_)4kK#>l+necOZCaF~EwFsJiu|rV6G2(dF9io7=pgePmWMXD)K+plk#DMTEo#c4^ zH}rmosE2eR5<&s?Q!aDSpe!x%6PWO724-zSl#qn#iDYD#k@|IL$3yjc+ou!dl(!F+ zu1~g=TmSo4x#i6lj89(FU zK*RX$zJ3~S5na-rn9w)z+56~3Aht~=valn&0kFXE!kv5xrV#hOiEq+IRh|F9vv-+_v!MC{TQWh*QL%Ip66fKrF44G@> z=|4@H0)PDDA7$punewlH{i}K)CNrdS*Uvxy9Foo-<%lDWs8Lq;y~fL}e7NSCYouAT zW^(=Y*VoF&GtWFDr=EH$CKxZs(MKPx-zhmAG-#0a8*h@v$ZHCwxvc%Szx`eI+_RT@ zv<;fA##52v*nXbpUFp9Mk@obqg|!< zmcJ>pmfE?OjNe)Q-dtMFV)(GmL*?L3BLS59s{{#KR;0MBTxKnKSEJx+To`{i=0aOD z5^d^DE|LzKT68Uu#nPgFx`IeW%krh?u?uD8{C0Z3TseZ&UYuqa1b?OI+Vyf!Sy zp=*5MgCCNkU&-ya-!6+5EtSINg;<(dV6G0kfK{YX$doBJ z%VUq-XP^Mbia1cf<+Fr4a&x#uTTp)NvBwltE?&I2!CBt0VS}`2(E{hlt(BH7TULjo z&SZXmK9>5wkzT!eDflcZDOW{W+K~&vgaK_bIpclR0n;}-9|ZuIWX5C|x5QR|8k9uy zcKyGx+6Q{J(tYkvGv$(A=PHj>JHKiE_n*ajyJzz^*zk#DeHbC>Rit3TFoH0-M2 zA1gR6E`AsU2@<75+#pThFA!!%RPB^@*^o&)I- z^prL&tzVz1084Wv%L>(Biyj7&HUcoU>`|c>cfEx3Q^^%nwe{dws)nRrzrB@VQ9-+X z`%cQl1|2X+70fDO1d#5&`<{}0_uT_bOr(9gwrU)c16;?B-QB~ zM?HUw%i9JaUZOefPa8iS#tiAysgu5{#3XIw#u7buE*n|^23e%Xcz_ApZFJO1H#sh~-h9St<`eQbX*fMgS_K`^Sxv6e0aSDsYB?vZL;Bni_& zEpzoB>LNAkS|*)`tTP4gE@jdTKLRN(#i=9FBOr*+1VeOI8LSX}tp1~fj`*p58M$%a z&O7fsdHnHz%CoP%BES08**Ine=Ry%MMNn;%#-=^KhR}hZaSDW=^E9Sn=)mJj2wA{F7Lkb%BuiK9|82d zEx-HS?;tHbQvUbjLRnX~UMLaTefNHH{`nURm-Ob%`$ArQd%8+C85cJu-1F#z(6?JB zAAkIX{QmcM%DLzMN{Y+N(cE(Y-YN0IrUXb@X}qoqZSlz`p9QEoK@L24g!Jgq150%O zmJ)0?E~5e>9Hp{64~tid%po+__v6M*M%dmRy&xGl4FlUa3~UcTV%1Z={Nf8p0?v_}Z@yV8+nb;L_8TfU-guo188Q&M9X&CS zJSqF{KN4W9oicN8{*6J$=DNCA>6;yd0#@h75NV4f9L~q4gx^AP*<9Nt2UY6DWoG8# zM_WKXdGxt|N$1|X0yxb?TlA@<;)6N!u>^!=YYf)hSU^Vxbou2MLekR$8xW3{8*aEk zDxrIK!Rcqoz`gpStv`=A=0WnbNlG^rgMs<+^XXYp49_->6wyxa(q+LnF{$X)Yd?AD zp~s-t^fOpyw|tl57zH{WfKAKTS&=Sz*kQw^ZQHH@1)F5u;!-SY-GnqBQ&GBLuSRAS zXNQ#dn2jUXCpEHd{j(h`C|`8ZMc^SH2$wL6i;LwKzxahv;zxZhI@a}-S6(Uq{O3RA z-FM$ro-%9JER`Vgdk~Bx6DcIq|qjFDOX@bO=&O$L0p>V5gY zG5@FOF@BDz9Ank!F8BvWY`!ND0+&$mgwLug#WXUY|C@;kU=ZJ#7y6}OBGp`@fF@UH zXM@Q-yK6D*H&GfzBCB&(K7fb214!+o{f$<-_pSRDhTg?405AJPuW1qNHuVK)LXETH zB8fmRTPudk39Nipl2#f}@RTVx%Ei}RD~BFBqB`<(&%H)|{`1oi4+jE$uAT1+9)geY1m7zyYWLq>z*{IQ^zlEC*HK=$K$G z&IkiQS@`+a7>M`BV9PctkX%fbU3Tjw%NH+~_5e+k0Q833id7d5f;fL7W4_zgf@8QG8NJmI$DK+WSXAkUF-CurMwL;prX(vAD zDNyQ@fizie_JKsY#my9E zx~infTV~RY(t}Ja$*DvP&uN#Y04d;r6DJsyn1(P$@vOrtAPLup+_n5$_qyhXQiS+_7N!hq`w9sOnl3zyV-Q?4T0N}}yq#xRWkD=R<6E6Ox0ioD@{p{&{We*>VwJRq$$^4=)kaVT$ci^ZcL8bM zsyTERX3O&B%aIAcDu;5pga@di-ZdTi=a0_YNbODf?~X|U9tC8_0kM1;n5LNpToYBZ zeT1;4l!>)}zCY!ZUtlNQcXIskN2^V+6HYi;?%DgV3S#m?S$ebq<55OS8)0Cw!ifM} z5K=2HuU&fSWpdJ~$I6?pP1pA{5SIVT-X!)J=!xiM*xt0 z_ucpM(rd5E$iYK3Y|(~I+IDH5B?q(3K%lw4FE1~ZQsjB{$~Dl@dLGNw-KAxVR+g`b z!Y8L8$#7(zWU}mg$vS(^n{THW-oJnU>ep26CO~rTzWZ#8HkU@@IZntp$mkDCmjKB}j2JOoZkTXYqz@T@AgtY;hv>sDP|THMWwmq)eTRH2m0U{X#wm%@#K0~iHbVKkOnQzsks*Q853`zW5zSb^ zWUyTJpm>ppS1prbz@S1l&#Vdn90g!em{w0&skFq(HC8qd9{fvF0c~5glwEu6q6*zr zK)*aiz6x8NIUAs;(m6H+>PNL{(@M<~kg+olv|8+=1Pe@_Vn)78yPbyuY!_Zf(KZ>4 zb9?XITi$&0Kd=FIFE$Yz2A!l;kctkG{r2k(Dd!Q=Yxkalvnw?WcbnJ@FB;z4o-VlH zA}p0%EF*`F0f2f&di2;E%H8)PEOhSz1Z-%xh@%9jmOuLFU!muBlExQQ{fUsA3|+j( zAAZbb4a?NsA+7BuyZ7uY-MV#vU)w-2a9}^_*0~*|xO+l6^%mlKNc)TnXbhEoFPcyH zZCkF^r`f0Kv!Gma=DaQGG3+k8?4nW7(5-V{e)**g8#c^6>e3yT?9M;`e9+fuRQ(Y* zB!l~T->2^rO#v^Q*&I5F8aBbZ6>)1YI<>MG)V_SXYC9fGd zawIlu^i@L7n)NDl9dD3B#vCORC*BNxfHUUchdg0K7n7n+gV_P+EN<(=I#~fL)5!`a zEciLg-($KClj2J%#hYkt_F}s!`nX$#`l1NDH~~gS(W^5CmHJC`h10iC35{ zST@}ySzTv*!J*R8!=6)T?DU~x62{$FQFk6+bD*fENCR$Y(2~ku89*H)M7d?fgCe%@7uu|H#HuDrbvWCjV)N{+p!DfQ|9MGI*{Ede3=;zv> z#m7S@dGM+)LVue7uRCnK__p>P+Zpp>R^cnF55XkpF$TnA5^Tw<9LsF*s`>*Aw{qnw z0DC{$HR!;eiKgNQ_*Z=cG))t66C7CX*p@g{^Az!-qGHgoLY0p1tXZ>0m*luKckjLTs?s=34se&_ZoBO!D^G1vPlpmgKia=IVH09kR|!0gkyWxV`#79ob9BYgfkWuA7ST@t|+x;hC8%dl~wc z@$f{`HX)fuB(B|Ad(P1^RAyC4ZpbgC*u5I4U|+McxH8OpIz##$&qJh9-dsprO9@=+ zE-&NeZ^n!dq2u^!t*jq#$RRR(zXJiFE|+=B-;*)_8Y2gEJVc%u{e<>wuE^wKwS(x zzdKQGgmF!}AsvpAEBgFa2DaKyvh%W}AU9jb^t#foj=Yg?IO?a2Tk@_Am@Q$@k_24~ zz!c9pad*6LeCH~cwk~K?G8>r7z>qE5;Xy@(s71--ZXZg4@XrlQjDrINorbN#zytus zM#9EJE8qMPFj>5aA9^2@V$o$lJV3vO$f3+f>6JFRXx`Lg`p*te0i9K$Z4n5;@`Ud4 zvbKO0hc=R(k)v(VNs&5qXot3AfD$cE+j52iMYJg}8k*W*`*v*{w<_jl_`JdbnAc#N z59-9AFp#hMfb^@oQ3xz>Zw%1dB3r&6Z8?B6m@c;)I~yu&!|FKspeX`?P~bQ77XeiK zP9UgY4)JrmVt>kH#uDsUj)quJ-kM~oIPYfVE<8^L;7I{Iv+|*b9@5umWB22J`|YR3 zaQT9H>e8i)ZW7_f6KAN@)sKrSeN7Gp*ha%V(zL`TDn4H>+NbLuX1O{!DQ`=x`5IXB z9+`}@y$~?DcEfKp6%uuo3T8sNHrbb4zXZ#;{XbrLqwxfmWNHV|6N6JF>f5Nv{zB!6a=3JI8Z8pphF&vWE~uOAd1&2rlZlQcNb zxVv`HjdEDm5i+99Y&Uuc~3?{uulk1DH4Ga!MP9qIYT2ban3PWGL{T%Oh7A@ zAa$kiY~aU$7a~!+E13jNoHS@0TTK!Fwf(Mj16KD(vF(fv0)L=bE7# z_bDYo)8RWL{ZAB~$~n7-*Gppmk%q7%V5HJ0715BTt4yIH9JL5yeQykr)bCUqRbM z6J^`4%!CCj0ucPzPE*~v{PWZZl%hJ%I`zRa992tPe`8s=?4>*G0JOBf`%H(9yIY;b zes7scliP2#R4aaAjaK_Jzi!0gJCJCBYlU{~hACXw8-iF8f zhB{V|OGn#HB%q7KUA^(K0Xe_+J=z(({?hk5J_QJN$V^lMnPF{~ZNl4bjBy(Hpl?cT z_zsXnuk`D-=EjDlf3G9sWOzTeFuU;XyW5CB$tSyj?xfRxq?y!ryd&VJ^ohrPL}!^U z76VUwa{a=6X;i5y@=Z|3JQyvRa{@K@>~fX9rYVrR6v$t;K>Pp)!A=KAai{*;cU72+ zKB#?^f40Hha?76q_6Os{fvK|hzI~u`R3^m$O9WHaUyK)7A2J(?^VclE@hN>(s!U0^ z>*vwFRx?8u*5+Z<306LUK`=Ypz^f{p1MImS<&;1XIMJQo`yA=u$6T~-Ul4NupWc`q18v0>WqC((e(%vjAfmNXous!MW9GMwcO1pB- zj0&zH=txyymtTOp)~j%0W9=fwW~EV{lLMNLtAMSUVp+ew7&}g2*9ALyLO_@io>yFNi9$Nw<$%<&ynza>C*IenfL=oG|q51Tf;G|3-9_;G@hvc znu*7IPsVBQtxPpT#Cvl7<9+kK)BHtV)NMi8Kwd-Rbn$cc%etfSQ676jE8b-4{6`m4 zeJ)tNS4Tfk1nng9!}0?2=DyV%LHc8ZC_s90R~E-p?ttdb=r9_w(pe=c4T`2wJvkjg znxs*u`DI%(;9)yYq3;-JFRm{I00_fs^C+lg<}-J3$15+>7&-zr*U+x%s+AY2ZP0}EtBDunCd-G<8@3q+=`cu)3kX*|o?zww6nyhNj}{$p+1@iR;VQ7Key zp`@H^cmz+uAdLB98MO+$biuOu8g@Xt;hs3i6B!nDh>08HOf{Dj?8bt!LGWNoo-LD$ zt%G?m4#{n|oBPpUF03c#=H+NOhSeXR@zZ#){X91>TeqTf`*bGkEx87kY6MQ_r|DCG zOp8DApU=MePDYO&38RiJ^z66KKmQi*?RyA{kQ;FJ*w24{w%mU2UuD69Phc(nPJEBr zN#bClrSs=bwLGh7KKyqj@^& zF&>K3`QQKkw{D?l9(c|g%e-z~k(_bH8EVk= z$Rm%GH{O_~@3}0%<41-MAFh(O`|p1YN4^}T`Mmhzi%s7F;cX^MAZp-bb1kLXUjomb zV>xJ%ePdCn{Iqht{IGDP{O_CP^4S-Q)l|SIpW2mX1GePn!Z9A29N~aYsTcuN+9iep z98YzuL3Fx|gMpcPF98g=`os7`5S4PjNdA02TM{ERDA8eG=ar6|jkx30m4)xP$%0Da znJA}T@myzlBWZ9PX4}gF9cV(JImY0^X1Orok}CxTIZ}WzH4_r2s)%kQb%-2LVP0&a zX#B0Z|1mT5IEL4HK_2iQ`GzzYd1n6k%Y!+Ae2nX}SI^d1xDh=QeS{KYg1{Wy=ih=9(nq4IrgZZ$)}%wDhD5Yu)I2LrW|wVLGu0g-vhY3jitnUaESC@ zu}%JNJrAvU^Um_#habtmU;dB$<~P5VnRDJ#ppuyh0JmtFTzTPz^76~CE7Lyftkb3Q zZk^=k$DgQuipv0G<^)GPKBQN#z2s*ML2XVuif--U693XD)W2og`m< z_k%21vIN$`pOqJ1d_!KF^(M-4hHlxv<(AuIU+7j`dg&F?xm(xj__`wq<4~|fH&cAr@kU4UBMO`}`K@cSjGI4>7cL#f$$AT9U<)oB z%u?yf5hrn31corr!oCv7L4U+ECmqbI@dypFUH>EnG%317Wl;P_qj;d1iUs)|B$UEs zA4$g2+0laQmS=mc>@-M>OS`^vPJ=gLV(9)tXH<{s7q zfP44ujWevqK-3-v7H_3zv*FcKZ1-}zfuBT-hKpT}mk2>m9p~drHuw3pa zC;-p`2t)b1ckcuGEd$-!fl*UJ41fX=z72lt@2w{;{ zg`nTVHkS!L6QoooP8L`;>nCVc=$H0fe|ZrV0Lnl$zeHFNC*Vex<^Y7)4++354kOs; z&NhZJHhw37Ai(;J0U2hT%#-%Jh@|b1PQ$QTgoy|@i#v{Bt-0My)xnJVd%{HgVf@iRxv;l*Av%(GJtegS{{Z`G9irEw5r_<#S z$?a?dG8vA*zzyRIFMd}-OH8}o8!*&mtc1QF20wm1=upBX65h02^4oS2->e(GUKyJz zkydmbsIy#aJgh)8q{wz=Z-BIao9V>TCmb9nl^sWD2dF_qtzRz%cdYxBE7xj)GGI4^ zwqa;}o2~+ki091x>=!4?JO6o29(nNZkj(s2K}j$dJ4e6}xjs*3QCv(tzfBT=HR;UE z3NWV(`O}|Z!vqYX1o4IQZT7`2{iS%`uyGT>Qy-j3caDr6Jw%2cdNdB<^-CG_Z|It} zXs(C(GM(JqmU@mHrBk%Zt?_|LW##3ol4Us#2`(xsl9g-MDl;sHg5{Tseu79m3*pE_ zgL34Nhr?K7Hw{Z^ZWv2pKmGKB+9jgZdu|{0`vV9chV7#N!kA{EDrFPgl?TkSdsR+` z?7mA6O|uLGL915XR9^^LiKH7=E9sf&chs{8f}Vb$CuQ(js`!7%@qW7#7zGt81HBrvxiSf-`GE<`+++hGFc;zZR(+9<l5e8WuC9;Q5y4FDGTcsODO45Be_6r0nI4jYr7(v#45^~c>gR5pdyodnbV ztLY;@juKfoLxCriX6Z7}3Aq)NOQhbJi+Gqy*@(@Ib@W)_^($1 zXhukjf9{qmtBDDy<=bpRCK?nUzy1_`| zamSq~b3go8&i(aykjxw@)8C$pgQD-pu^#`D(@r}MJKKf;u&mR#|L}+L*icacfOWTY zKcs_HVrME{1+HX7dZ;gUrLbOTXNh^{p}=%+z4nfDJL@!gd`~L`{3_5 zEbG1VpZ~y;^`Tma6DLklus3AL0QvN*|4G-bT~wi+#vhj~Tnqrz3VA(VCQqIu$Nusx zdHjVJWCC=dzW?DzdGF0P<*|Do#**M%LqwW{F{$!bnj|KS zGLScWnX3AY{Na242-2PxN&mIX=f-s2q5lx=n>qD-2MBTaNg53a`DAi=@A{P zSFeV$_!F>6Qi5f)3!v|Gmy8}g9N#9(x#wOW|NhSlx}-H|&~ODrhaEOn?z``H_!+Im zqb>xOslASMKoH^F!w)|KCGmS9Wm=A~PilMTH|Cor5~vq7Y}iP&`_;1h{zK)u8?MFH z=AfK?_Ia=N#wqk2*ny3>zpNy0nv{4?kF*f9z?c#kg@dL&C*l z9SGWZP8|WYW58s}=9oY8!#r5OblK(my4sMHi_DxlLKcVlW!u|2#_G~?dR3X=1b?*EZ5mYDD}paq#W2=-+`$luz$v6DSdN_#FaF8Y9M#)B*`5+QPy4o zJ*W$(N!52Vr1bSk9v|^RXeIQA+C`KU*|vB-A%Hgg^GZir*sLkCCXcpg zM~&Fl_-}t)1SwTBv_D8dx%7m_iFu%gW4gK=hBisP;WbzqY}>ZA0*dvUHsT=OT)o%9 z7;V?imLuaau;du!Zo74Za`e_yr2*};{()(#!kA;@qyt!*FJrj;R3xzOU|JarR$36DSF9%FH?8Mddk8;TB&!3z>R zF0TZ!3yTVj?)Vtze@D4m$K{}GfF`dnS9Zzmrk&iCkz=8PanON4iH_l17`4d@Es@H6-?3vmjg#Ygb1Vl^A=}bGx`0}2)4H?-zx3~Ql<>A~ z-A2Pu+|Kmb#*st(EUztE6arM)G9$n1M1hk9{1_kK6&B{hz6zHAQ1{Mp>Ah=@Zo1Qk zd80pGNdf{mmY?8A|3%_qeEczG>w_+~&0L{(NZms&rBgD@v@9;WZYK0*KQpehOH-h+ zD4=}+ogk5t({0K7sBVWTXqvwKU04O*M|o06`?D#98^73=6l#YZ*4Ym2b$vO?H;gZ( zVxMeu&_uFvEjQc^2CZU1lNT&)y5~TpFu{{^1WNpw1j_E+x0+Y%bb?#eLQ z?YM&t%V%u>%nd!7?T9X@x?GT`P&pbP!Hu^B2Xx-f&U>-|0uTcU#t_){6vW_>ir2Lkob*GXMO-B&UT9fIsC?aKlj|r(!Ns%06DaEDx~8d^FYZC zR?j0AfGyATZ-)h2c^IeD8zKPGV_K*Ki2qR=PMVTF$L5!Las4fp9w?pCh(MG2KA8kp za9)4+YH?Dn*&Srk-$lr z2%hNNvp(PtEge(b8NiYPE1Zm*mQQU9qgh&IV^F59(gSOt)N5b^rXEHBwjwgJI6h#x z1>tvg|DX`)1@d5!!mOrM8JR%=lK4;r;ON;uUzCW6lDVQ6r*)R#}ww0HvnME&z<3V(mYXPTX}tCMKd2M*WRV7)8;{8!j7QWLa{GPTE}$uvxe+kg zQrz?!lprW_%X0j{XD>i1WBQEW?zuF<0ml@@ z`Cf+=#N)z5{o1>&^KY|@X#AGfy7ROB{41>$Lj|12BmEXlhKLi?VQ*4)vhfZZdY-oRN>vB$t>Do_S{`5Ty4cC;;p3@Ac|D-7pj{*QpsU$gNKfQkNP4fHq zZ;&oew3Vy(o+6j*`x~gK@c0u-hTRxtQeqaVzP{}(vhpIln7(AXOrAYixO470=*A9c zJ3#eBEiS~T6Elvh_VdP(D)-w7G=Yi2o)R6G2R=&=rRU^hmef!Hc}4kG8BE=`Zt&C>vA)e&d^U> zikq=`h5{w$m%HY!+y8R4<>rJN0nRaBx7>_WqOKt>J1XLzVt2E)1W%_ceXR ze@X@a%!6CPUNeE zzk9pS=F`QpBBV-OQX@E`e*#^rFXo#udh-=chhNM^-_=adeUD!2qJ;}*w2Q_U4Y~O{ z4NGtC>^T_D)ZL1h32`Ys8OsNo&sAc5IR2u=^j35OlW{a)P`fAK_113#BT9QqJ_RE6 zn+lRs_D|ytewi@nYPoXX%jAyvcgwsL@5;2FUd8b$Zz(-)o>!YJBRh|*emQgL%ed38HWaY}0dPKxA#~dTK-g+l?9OY?abhC9gc+^U)DZGFoE2?+4+i1j{|LR(TCN^h8KQ-d&r5p?r-n9z-Ae63TJY*97YD|MD6&HKo^_0 z*r+%6J=TAX=ZFR6VEY5WXq^rfC7yQFLk+)M_z+yP0LM(^i?7-4H9~G_eydi!FB#2y zLxkSE!SNh;;DIuI`t%z9xAlSB*GZSKN&;fUmfIS6I{Y?Mpn3v;nCh0C+7V>ioLB=R zU|T0x;qpCqn_sryh0qN?PbZ1@e)%^w%vuU*lb%n93FEuV-_V$2ffCIKILF;_2X`8& z8%zea8>sy@2wkaSnDyc50=DcI*_eeinYLTa*wVh|(oFVsyMQL12}dJ|4RN&7}+20k|ZaIW&u&aoa3)x4tSL1oE7t#BX|Z-R7~KV2qFqdlFY*9-AVuVy_%ZootOFbliOHx$KPt|o${j{j()IbWaAc}NZE0yajQt%Z%a$#Z&p)3j-MV!JSb9Uf zz<>Jbm(sImH<|InH*(>bXR80On{U2a*^NdVVmLL4+88V?YdixqC6Wxj#(Zui4}1Ve z{x6>r|B?t`s;TH{yPvL)e7l_)22bP~>fjw(W!Cg=qTFvv3(6G>pU0|flVpy36q;FP z0AN3*_`#fO2bV!_u~aU6T3oFLN#@`SF+rH+vRyUT)bBt0>@%$gU>u!9s8>d-;rM`{II+|(7@ah} zN5I5!%+zayt60-U{h?6^>%2|1??$)9Z-^lJhJ zlc-?Rh`L<`xHAq9eutZ2Xy7)JyRiY(XyU|h!4p?L*X*DvnwYiyw!7ynmx&;Wwwoxj zqZp6ZJfe5c)t0V(ZdYOC9KHM2yKp5zZ_`xDbIaiE21x(DeZ`;ck%EGa@IF6YzWw%7 znKy3{yxg||AOedKjqAVz_k(x(`({!flM=5X0*_;A@}#4g$>=#C{#8yR=+aUjOt zB)n5o+u#PkN-v@8}1r|&s(hbn#pm&v$N6z@`irnaN;Ge-dvxjq@7 z(dGaT2^%cmAQkf=zQ^Pe@UNGOrBh(n>|_NkFrtM%Ptilo>2OT2hnbiRrzzCswC-yE zVfbbZ0l^Rye8OB_oXSfi9p^@g>}ql z2GFz38u2*WE<>!j&7?^%WK;ymouV^vIdC%OpY7!F#~+qq!-inFYFOqT50N?>#^zV7 z(RoXR-`W{M8L3$YZ&oPmB&iU83RJv!ZcI^JTCZK|{V~_~lf}LKzfyeU-Di+{y5DQUY8Y`dicI>7=yp3!bwtO-Gh z74%8Pg2@0**b%HvACtH6M$;5~-Ol{QX zFY{?89j@33n5ZX0@RZi-L6dXxjYW|NKr$jY zD~7Z836SWE&IaeTy;t8e^K{Tb;{be~1*fS}9riK}!=^N;5iq?!5ydLB3ySh%HSjQVoI6%8!rmf1eh9=zH8-AlJ)jwQh4Yck_+E~ZWw^2eKM=l7i)5F z%=a4mt^pK8Hv|UM)uG7Dh|LHH>YZOC;GO>*lr}0IS%XgF?~jWN875^u-5e@S>LAt8~Hqk8hz$` zzzrGfhdg2h)8=d+jo7j?z|3%!Y`>~^|Bdy*X1Lcfd@#szgFVgmLzdC0v&7#7NERef zEJtnK~kRDNcG6vRL`RL1~tov~7)NJf_ z;-V$%RER$XV(Bo&`zx7qUJ}oe*)XM176wja#Ya!>@&0bT(*tPI-J6T1p|qz3X}_c)`@Uk!Vn-$4##lbSp#!>Ci$T z5$eshA2Z&YyxDe1;9~#~K~U_2ag8YfBO&q8$dx zdjV|4N`t~6e?xZ=Rf<0;@D$fNj8^)NmAF;%w$IYXoE295w)bi~XZ`%D{Fy%lb!Y~~ z^el>Vs0> zDhssX#1(;CPCH?|OgM3zeufjxzn^tSY~cdy>ch9o%R>Xc~_IPrI~im^xs z9xQu2cQ4hap0>8Q_B#!^8ve33vH8Y2sV- zA$H8YAz6n!E9nDI5bv+=AdSjM0(#|_yjAZ>ads~$t3(Ody0LczHv^8lmUF=}t7E5qs65X%P=ICh4lc+NI&E-8Q zpM^j|bLG9&{MV(ltQ_Jbijp9b0*Ig}DG`EmaJ0KO%PPItGl>*K*y4pDeA~s{fYR>D!^^3Dqah0S|a7&KdfnZe|`a+sMaw0 zH=)}5OfO^OJjp3psUkWrbelB4A>AftxoXQdluZD99dq~*QZ|osC zr4kLx=X>wHr}Nr9_uQlHh9YgYAA4?Cs!jjaLk~S9Lx&E9q3E8_^U8)E@lo*1@jK{3 zqpbnq^TQ86T+TS-40+>?H?%yqO!nNAxomb$6DQufc6`feB50yclLb*V5ya_!rKUKs z?i1ZpyrkQ6-Iyo26g+7a*eIpO79}~~ZH{Zwi4@`vzY~u? zNp{&~q+EP4Ts@$Fc{~J85#1e2%jkRsD+;CZ*Y}VJ(Gk>;7Qi$>r%~eXx}SKKehOWH zV)Kfr3d!8?jd;3@mr^W{XzY*TwKM=p@6Z31U_}Wk3u(-KLtI_<5`UL5;#&BwxQbWk zeUlJ+i@#V}uY5;V=A8>pHk8c4v7(L#chg!E4>oS}dD^sTa>ETb$k?%CtF#xEuck6a zr;+-dpcLR_fv`EwX=Cd6`RAX98?RRK?6c2edV~cQ_YV$o8T}UgAvmB_J&NiO&{n`j;pA*oKW5gW**%_IVg@KKl z{uwyZ^}gBRz+DcRnRteC8scVUd2}$%!gVI!0qZ>z6HX>{AoxDdS(tqIj#cvGH|=+w zc}@6hu#@Audnw@y+%y^7Yp=cJ{`>FOPEO!tfH!TRm{lM_x6_wgO}QXwqT$NugXRgM z@A3EMK$iVR=MBF=j8v&dWhJ+h#a3Ll@tgG=+PxWoKdbZ3yHIYw{aW~a>>xMacfT5> zQouoo?Qoz|Zot#q|LnbHEa7;qTy#YmB zzka>E_S$Rm%rmbDZ4l0%{~Owz4{7`4tg|kbTW+~u_T6`188m1R;=C%8Cf%v+Z1m{S z@Ts~~`_LNb^PY3gIq-JTMaGO712iwU7`c+1Z7*XXQ&|$wLM~LmVO`A6Qe8!CL z_5P!ePL}JgyG~9y0&WfC(eBY_jpQQSI70L1v*@xbkrdSEr`!C~Iv7E*J~duEF!^`V*$0kgDC8UUK&xqGQTd3APz zSe>EzJ=?U+Ikc#2vW`^Wvb_1`oBGO)H{Pfmorx1~3w3(3pfM@_F}v0z34~~hpsq)) z2_gc$j?;Azt=(5(#~3GfyKAgEjq8$PVkzi~Jf*=|Z}^!>!-YD{T`@%hmE{UZ z3BIiO)8>zqA_vlfC0;Xh?>-Qd9mRT_7<~Gk@mgTG_Rjb9g)R8cmQ>boS*+bV^gTc7 zSV2FgEItp%sb`&1Y_;8X+sUDa?k_v+u!p?$)>~#LC>BKX=g$X#xm1olb^<^-#at(V zv-6HT{P4qA6jWd*_&vyj4^HfFm7jn9SzdYNZ8`JIivXZbktHivNyl!T!~fj9CHDkNuxOtf924jnvI9o?}4>VREyv`r7>pSv%}}*|-sd zO<}22U~6tA8V*HWjVUkzQ#!Xoa{H#*yx6>W!E$}bDkliyx1+yL(VWHuZ{Eg_5SN3O z0cQ3+vIsd*6S#TwT`Gh#eLI;)-cGtJ6s*~N&w+++5)y&5WoIz7HTRsfi`0SbFs2^) zx~WsrzIxp{(`c^iF=O`B)!3#@oAi^n-g*rz(qAK&Up@(9m@6Ox;;dUeSnJ=GYh-^j zW=*!7oN=7jvEt_z{wizo2ZQL#76qi54_-lOE73o zk>$&O(GR}#(kmG7CxV8zVC8%Xa0~iBMw_%W_C1$)XTJ!aaO+Fc%f^lo^vxJgEi+!b+`Ku_pB^;>4mk$D_m|5qyAXZxE12S0A>V!XD8z!fGGe=7^5BEF%ZyKFDClRrfBeIU3BNz- zZ29Gf`MUW^8401y5&ilNklC~6$e5A*1mmf@m63VgfW3*eKvN~s!>z`%^O;vJ_$}=o#loti2$cwwv8XE{s z2$(X!CGt=&1NI|0F!6qMz+=9~`;o!N5Z~sb>N}=$I`477V%njU^u)@u!Ng5ck(@0A z&!Iv!l?>kbsqWo7Ie*sc`Z6#Jk~Q3U=OnDKCdmhPTq1kLD1>M9nJRj-j|iTum@XCw za_TlYMRa^8R{U>%{87f8a*a(ssm>NW-FfF#^5uW0$&}aL2DmUg)zV?1+dKbbh|a2m z(XuZ4$VzE19;{N!I*yXe#qUEb7t(DCQ6OvmY-zh`p{xap*Vc;@%7kAMgjyP`F&~86)nSzpz6*D;>NmHm$VW!j;%B1&&uGv zn1Ip&a#>d6n=5{eblI}C=y(-q^e)v2%g)WxvoZV@yAx21^vH=>a{ALnVEa-81LTT& zrx$IuFQWh%``zZGJFzG8nwJN5YgD-Cq8sG=3(pYGcauf_hxRyhCwS*o~9`b8E8&eWRcnslS+f}#V84ZYyTb?wx? z%E!A57$A2|yjw<&+C{CLXTd!T6}ah^#6_QMQJ5)^*;>}+?w51mt$H0O z8UKrzj3~|DLzZXtk-i)MD;edOnDR!e!CN=-HFoSsEzkAWPZWx4Z73`(#ALOtO#RPP z9sIeOBr6Byfm;^t(4|7T8Q1I^TgTb91BxgyHR>3_@hRCtWCIeop{UF1cJEAot8dv} ze)(nC4BScXhD)#Va#69>)wkXR-Jg$SFm!|nj0h+yz(w|}-Xc`^z*SaVJ2!XmWq{LE zDQBO3jvRgTQS#P%Z%7_EIs^On1fcS%nEKOCzW^ubCYkcd7t*#v8x`yK>(>haX@TnP zkvq*9o`7rn?I+2G=`$n`cPb%5V|nmt$syB(=6!%dypS%X!7=cK7hVSNlnJnRmu|l5 z+qVxm$5%i<>jhc8dL4A4{vtP^EV~WgNjkJ^E#nV920Bl-Ynp5VJ^&`w2U9MS0fg~x z7tIcuoRcp~s^y_wm~2;u+J~VH6Aw_V6=Shs)jxzdOW-i6LN=7J$-WJN>iQ>_dP6A? zt~)D(r!p(*(2ov6e?*pT9xrk+JsJg71z&V-TEJnuFl~dYOJ^{Ejduu`*ck~-+;Eaw z$-GsNn`y*ky9S3Nk2zZlN@+qH7?2`4Eip+))h)&rY9BQd^^-zrF-~z>u zawwn&Qu1NYPaCkW_}4BBzr%})Hap8&aG82-`cc|0dR_t@2g}Am$4dUP=@6r>trFK= zzDe4w{6;px7-0^qfTu0}OrMu_-B;G6b&&q6rb^z@cf{LuXDRA?ptN5!Ra`Jl5X{Jv z_1zDXHh~I!1H0~WyNb8h2n_I9m^?VXaaAmG)m7I*d~uarcl%v(?@iZg+JW2*nfcv+ zWxJt+RoBw(1qU5ElwP!D(xPSSqzZYO>4zydCq@D$!&P9rGzfd}p(r=Na0z|sH7jysOf z_;0`cuBOwiTQ}%u?I2G+^00L8cD-a^!`1W8zbF$XoT|^YKOiFk9D8{qT?3vGErQ;OS{T|px2fzU6Mfwr220?#6I!_P-X;TbB%zN#@FS&pIAZaVU zhVR4CQrLAzdF`1;rCYZ_au?Y5LkDduB`}u|KpxR#uyS@|JVCz6s-N|exON&R?j4R5 z*R0n?N(>kZLVxkkZbzYAiL_k|vjOEr(t6Q*vT^4#B)IMWiOhZit6c+XLoG{kmVYKI zI`1KEdmSLH7JV#%);(o4I8z-<*Wul_(ca3X)z6b<)95S2xBUc3pEgPSop+MbypEE; zdX{)#uPIo%R&wCBDVR4{^GEj+%rjM#=&SPb3(uGH|8j=h|Ip*|z}*nn-g2!>e(_as zc&W$4wvBS(Am@*DvvmcwLC^{9lanLo4?rdWWr%pN*iI%P9p@s>bHN~YW}AuL%uigP zGz|RBoH-LZe#>FU=wNLtb|=|BdybZg|16asW*dDxZ9^Cj4X}VZ3+6|vw79TCGp#I5 zH!)pu$@SQ2H(vFIMvvZ4y99)sn}FQ-Gn{4VG>oejOr zzbnZ4*T0_8#i5;diDN9lWu5W6rbbDJAWR4xCo^aM1ab9#nlAqg8@8Lg@WR{3M>h1Z zPLkt~KT&qxey~12?D*5<1Q?pO>DzPoDZyI zl7Qm5QnU?D4m8)0jdo!~Y@6paJvAX$PI{ss!fC?blLoz(bWD(m!D(_Umx=Ve3~qSH zt}ZDlQ>U&K;HI&SWJ3O*h1H$+$%AD;ey-Ak;xwlcHvtfVQ?!_k<^~9Y2#zd3(gg6Q z^p+7C-ihG;I2eGPq%HsknC!?^L` z5+&h9gsaT5o5`2s0(UVRu#qfdEyqC4ha3+$6FcWD0z!tW<7Di4)y8#>(>}Bv>K6Gh zt|)g_zhS<^blFe%o*5T;hxssP=7aBS+*pJ*St+d{3JYNTU%z34v~AN4?}2j`ps{HcU2{&V=X|6I)ZtIFbDB&i2a!-Y z>ckHKDF|ZIVs-{9fq;pH4Yij#6k+pGZ0E7(&Bw0eQ$KhCOP~n)6BJAT_o=wnFTv6l z`VG*Xa^V9%iv9JG(fw!>jKudf8sxJxFv*vGLb!7{Mk2#jLO;MwC0Fpl+peedaj zh=xFME%npbp|rE1y&xCWl4B=lpbis7a^x_@)@iE#Zneak@W%DmV`mrg#>GMq+>mr^ zfXGJPRW!}=LSKdUzVf#lC9<;mPOYZO+Wg$TbksIFg%}ReA8EIYcE^}Ev-;)NTZVov zT9rg_!2s>Z;ZS4;@Cg7Uv3;b&Ng2-qlr)eGS$e7H!f z-Y`2*EG6A`lP=|jlDB*s^piAcaTTqVta)$CnjKFQ&(KpO^E>W>s~XzCL_tZ1VX|uQ zDFBl$X25#q~1=;h#Ul zvup|W-dW_>o5h>YN;YNV*6oBXUk${u`DGbwy|K}odgFx30jpswGuns#0OFt0)E?np;uKg4iZe&i4B zA2|a@4EY2AAZKiT{(<6|Gc(L>s!Q4pjYBR|ht8R@62x(1K%;_xCg^RzD(lzQaYMh* zxc9VvUFdJ&fR(2%(aj*71)a!rfGUCrjw9*dPUe)Y7vEP;iwhFApsz>*|9eM@_qaf^ z2OccG;*C<0-9b7neNWsFmpMZkKvQJ90(KbBU0DbV-!o-pp93Td z3#D!gUPc-)9pMKJGy0|Qjk zz-i1yduN+xIef4|L#{5{J-PN7_$D`Av~-<>O4Fhz(u8oCeV_fBzmp~aG^yRYCh$E+ z(7>H>G|bGyj?V;3UW`3}PTKC+UofJEpL0GY4SCkNIgNk`F#v!JM~97=4VVG6*7cM5 z&GtwD#@%oX{8oS+7lE~6fD!V7Uj$BU^Y&XjlS`-~SH6Jf#%ew|OI#%LKhwwAxlxQe z@t7Un<98#A3Cj6Nf50dyPoqMoX^1YYe6!ZC5YHdbUzqoaq%HbdJhvSvGU`ML?DtoxY@070 z=-IIR$p)TSC(e4a9n4v8@v1X6cn0%Lb~4kU%<4M!SJ>eg%mf4iV|8RZr|qaV-PkEK z&t1|Ddt6VaqRE)P@G=b|0wN$b{g3tT(r3FmbSWToMsM0>8u z?p;F?HFFEvKZe6hU5ufLlNo`IzYEEO~hECz;W4vHw9}t=bMMLzs63)_xUauOxln6loA7`#lZJ%`X+zu zucn7{+~fkgDdr>nc<4{FgC^Us2^d&7PIRm=bC^ll#&Kq}#jodmDe}k}XmObmIC_$J zM~#;Nwgd;)u7aMz2C(LV$gzFd3-Me5ETZ~{93-xx2TQwUb0qiutHtx>vl5t(9Rz1Q zA^wit#1D~&2W7{cq#+^897S~I(OGY7t4&^SXd3~31i^gYoTKSwIu6^EZBKm1fNz^e zv+`(pKyEuZ2Zl6E_SqOH7&wpwIq`?eKpDR5aGd=1@kAK_9i~_z7BFHw>O92?vF`u2 zu0#TT|4-|ZoH^y{5ipTEhe3$>u>(~!-D7OIG`B#l6}X;dDmJ z`Q;ti(Eeg60}!GU@C-~2+)b>L1I7nVb`+Cl0wmi0#x_EOxh+{I&N8H~8%TlBWFJqv zcea13L02r!xd7n!$M#|a+mr$zv}5HU;hBBU#^IU$j^jPY)D1NN06+jqL_t(HOr-Ie zqCF0=j^ON@OoN|c`V1NDagG-(a5M2tT$>c%;C;4f2Kv18W9PGS-9v4k_c=xqU@{l@t^iD3FLMZ&*SHbYt?V! zE?j}nh2S&>vjDae``h)9l2ND2hMqgf+HOOo^e?YSo3EaetZ$!|%!iMcieqjQ?~vWa zje(NfHiN(oTQu%@k7t4{SZ}tYu{gYr4z?3T?%O2}&zSZ@uf%#c@=o(ynX(ui6>jPa zh6WjScJs`POdL1{!ne{dE9c5@a1d*i!sD4s0;aW{4wQ<1hhwlYAc-P54|Her43>E$ zU)AXz&%D%>R=93MyEg-!ch`ZEgC>D6tz;80sV)OXT^)F#NbkyO4dO1Xn(T&U5-2Hx zNVF9CBs0-<9jFS$^S2r(YuXG`&jjH8NpW5-^pY-?oT)T#VA@mwO5LmScTn*lm1E2L z?=R`|p#;7WV}T_Rs?b$Ygq?J+%kn+1kn){QK^j*g3EM7_HPrXU?t82CHm{Tq#AL#_+G%E(eD>(0?D3j{R0B z&5V_^q{E6?vZh^s@%0!T`4*m6wjCm?b9Yx%SyFO>xb@}4%8S1U3yeH6oc5vt5;q36dW*`ut4$JnJJTL3A`^F785iphJ z43OY{6LsJumx+qsS(#aC`h%h(V{zI5IGdlABp<;von=%UT^FV4#@*dLXmEFT4+QrB z!QGu;!Ce}64ess^!QEYhJ50ad%>3`QYW1yKRrj2;_kIYAUdnHw&F#Nk(rO{?GDcR) z$jggIzR$VwX{=|#h5!=(D3U%GEM+Hj|A;qx# z2+}ZJV7@1>2;IGW>AYRDMk3?^Qjy30oW;6-0nXZ9Yg3Mei6!}?GV5=6A0#+q**D@jS;k$?CU!rHB zn6A+$K${xhET3mhjX$V@_rn<*)v&_5h(QHOk0};4z_0=p(#-3 zXjV%%6bMZps9RIldY5^Yo(J2DE`kX_ewV|T+2*FrI_~)SW(yNuF%1Xbv?(>_eMxok z7nfbLUk}bTT_Y!gPZ2G;k(BJLC&EMq^6?9?i|U|FfUF-Sa+_kdsXaPAkB(I`>>~{V zv*_0$%8@%Hd`jjtoU#P2?j5G&CKbM;{8Eqo^qIKH-er;hSln z8p}>}M!Y2mAaRiTYWJSKlSaYXZHj!vKD~B5L(thiqDpRmVDf=UyPx_Ci?vE}Tm_p& zhG(OT_yiUG8cN9CWOhQQTeZiSmR$;B^81?ftnp=bo!hIg29lb?F?gc)PTHo=YrW*C zwu%|d4vKDo=?joX$7LEa zjP7gflxMFk5RX+Pgb$Uetr{WqH*N~feuwJY5VM?~@uk+)S5OkrA@X?BIq2y#WF>T+ zYnJ2(gq}f|-FG;9oCki9NTag|6J7#oPQ7A<0}AvSCk#Zl6J&3NKV=5G6Am@{9j?G!3do_Gy2Ve%OA*K9N9RK$r!_Zs50|Mv z&0C~0JlBlVjA@Kc;BTS5LYnXE^%PvGx^ZY#UHEK7{yC10+Wmg*vE615k=mSs|s<{&8elOSUoUACO{FP```@68T z8K*#L&UblHm<0vMsDFf4jQ|d?R%kdtqfSQcn_>(1{Qb^f#@h0r!H9A)WF(;ZPf>nr zzp$mOKO`cK66vtmhdTawHa=}2^tHEie+X*&;@ngGs>D2PV*NqL3E zeS12z9H5E=!;lbpf^V5u!U9^?Fap7RbL_n{@aXrw9=zAg-~&1rO0TB%ke zclO=Fh}G1ftzwb(<67bG;O-5CYfn#{t;6${$RNNr7Oyf&Hrl6 z?AsZ$PKpbVL`jZk@enzwLHv`tvqX==&M>byS+h%NHWHz*RLu+KszR|ER<{r<-(C*YJxH5~iMXIVC>XY`0NY@`K0 z7X^wJD}4rW0$_R5M^=oR*qDQJDjr;gGL;ryRv}&ww2}$g7TJQdh}e$6Y*m%w!fbjs z0R2YK*;lE~VEn>=TXnD~3AfwcQ`En-VB$dopgxAQ=)%s0e^u{;3y^GnH^sk2(dqM^Y$%xCJk|1dHh_(l5?=y5O84p0op6=F`4Z zrrzpeMPxL@eW$m1#wvw9av7(Ux=E^85yh14A6>c(ieMU73`o{Q&TqYE0j5EsXdDh1 z7S$~E)-~yCh4c3G4fhO-#xnRX$oG8Fnf<9txAq`n!|TU1Phr$hT?cpWwYnGZYl{(S zeGMtaNGjW7JEa%72djtd>R0-!%c@Nt4|F&3q>dli!9X4!%0W?D@7Q+Lg5^;NHoZf1 z$?-zs^Tv&NC2K$YznJwGFSdk?tMsL+@$p%npO#)Tnf;L>`?NCKw#?b?K)(*FxF~-I0Fv%k6yXH23 zyTb246AR$`LC`qlVa*%m0nr9G9Ol_6EJlLx$ac&e{D^w4e$WiOa!nU zP%8V*flY<{mf0wFqyYT6;T*Ijy55s3Dx1@`Yphb*qlRlzg(5Umga$NAHb}kvF(=-@ zb}or^nh<#8gE`kMSXn~8i$MvERr6A9*7CHFwZ3RJT3CIQ&{GPUZi^>ZgJUIr2gpj# zK#_`vpR+y4js_L3{v%Rf!e4rd$ z1Xi7GS15h)zH@Z#G3NVf>JsR#IrEDWR+C~!z%L?~1R3=xy9<%`3|M6VS^$&DzEcj8 zUl!HZq*{g}GL3?#8R1y$sTU1xz4I7XHZlzu8IQlGJs1Ds)nQ!pV6371*9xR%w1kV1 z;Wq*swO6GmTFka~jfbe4>`hq`8!F^*mdxnppkW~}3zGoWfpq0byNbmJhT8eB z0`L16q4{b9-9vKKt`EM8OMdW90z}8IA-zUPKvph11YA&QbHC7_HGwpTU;gs2Larf= zFKqKfJ9$9B@Y^KiUvWI11?QzIrW|MuH&O98$qe3JzEPuNb#{F&X@*;7E94l=(~#|v zbRnzrx6o%>%kEYe%uYMCXKM&(G2{Xv&>V~p^}QU34*XVOJiP_fvF!a1R zDPb)aBmX7|HDnNjj&7NR^S&48jkh%Whici>z3f;>juw&~unb@9x3Y)u7LQrKe^)|Y zH^5B8XM8X)6wK9b!*c7nt9;7UJ?VN#H6DBi)C59or%p06Up6?yu#+c3s<{R=b!RzZ zKD5QRb8Bnr8q7u!D=Mo(H#wg3o;p?uUwBt0em`Lc5DsTsD{^2P|IUY4%OU>z^AN-} z@wkp7SqjCdun^za%9gfWr)N7;bA>?+gy1IHkIZ|zn4U;I$F47``qZEswj*4)%Bu#V z6wE|?V;q3Jwx|89E1!zAY}v1ek^(G^fSa-^P(eWZ~EGa()7G(nkC&KMmo?QQ-xXn7W9 z!xn0L^kP#(h3jOkq^v#>=(gKv0SO0UJ#XCMS}`1Ti#fVfoRxd^gp)|XsrBPdk$T{t za@-*)K>ySsT{ zzp<0$l5*og3aBvd=}Vy&kkg}4Su!pyW{9OWO*)m6!?yb1zGf^$Z0(dusf z0vo%dWgNIL47n48O-1}mUf>XMNrDJL^xg`)PUf**t*P(%v$2da>!oc^Ry}H`8as8jj-apwT=D>9#24N%kG7z; zLa@W!I@<92cRat?t1U3Q;U!v{#1kr%Zv4(`r|;Ld-Q}wRK12Wad#9I^k|n$x3agxH z#7p`ODdT3!Me-Cs*HL%+sTA?Rq^s8b%JCmZ9K53%^^DvP%y>ubioV1|4ec$(>-q=m z**BcCogR&q<0s^jE3I{xGqMSvgZ&8~XBwm601$e|`!HJFH}Qw$-Tvyt`{nAru%aI< z(c4|XU?F{)8I%e8Pej7MNc)d{Za=&5wIdSNk^uaC=$*xAGo>GmG@at0GbO}`X(O%Q zfiS>yLbl#CD>o)%T+AjzEir_UyD$Vpm!4(bOX#?o^O0-yp;&pMWU3B0q32iF$TjvF0DN{ z3fxYIOg6)_E&GFZIT^aD{MVk23u4XQJQy9sc8XFBW*LC#j87adZ@1ItnYK-}vDSh) zZmU+?eVSVmCWcgkzvUTR+)0Q(X8o`x$yLY&H}C4U6tXZAfsM{ettu?Je5~>{u7~BP z$4f{YrFG?Xb$U*W+rE0upFb(fKDTkFE1mx#JS?LZL##?t6DB?QPc3>!se_g@7m56$ zu|T&lME^)=dM7l~wrUAcKt*GaA9RDMzEp%UZK_e}?# z+_V&ekW%!p=f9FI!utyoF$3XXGy>u|8qdVmn3>#L^bYds*1mP7k67-71&juO+770_ zXLIo*!Xuo(Mh|^>(Bvxg3!*5(=(&#+|i(y z`a!h-+m!~3J#S{NBaT_k=I>%u#=SbBb4gHj>ttGig6`;#Z_4Ew)?tQ*i7~$JsR^KL z%R9^YaIM9>%p@Y$U?q|$8%by)s7^er1${^uDNZ1~LwswEJZ$9bk1%Y&P9p!6 zk4h*qA%&KKXHjI3UDvZv>v6vG{>#}PY$ty>v+AxF8s3|cV6&kp`vb6_C~kIE?PQ@M zmGOHG#1%>+*eApZ!r8;dP9EF(^b1r-XOr}LIHyb1cdH_DMuHGr)gX(DZkbV>8~Sw! zP4MS?t=x$1^LFs`{*3rzy#Mty}JQIxRIgfi;_URQJTx+W;T(=`X8m*`hDI1^Zf>FwJ+FY2EL;t7s;oN z?GFCFe}BF`8V7sTDjlVx35p&qt9&tiX8+pCS+DQFVCZ87uG?Id)!eJ}1Qb6xDK(Rv zHtNahLU9Z_<0`1f#~}0Z?83!=nMu-YHF)uLX=D^S1Y94vX>Lp4Vv%gqDuoEO{P`zp z%m)Wy#0#JHkk=9^3ni`T724qBN&R>|H_-St?C{XJMoc3a=lmROkd*@0L1D*)JGCjvkjV76Zf(wV_z8vbj!iulD+)l8CLnF7`9vZh zfqinaD0O67K^v0Ie$ySnt61q>!@$q8P9ekP7ntS!_&@KM_myJe?Xgu>19JqD5B9_dtvcivi5l zC4p!F6YrdI|D%m!TchByh-CY{SUH>^O@gkJ(pW@WH6F4_O(pOLoRP56rY)dr10}e> z7osH={atiwy1*H?X)vGQ2FqNM#4mWk9>}Nm#u@6r;}PUlp21mAWdfB%Fc2vERyz}0 zQe|n0R^!l#(&3{`!Xj_Mj}koCowLHT$&KhBbK%UxH*Jgo;Y*2R0n_tmgEA z?>Yy4(|UGFTm##VU$$% zxl{tP+EZ;hubWx3El($hw)7s#himhRoKbw$#=BZwFrM*Y`T4ie6<~u~!5N&mGGK;V zZugx(1gCI?JaH^7EXVzE&+|H=y=-%!F96gPfLEe$Z{_!N>fN#hFVpS!4mS0)z!Alu zAozWJJl^)4STTeVyEPOaFg=d7mV7{OpV`mkd0}EcJC8}yG0^vhpgal~q$Z_m?PeN4 zKZz=AD+_scyIiho3uV9L-CcDTfXRoqY7s6#2eWY%0GUdJhs%4vWFW(UC*N`I-|YZm z`e70$(0Ru#U?#auTT;>B-ha3SCO3VQZ0a4~g&LMo#GRE#y~A8G`rZ~5oIgszXUPpHa$o?{L#Y9fsqY2n%WDV98ks6_vD$YpwcukE;$hCWPk$i z7_UhoYjt0R7U~jejkEW=ee?D|k3>gx1*F-=<*C(^^8lb@DC~!{ItRO~z4(Vs;HV+5 z7GH;BqnQwNPs2|Go=%Ze^173Mgyx;X#8Y0;n~5(aYTZW1B6#YUd6?SUQr8NVUVFZT zw0bS`l4(F3ks?SQ@4Rjc+VMKMAiS2_k%#Rrt&|CUGFw1yjiY?5{MSx{7o=m<8p>IG zFupUl1SydjkjBq0FPG<{2jJI2GEc_dP7t6!%6{eU&}II7^xsaRNODRT>M(#O8{j(p zwLA)IH&>}GJhs|s4VVJnj4@ovuU%$2UO7LTt~f!<`lNoGckE}=^F%1z6i8oDdS9^P zP?Wus&$c69`BGIZCKUW?;n668|GpL^RlIQAQ^X@C;J!iPxgSrD@ZTr&8+>*^Q?ZEA z8PY;v_ib5gObjGmmFx5iY8+)%Puq)k8NV(78X_afxy_Pb6)I48O{yOkLKiTIkstm| zI`GFB1}p|J&;#71abL70d4J9-dW$NdzP*M|XtI(`o^E+dPGCR7k6-yJ!_uA%wdRsc zcFrox)quSnItV@7Ro%Dnvq6nsPSuFLbw$GG{V_g>k_O0PoG`F2%Pg3j%??OwsaJB% zEj>#l>z$>FKVuS=IT(?u1`;8X%(8q*I5SK3KQT(3`XP9L?e*ERr!=6{_RHz+Zy4kR zmY9oMrGUUWIW#M8AQCxkSl~%3gbxtHNQA>H7DkNDp#5pLdlU@V1U_1}Z9aZ`+MY?x zH+2w43v+7>veZ%*eop{->}orK&7T3UJL=5yeZPM1zn7_-oy+u-(`{;mbRql&;6Q1A z-!Cj7R8dt`r7<75ZR0%aE%Q`gZN8$uSZ(5d?%SSz6Rnr+CXE%=*;Em`UU!x6tN|Z_ zG-;GTc$$kb(tg%*!7bAyoP)9(TVr1WVB&8CQw3Z%!JUZej?!S2OvYyFQA-G*JHP1N zJbdJ4i7@rar>9Jv-@6E0N;%Xid9vM%c#mp16V&Q`Qe>8LLJ%=ZO7tcN-6KJd1gjPd zmc#-!q6lW^-$Z?D$#0ECYxC1giWse%85uChvN^8DNa*_9&hE=KflhM(Zj*$9IzTDaZM6%xe7L(;czheN<)Z} z$%TD(|8EDK|3`o5MQB5|TAaNj#;pbFKFgb*DRW=X=w%!A(}4TiOk+O4zr8lMYl~+m z1XDw6)as^JR{f}v{o?rbp}D^6Lh#7D>n!f)-Z4cg25yb!ZJMGOXx>MNBj!HN`k=8W$45&$iE7W#UI4q zR1pp=>@cU^E~KqqPd0W}TCl)4a+zs27<_#$|gbhFmviP=f6?oOXp2nuT7S(MlNl>h4Tx~V0oOK^3d zs}ipsCn#%p&#nHa{~eV>uvIXPX)f~bKiPC;9ojB?``bvVianX zMXt^p(t~-mHp@gNxyIjC2j!%53N1mlQ5EY54jn%0C-{q!v&S!CWb*Fgy>2*L)UZh} z{4V}`6<{0ait(_(Kb32yUSZHTcHgFpp$9AC;_V^Y7LPWMT5o6H*9(q66Y`pxq5Jt; z%O7>E_Evmf77lkM5DAMKd51R&y0GcM))oV74bfb;Kg-KtQdqz7fOE;y&Lr|hU zk$dkzG=VC-BLt;%6v=+Q5lsN5k!&|{VGSgbPPIObc7)9HJJbj7`B$@uat6d>T<#qqTM`xV_fCOHOFzlx0N$dB?434O01Us++5U;D`0^|wV zB0J3eq>nqB2N%DDV>v?=l2Z&TZKrH zENDS)F+u6r^`5DYn9RAfOH{$iBX3P;09i!cr2w>_2SkfB5MJM#2NsK~)GG_O z;argOFV=`HG_YulXsO7*hKWSbkXYi5pEpEcP0VJkmvi85iksf5Yaw(aKf&MAbtuo_ zav+P;1T&J=Fa@nea83EJu@Hl0E5hL&G_d2V?j|JomKczSmDont%>ZW^#1l0uzB)`U zA=~e*&QBb;nAiUVhXqQ+B7sa&fmAhG%O(x7+o<5imzqwY)C*lhf6|Vz|~G~mYav6cI`IXwE}DLxMX}p zmdYOc%0SgSwQA>J)kL(yNCPR*s;!?jH_U9`7f4I;W{U!(@r$!?Mypwtgl3Jb4I%dA z=JWR1a;nfE{dy;Kb*oGNgYp={ayAqu2E&)qVw)rwQ8@P=sz>~t7BVIsHi+*Q6fn7; z^Gs2?w<1KDOKzmL6&Y?hW;wekgZyTCJZPWUHEci2Le)LoWeHIVC_{deIBmp&&PWE* zOI;`w7|?naV{J7zYt{2j_NeTAx`wLF5VI_ z-c#Q_P}!_e9d|zH?`#bIuS!vs4a-a^!%DuRYW7T0m8GZ!ZRj<55FpYZ z>>}zJsIwKAHG{rxK!ay2|BQ_fC-V6^Md&F1MSL8g7k#QoBd_S zf-X1o&m&NV5W&W9lU;eE518T3VFg)(=@4DFK0v5C5nww&XIELx8|e7!?7p}{tQJyM{O(5D%bd8(kaS^xI13nlpK! zu}#z>{G&rd=n!l*XuZTFnWAA-GRfG+l~-hUF!Srh77NEl#IB+XqnPk?Ib74R_#<_; z;^+GOAEq2&@#bVlk7vkxDc@0&v&=$Q>w!AWwLEz6AS;_tSf{r(w=3!K50Y36I@vmCL_&_E6Uqo-5ix&qg9V?27j?{JvLF zfptCIW>tgY*S{s{C7ShXYl+OAuS54iuJU~4OArc4SWG%?L-*ok0|`Muo2?&}0r5u) zNBQHY14E~}vZ@VCe2GkK^6DwNU`-iaFey7C(Rn%%NCMU7Tp;QL=KQD8zk(aC=7=96 zdeY4Z>FMd;raGpNNKl)+#4DvKQ+~|si~Q6CMHpO~{b_!gNzJ}+Up9tyEtcn|942-L z2|R7jokF=E&*a^JTLb;Wy0!n2naW?CUoSrU?mgMu&Mp7T-*}4_M17BJuq$qSSV(K@s>T@>HPI&!>6k^L zO8NEd-5w9~t@4hz44_y-_ZFS<5OEpRzL1pMuG<{b&mxI96TRVdkJ`_D!?;aA&?SXt zv}F6>FUt_cgoK(y|I4*kC}yIXyW(8|O|-5pKC^viTucUhY|T)-Ga5H0=mLn~Nc`o( zMg>xOPu8bsX{9n27*F1S7)5z)WDV?Hi#RXn-|sMe5nm33KcDrwK3=Tx9DJabaz;tK zi6GpmQAHcn0srnGcc09jZw_w2d-v2gDCBl3GdIRT_~VJ)^EfZe=)fEP+@~th&`&!Q zehYD%P5yA=89$VkbjUtD90IM>!xx-SB-h~R_5XK8=3=}oxe|5*Tb9LA_K zY+m(<#bb389!a4anCVGk1`C-A|nEqup?ZkU;Hwd8{A^ zGhqVuf&&V6R@8Z>r8;o;ulzsTD>oY8jc#>T%v1Fp{Hq&&F32%=-pMgho=6zlyKlY6 z=}>}m+`yfTG~ovKwiIGJm>kibypjvlACOA zjQAs9&uKYF<4d--o1YZ@GChq9(n>Uz$G(V6S&cpF&3^Ox9e(6;Gx$XnJR4|w$}1|< z%`6Rsuyl6J2h1MsuGUF)n_h80ray1jHl7>QxjJup`UlUg$FR8^%RJHWgMFdZb&s3g zW0bK1D4%viOiH{HG7iB#OonuGSKQb^dd(&4^l z%Pl(`bFtGk0PBD}6GCkLwfl{2Jy(yBbn;2!<>8_NR8sUi1rYK^+@|uG0uI#C7W(ku zo1Ko&awC8dEJKCJ?h5JOG+f}lYCB*kRJYzc4e`91Eh<35XA_Iz*%i^V-y3On9CkW{ zFWFwRg7EZ@H;on40n^(^M@&(;xHZPWz&tYF7n`t#qn{g(!O?Z7!f!Z44V12u6Mk=( z?W7~%+!G`eJ<^q8X^|gOAZqg(f{%~aKO_}^-kfk- zWl8Oq=ShC0APzBW%eV`+<)@DUXj!CYI&YMtF3O0Tu zsHa%Na`NX5m75XLF4nhg?jdBJIMi)7Pq>bwmQKKG4UBepmsPtO?YV9iV?scQs5X%v z(yW#i*#;5mv_JH{Ba8F4sC6;s*sQgu8fXO|f{`4`0ws_?>h*JWnRVWO@Ex>F$Ia18 z?>SfBi3nFWv}gpPW(^hhLeMM1th;aR?S{5ABY8Ts@64g~hQX)Ccz0*<60T=ZZgU;b zgTr1571Hb2Z{&tMVbB__mNc_oZ!%X_F6Ns-lis{oInK_`$<`86Q$q=C+Rb)ZI!qRs z6(M;4Qj5klCiD!ZnvTPqH-n43AG2#%49eWHgJ$-08!T&));)ETFhQgaVFKAmVAp)r zVd5^#DSYy`zBLvx-T~jP2@d?_68a3xvA2?0J0L>t-vzVB zYWS`cxw?38{ZU*44FU4urX9C6Yt7hqJ#A^Q+tAV4X(BT8y-z;P`S)1Wyh#s6KK{hp zU*@^zRYy;jD?g1UNkqfL#2d-q0aO>Ro2Yw^J;RobGVp7W=*I zF=Y+I*Ev}od+17aR$=DY!n^1B4%B_01)t=NMe5>;*8oO;#S~UZ~4ZCc-Rs0 z?u6_WeQuMZnQkzgY=^J=Pm4pa*zSWJ`-yYPLgEOExMScT%fsfkWCfqG>Hh7Ht*y@!I~Th!FlH(T1mvYxU<9gm0Jbw}B-k%q)@1%G#* z|HAfh?+!&n$ioJWyWvU1*8>th;%4*No=sl3Av}tl=2cKw=r%jPvb007R1KKQ*(6dig9R?`_OoYy}Wu{PtUWQ2U7^PKy}>slNeD}KYLoNTCE!nMws zZS8|wN`hkO~?TmV6yWb2#F-+@#Xy*eRtR7nRnrM-`O6bT70Oagd9A5W&> z02NL`H*IbFulE@h2SZSiUt21M>#pd;X0TbcR^8H9(@;4MH>fI`hpPy0{L!^bh`{_4AogtT^n8HJaCEd2 zW*9^=4{SZkCNx`Zu+N*=P&deV30!v^)_0nfr5y#&!^YgVE`s5=AR$~U6*_JSJki@E zkqjJ~OGzx(kf*t>xMIOwkw7dQ9AnlQgl7*NPj->G3y+bw-kG9R(qh;lBNjv2wabq7 zx7$+&^Zp^=F*z}n@T5M(uS?dMU#AeYX7;WCmwse-QQ^{Ly=ae;Y(4`%mt&^0rB6WZ zo;SG;!GYauR57}Z!(qJVo{x!@vJv2k9%FbTGX>`@rHpWVxQ_Q{Onq7G;gi}aAy_VN z>z>EBFv0sPemTW5B|@@1WL$Ba=R8Yj^eLOrx$0?1VIGhW-H&vPM>6?kWp{uLvfQc> zJb0qMQ%fmr2{OSs&1M15XdoG`#aXYhf)E|p-H;~}!AMDT%#E)zn7qo^ey#NpZuSq$ zrl=dgTxUdKM^8#}s{cziuLlcCa>l^3j6dD-WHj2HZi!|_7=`(kTy85WkAVy({4>@A zDNmS3UV8(2w6N2zjMf5RfA9WS+?jM1HD5^)GPBZQlm5Sn{vetkbC4$tqgMYCLgIA;s&lw~9k1*Yz)TT>vjS5bgurW zl278XqBdAw1(rsm__X#K-=8ASmfJGCmS@Y$kDC+QXkQCDIoQBq6JDerL_*LCaoZB% z$|PFN;eU zle)fe`(3%V14_GCQTlaFM2nfuJQ~NX>}-(`O)XHk(?+9hmyhH#@s$?{4sJqngB6T` z@2}D;9wzZtkaVp*mR51?0l*&PoP)oHXeN=dF5Zt<-Jda4Yip-=l!zJs4Odp&w|x6Y zXJ$5w`!F^V6p(S~%hZm7lnhvDsib6ryne&x@jPOX9aqbUAn2?t_A)2&{5gS3we54V zgabaI(E1X5HLJOTFd-+&4t72OEme)9^NZA7Jf1Eh2Y+#ocT7#&F__I`4h$tEA^;M> z_+?J{;-~!}gkb9L$>VgiUIfm-w{zS2aj=Q-i1UePA5D4WJRvuyX&r9e2|L>@RdXsJ z?30ro^5&FT5+AT%ub0o*`7V&dPs%GPrQC&PxZG$Vb_>zy;Syzbba`m{Y6Rp-5U_7L^MpI{p_< zo!_5%mvE8}P-1RCaO~fsh5!bG^IWmw9MkbWpJO|x?d*Sp$T3yEm*awi;!L}~F`q^y zn0*aF@L_((%rZSK^Z}1vB(~B>N=B9wfTo_Xpqo~T+_EhZ{h78rdO$Yf2&94J!QueO zLj3~?E#pmuOmh(dARlgNgdm_cKs|%-V3op<9c~YDmz7>xNSEkLF3vGL7aSqdcM6F5 zz{e-TQL#J$pbDH#fE?0D06&&Gje3m1noADR{p*3|>jV z@#XzuOJKZT{N9%5RdcXGEwnldD2+uKh=YN$G3c8cxX$!KN5x>V3eOUrjf%OLe8-v`9GoF*9xD&xG2 z|JoWNlry!g@IGnS*w|%Vf5GyET#;~B1r&@b0Zgbt1efGmn-whWvFpNh+7fc6hbzb9j)v(E4O0jXk_jA5TIj(zl$v~Wv0NYoaHBM)xl_fRXwm}94 zdPs27^6piZY8*V$b5AyvSi;s!Pu^{+sBV*E5}9L?bio6s2X5x0%;Q^t^4c#vOb5cz zy>ckpz*X}JXYz1XAZDN-=n-?5FXEJm=&zHz>jcikC7pz@PKKhCevI#3+ciHxc3t4jPA4J<|`_cP7wPuF{{sq5eg z4^B1f9DIwDj8>-N-I?q2L28BNRar@P-@e(1BB{OxTnT!=C2aN10LDLx^iw8-ebcN( zj#k|Owfk0RWpoGAy%m84PNCK>P?U|Z7DSK@<$jb2C|894Om2>XsuNuWCM}36DfI{~ z+TuCN4~MlkGj`Lskt{}vt){=7Xb5h_`~k3x9xchU#MR}V=gOV3MbPzh{lK9jvRKAd z@DIQ1El13wVm`%5ya!KFiLh2!MpjFNBy6;qwOZmu8>!0#T~FuJ5@|%^kU6+}L@pDN zUF77lXkS*rL04ZZWsjDny^1rVou>tx$2uiGRojt-98arwEn8RMH{%1_hU)*!b9ebp zXIp!3J%e_c4_NX}&waBm8Wq_|j#g(YFFbirMGV)gj`h-=ca2}8lqd;m*rJblc3d3e zBXjbVof~175>9q?qA1P&#NAQ^W3r_4mvu)-1pXJL(4o|2i4WF3X8xG5v+J9?K1*NHSA7+v+{vx665O5*Ka|DrYCuzWM>1^?;F z&uBs}h5KjL+63|q?S5T#x`z&sl6kjs{GY;_0)k;Y8fjIxi!qg=ZL`z6;_tZSrTXvY zP#rcS5zM0$j^+3|6B4B+UBAu+v5Z1L(2NM3gf=my*itpMx&+?^GxkL@F76~fS)qk! z9`UKMUFAA-_Fh&XQ_`U#eLJ!i3U@EI*6o-%V#J%;wfdb^*#la@Z<;oqz6_0`uSAA) zTv|0(Hfd#NA-N)88#%v7eV|hv=U9QnGK{%1OT8mTkeK5X)FdL0BGLfwGmYX@Kyg+5 zW=2v?*#MaSXY>b>nukvv_)lMJ#j53{q9A-ro*kY=WL)1P|`S#b-t86(cLT40WonpOLmy{=K+j zRSbD;bX7^QKfiP;tQy9K`Gbg!edjMaKlG?8+e3-kb=g`iXq}Jzk}uV}ml?d+;hcXK>h)r+Czz2jw-IwW(eALAK*oGg&t3!XCy= z5;UAh!8)zt)pYfUknmYf!=RqCV-`Svf={xIWJPK@;A-=`FBLP%x&!21V3ErM@`8D! zj(m;36NQOCa*s4|U_6j2)sQLumUrtQWZ)z7zl|^70Q*vJ#xKe6>zK!6vA)D{14JY0%xQ!lPO%5^{%e*{XDny1}vhXdwG#rTzn>vq!o=Uux zoFiN=gF1sF)9%vsYU6Xuz0>{Twd3{t9p$Lwiua1wqH6jG)VbA}bNwjbEo}X#F}qPp zZ@-jXQ6Y5qz1Z2UcbRh!sYbbU6PkTD8>JqChC@{MYH8_0@KM0Xafd{sN2SXo+VK?7 zzprS`2=U^ysKr9zq)Rj)f=m=0>`2HnkuORqmV13Y^N&B7!Q-m3C;^MM5K5oSS06~y$%wz{s5}Y!6hr=@i*Y9z1wL@w(cP@V zgrpOcUX~QjhG=-M#iL$%@WANQW#?r%g*j5yW33F%IfI4}-V@w8sD2Lldlk}qFAro$ zTgK1mdPhR}()`O!N{HY&mhJ46$!w-jxM>gt$k~MFOsF{AaC8{AmT|P+rB%ysDw=in zcHxPKGRJ>X`lZJr>M%IX4+?f-^29`kkUZ3K9Kw&~wnx#4fUww#_jr#y6#wgq728<9 zfyp8$eeot;ZJH?_k0-wi0z$Z7Rzg%`#4yM=^Sl!z?jv{$Z2}WmK7G!iV7@f2)Ap4i z87(Hv@vJK>-gE}t2;CSG9#OuZ+=8-0!L-(pJnun~hD8|%PCJ&#SWn)(t`6s1B>38aONgp?lntEwWo#@!(=A!BiPoZ+!fT{Gm_d7+WN++|I}n3o9i3<(m7 zq%wxQX=b?{;CzPMgq{Qxj%aSVENlLEv)T+X`zP>{`dYlcxKEmuQ<@IRaeK#SvpqRc zTQaOdbm^&%iw;R>G?bMyZ8ns1CC_o6h8PEX>Rd~nn|o}W*iTiAJ#ZZGwJF;B>I>P8 zH~11F5wypI>o!ev?RQr5zyRMR0z9X3rccT}4VCKi1s8tC%3Q%g3z4yE-uB}AlScEP zkN{2lIKB zPV)yN@JMArcpdpiju>!vq=4))w|Uu&hA5eweAYXGfB2EIUPW6^g|36o%VaF43YdwJ z?!;}*NLvCA>l59ZX_HU!pvYuP6@llMv-AfA?W=SXjCsE^@%|K((=08smBwMN#%uxk zTi%ry>jaLZ-4uS4PoZ3+WF12*uFt(pEsf7luFzQ+nRu2 zfq^1qXmC(KOql<6ib%Dw{S1*ev-gB^9X0#rAMa&q87a!-X%Vj*{nwQhu+nAnyLY+U z&WLYf8eHRZtuFUGbOJ~3h!JD-#dKX`Gm+a19X)C43m!E}(9y0{oqiB)AKfjkA#>}R9bOpR?IL9`)k_pxKgO_wH)f`?<)%41iesGzLhBj zUx#?v!Wv`C0f9NLU1|F)Cf Hp89K=B<;W44t~lTE&KfhdX}X?$?T&61h66N7cHM z44TmRs#gY$ zWXcGlyT^?!UKYPlntZQB%&!tt4ad0>W=`=ZpVPYo-Ne)ioyKIVU)_W`I*v$C|8MnZ zaDW9<9K1fI&Nk9GM1kQ|y&(*vMW)*+d477fEG7S2K! z)2r5Hypn_LBtqMakyx2KrvL8WfB(&rjHOs15w$P!SM$z=dzt699ZwsQau>rJ2Xau! zo>7|5;t=cq{jE_QISZNsW-fOj-FWko{A}M8ySqVHN0DRq&g9aZvza*VW+0{D&yK%6 zv>J{R?YaMVj|7f}^^~$I;<1XC5v%Ww&3q!mM4TaemtfNobnCMX{vGeHrkRaJ5n>oJ zeX^KBL+uW^baG?=Y-8Y6``ZeGxK{|?+LBop6`BM%6yQd``^uLkk0MC8hyBzj{E`j(#Mfi`&xOZ zli`MY?F!Z~kA`G-Lc?-P#YHtnnY{(wt_r%LLr z0)E+KwxGWAFX5+KXLFk3ET9jDCE=6L^KClr%z z#{^DKsG!=OPIGkh9VUEWXbv+T@o3tFv=$|ne1BReYgk*N+|XO5%>QZZE5oAdzPF_Z z=^mt|q=%4hq@)``xn{_aKGcR6K=KADP~12GcW2q#B|uQ1EOo*)AKiX{M>6-j zSq-6UJT(urLxLWzxNhqJl{7OcB-`U#q;H3;x{+@cVU)hr5Hh=e*?}hpn3M4$?bywq zjfQY@OrbH2G=}SOTzb=z=Qj*R2KifZ_|J;JaUNJ{imZUzRr%-?<qTZgi3l)(M|y@QkB07v^j z>z6j3H9WXGB8VbZscRj3chu4me{TcIix^4FR>@2jO-QsP!Fb|Fb*T378Wk%rlUwOM z1g;RwJ2am8_fmqgPqwVbzetC z6g=KwElmxP0i7q>6esZ51Nw`(F3R5!f7$=)37Vwz#=>ppak|T?6VM z=B=*SG-n!M8e}K}y^kJ@+#h@&1}Qz9)av9$FDCLDMLnK%%*wWKs+mwjsQ*5}-sGs? z?`mipAROUn0tmH{bP!z#3+{FPE50z!;eR!FfWqMs zD4(BsHDqPE{BZw=ZLq}XZttKv>+W6LUApTCY0~?>eic6#_nX6dGTQA>--{BX;mnJ# zR#z%Q>Z15nePZ_~b84~_pJ^ljAqXuSRXiaWVgAe?;1Eu&cC!Sn$_Db> z+jFj2H*fa=wD=(I?$?L5>V3K5W`9SIE;73N)|s;82jAmhs-eu&!~$~_uZaXjm+JSs z>Ji_mhT1oPo+x$RHHTlTN0_VpHd&1NjYZ{vZ1OhIjF3o9G>*>-(p)apopr+Xn2OcA zhqJ5)^O|JAKY)VkprQ*K=mT(2MI&tl5dY`C?U$w5S9GAx4W)2b+t~ zuF83U^ zbKyj}^4c#=b_94CSG6;SX>CWoN7Xz4m|mYDwkib> znQ;n4Fa>F=H{FD~6jWE=Wk1#V@9QsDolPnWu_eDBntyc-Otwy=rgG9Bs)tKi<)+;u z1)v%3TTBgh)PaF~#p@OzJHLJI3UK_t_vmhJ(A*`rp3}4Zu~G5XV@EZSo1{;vz6F~3 zsol36`HqgX{jM$F#1TFY*z{i`$bv-*RB|!JT>olV$8P#lSKq?+u(&O1Ulf&bt#KqI!D9rf-5$$8(+We4FA!i#%;frT&e-j zQ8X091foD9a%CLc7u-s$fQ%0!g+anzBOMirU2K|4*I2<5&rDcK(+1b7y9Atj{?1p< z_mf%oHFACZzyfsi)|Tcb0ba06DW+S-E&-KO8Sn2Jgs&nTiUj-uoRo=@@#yB%na1Y^Xl6z<5XtOPmzE?u(f!*f}&Fy zG(Dt|b*(89{zic)1NKybMW%n^R0S%|z`(Tdeo|?;0{nTbzU}T%5uvtJ>s(RJI>D$_InHdk?!ciuWz5mQ{R zxoEUuh2KOd#1?ltF#$|1c6cc#0yJFqjLUR?0G3iNHwNZmM&VU-cN`>F`S?%ocl#gZ zpa+{A{+(~Yp)J~W!schQ=N!<%LNThZ7Ep@a zu%!{0wkx&B>iY`S6kGw^EE}7W-l7+DkK^~xMvjeZZFng3ear?QmN)8uf0jZ=nL>yD zyH7w7M^Tl?zF{?N&fvq67HjmH*>D($i~=M?RP^^snUg(1D&Muc}o4-$2t;C&`|DxXW=BTsLWx1 zmtgEtF&T&4KLLMG1{!@G0P|wcz?6`eW5lG?)%7;Q*t&hB-@fqn1EcIg&Q1w|Z)`VX z+Dp46gV%#9lb&ADv&QmV=E>HKL(@6ol=J3NsNA#B@Lsm~_Qls<82h}U{F;0T&>b2# zlit-%YY!T?8WZ{s8UKXHSg{8E-yj%LkMZS4P-x0YLSijfH*ka zG`R?A7hnHzB@$1-jr)jVWZRy9zDcDn@kY#qI4@}kE;?ZTA%R9dw+tYQjaq`DBs>Pl zJp>?%az2!2u)bMk5vSOvV~#qM7F}jg@DRlW(cDX|{If{#;?0OmG^7e_n1E9huj$l# z+g?!$&>mB!-dm1Eor7pS!Ntt;?hE$SIKDelq57y`X|M)lH|#r-AtZeY?QDx~frVSO z4WLeP!`4Y!cBE4dlB=lhc4X&b{BO+?urs~(ib&7$SW(Wo{_Y`v4ds2L_%e*a-LcY) z{er05fqCv5>=V0Ixbw)GjNX(k7xGB#?{{r?zf&*+qSSKC3X5aOsnx`pr`gnE6j*%l zk`TOdQeEAWp_x(g;$B_YY{U+8_5DDH6SFM1Mpw7JVPkz&m7`qqomI#uo39G#gRqYGR|q$Sm^iV=OjSc&zp6C4Lxa2I;3G zi~%lvPPUa)x2|j&$yQhRHLQ-dC8#k^WN8cmjof&TcTr%>@m)u{@s5*8zkN?M1OabYy#({#I?8)7M9ETngp6!S>{y zdRvTtPK7CgFyUSfTv+1gFaL%k5>nJtuED&|$1^1)vK_-#f+sqxWvxKpy}hl_8BLhq z9aO07lQi0W@=H{i%f*|iEIxE=9WI{et^KxcmK>Q8aDYw6z67*v(^Z~0<=Yh* zF&+%b^-0L^2DdjQ3>oUg;1s_Pw<#a&Lp>zOy6pZKN&n-ykSGl=SA};C1t*p2E-K(M zi&I0?aCgWiH=bZwF&YTqG-VTJeYNW{9WY7OQ$-3SluZ|3+a+gu&GE4c;8Ut&j9?;# zjh1qqEfiA*VO5hkj)4}~ZpHJ2E>TOPa>ps%OV_-yI?Izg5o=4eX*{cdwB(FWMy(P# z`ric)j0QT-uqo~gus{5?V5v^sYIsuKMdJIqknlLUJDDpU*RcIC{dNA;LdN(SiW7FthS&)(3yWH@O_FRFB zdteuRk@^&ybpjWg;v}b=_$D`6u=togI#=nIt}>P&zgM2~>Z>sP3GVEwBB5k4GC}a9 zV&8a1Ff+dkjdYH1XR<2eg-+bs9Vz7ss$WRD1WL#TLjN?N*H3Br({fb%l_}p)Tgz{e zbfp5npBh$|O0{_(%!aMmk$Pepo~Kdb{IzT5%*7nr^hpfWix(7Pdm(!RHq-3jS6d`N z*@bGsAbA=dY+tk16+$9)OzAY)x9gPmLr%3%I*?s6I5#f;v^^}96+Ad4?HO+E(z>ZK zgt)5S`mXX5qE%cjnNmI%5CszbiqEd1KQwodXS+}prybP<9?M_SVmy5`P-98z?9f&# zcn@}#ind`%dxah~8;nKmAi_ySRTr^mFVyiW?`c1d=%sN}8NY*cww`Csuj0~E2YUp! z!4wd+VumUB6lhxbV=u`}0R#DKPv3ktN@vgter&S0MZ94DKHVOGTIVLMSK@CN{{?+fkPHP<%RApix%A+bB7-VR~@-?Mgxb zn3w7)E8b|+Z(j{LNjyuO&jSXuF7xd_f14Oc&>Ue;?km?4a662rVq?+3R&>qEx*vkO zaXSo&Wa4=WjuLTjl2n_@gFF-|w?bfA3fpH=(K>A6T)H0x>fa~E#e=DvMyjQqtg{l} zcnQ{K65{q{+>8?e1I8WcdG_=D^DeC#ly{2&9ho2NnJftM8?WL6IhHPu+Z3*~6Te7t znMS@mWlNOWiLED7^@`ABcVw0{WiQ5>^sv-hOME)dflco3_Zw^rku1@zFNjEzvR>S0 zd`2T!edVi;Lpr$%ee#FUxIW%S9frdqgJ*ZLpaI70`!m2&UUTY0P8VgzoJHlrZ+kJRGoj}9dP=?#!UbuwC?4eK*Ja1q zOKNuTbE;nSKMo%c>PX-yH&ryI-0!UppBaH5R6#b+jLe8jDJYP8Ux_fvbefjz zcJOpYm_2*)dx(2<2*T=MMc{gOF_ZQhwHC9uR2iKp2`)@bHF9Q6!>ux*N3JNnIir@N ziRU~Fatunvv`W^q9@6Kv#k`i}CxXswk7hZ}Eya2OMNF8Qcfb5>w_)5>qt8L@Y@}o6 z7@!sNFFc#bkONweT4*J3$1@j>6Xg)(;^&=5+0Ui0m@RvPGz)fBeFawYC@$(?78-q5={@zNqcTKz zGU3~3M9iyxg-FxsU}=q}cv(!Hyxhr}X7@7#Dk-Tgxm2+c0OkacDHRYDeKJHuc7X1r z>W{8dK;K{*%xX5ucv)R`)HhGs8WnTS5R0Po31^QNrN2tqeQOHGzAKwfhTiYtD; zR@U*g!YtxR-EC4gZGw5JE~w=6s@9!G&-jZq876t1JkTA}rVa?j$r6I?Njjovu2H(Q ze;(>4w;lY-Ub;QL=jN+e2t+p_hdVHXSGCt?v5oqI4eT9gw`L~H3!njV)p!5;jO9_n}sPP}Po&gcj*D4j#U`g{w3>N!{i6Bn=1Zt|(H7OM*c0!0$>!ONr=Sk{Soz)Ua#Fdj53kKyaU&-YPd&smMZ7Lzz| zOh|&R4`r#$HBHtFb!gM|Y)00h>Z=X|&o zo-8Z6sM*d#V;?8@gDw%wSO2U}`K0F~sg&)twzS)3jcu}K80iE9%=lU%tpwDY;oJox z>qY8qo<>8qpeBtUfFzVA$=jsl?)J&+#f)mug$@}&uk&0S;(z4rPP%SkpT%4C4X#QR z*tSmM`2U>XS`+^3E;&btbJPZS6_NZVbpWxe9;8xLu6MM`a!jm!BlhC%bk~3O?lbj- zX+lo9ufqOsqKrDyG=_3Mk=OJlb;NITeWLXezv{AiSQlK zI|fla-3S|7q~-X{HU?CDN^bk*R$lG;5Uzx`3u$-jge+iXHlm3dKXEn~%4DQ)nNk+o zCol^%Ai7{V|Cr~xK;IX~tI-7dMQ) z8*7`&kEr9k2S-S`on?3@#&r0OT}lRA5%4Ol+YNoG%?)mcg{rNVq?D`rTvHc0eU7C3 zp+>7|3tf92i&&MtfGE5 ziRU)|*%xfM>Rl(AJi*~nm}+PsSv)S?E9Kdo9Ir1eyKZeqecx{7ieka1GsCyp!f>H? zZD@RODX4vk^8umJfp6>zh4(?_&)a;n5|`q6X|f!lUkzPb(w;xzp&GorQfKCNsF`xp z9)=+E#ZR%&oZ{|ZMMlxwaa=SOgu#|dMX5(aZ0|ZN)Lf@cO5FQeIwS)AM8Wdk8Tu4iMs*^r0wb+W%+r^|e!X~TQQ%wrie$Un%0UdXgH`+{Fb@C9le6Ve z0yXzEH>t};)9txzJfV@A>9%9}>HXhJ0Ice}z$vSbo^7zX+p^#XAC)cHe!=$VBW*OK zuXMMTALsA$^56ksLbtokM+nyGzWO6l23w@fcqs_Ys2yaiSbW4}NXW7SvT1pSB>rmz@-F$YlZv+crQ8IL7~ z^AP|F6SGz#oBsXJ9oQ2J=>e|Za_5KzA*=Co!lYn-ODpvQ?{iONYm{Z-F z6Tzq$3SvihfB~*H<#{&w3R7S$#90`K(}yEn=Q%W=v94_}!b8%rw0Q|QcFq%82_(Bn zn~JZQ0{mD!N;ruRj?YR@4Eawkb>TTcBk{iZ&?8ELb{@x(OUdFc9LJqSsi#jkiGj31 zRtBwB=Q^)Pb?j;ksC)-^Rb#RG4yUSDFD}PQW>5*$GBsRNN5`oKh>0^3uBB;C+ za+{sWrL`#rq!g4s$v?zdkEt9Z>+}Zf%lQ;vZ=a4`njIq zp9@63@=_fo({6s+r@~_o zdF`EK2AqMX;_vLc7pmTZbv=LiE|B>ELPWhcPb+{CRC(H*HZ!dv%895=oLSK$x8=fX zW51T!`F6IYq`Xxy*-TlekDJ?rzJRB&U#-L-oLO%NA z(e<_Z#H#}%fSa(78w#6ohn*`78E)R@44Y!RhIaP%d?n34U*5+L&Qid7wxjg2(tEM3avFw~a^~MQLml+kYYc z_3zC+7y=f_BG7%Lj`}?7#WeW}6vO;&GfDpx=y*SJzoFE~6v3@@I4?VkL;QwV`TL}TTOtd@q2qgH!z3e) zTKw-w$ct8x8fuQLZnH*^Gqo6vjxo4hCQ#>0`=WX$2(LjZBxCMf_3*)4d~g#ZlTMk3 zdELq!)*Y=mW@H67Ff5hEovd7jQ(aWhbUM@CnyQs?%U=YNVXnP%<-rKZ+=C)>adVCj zvew|TETE2EBb@>7$&)bldyrTF$mMXpkjz?M3maWEQ71} z3U@+;Ixf3DO1NEm>4|mf2Ic%0ih%jA_mGoTv>1BPP>JJfz8{}kVdY2QATXk!jSxYa zKwY%xpO+9htVBghsnD;UMsBeWUe;KkNmWku;jj7V`j_HjsQ!57)?l zEs>#4a@b;Uqgsu}6+)c{78%VFTOM#H($uRYCd5dKH(Y-U6|V#0ZsOz~DC}u&LpDLs zwP{Ic%ivx~xdVb8y5vHcUr?{tvBA{qLT77^V!A1DAk=3Iu5F zajKV2WFCszFNU@Pl!sxyzkOTPQh5b5Vut|bu+;T1Rky22N|NRDQqK^ zaKVI%=S+G3Sa?pc48>Lmn=Vml^XWkTW0ca%MhkO%UD%oq`%uWygPA5ca`XB{a&Z*J zhSX>ISi5&%QrSK6m*IEM_jC$>0i78JA8ON%nuX{t6so&D|89`EVdBdv3|>J713+V7 zYtF^u=gS2xY<;X|agMTXHXeZrdnW#~D^qGEzdIT#aXkfQJ>Rbc;8?R)!X^3Gm+V_m0scc2RRGc*lr_eqR{06UMDK77FEGezy zTA-FkWK9)mqeuUnQZ=PveOkmHXksTl8^&a8&roa7yA~q?ROK8ZDtgb#awdTf)_00H zOIA0y=fT>Zy@4y@4?R)LPWY3Ba?_54!_&kALv?!poHBFD?tXIZ>2-|zrI%pyP*W7l zNFnCY1t&36ZWd#7=hDWjB%q(Ga_;L@o`C0@Yng4HtW7lP|2aW83%?^dvjw#4JU*2L zv~+lx9YT5TXBnJ*?2s3K{q0I|V@+5-#fQalI02v)bMC#e#%pQS7$z()gASa#b5s-CTNL)Ih zm$NHCMxxP*CZ(f|T8YW7F=V_5LKvbATb1KhFCJ8R24e%OT5o537%@LGletkpvQ&2? z3L8u^z7iug2Q`E3;QF||!{=1NR&XY8KY`A0k%kYaX>aVe5m}ALAdmiY4re-qMNVwj zim2n5(*dX|P-$--z*!zYpYIum*-;Hr*HKA!GUhSA$6%dK**OXZ%a%F&tO zW+lHX&%&3q<=z;#KBi^$-@i%BU|JoV87wI#Tjs?zT4ZfK;Fm&4ocPsr@6DV{W9_Lfi+ zO!euknU2c0IA?(dI)!1@Boi-vP9UP z>!G)tN{cr78#SX2;c2eaLz%Gswyg8RUBL8Gz9oIM*qYoT(Xpz3D3 zZVheg#G8;M(USDc&cn+%B|j<*u(l?~)nT3cs^fNSrfv`7f`L^KV|`^FgjzFElJs#OWzA11;e2 zEA^_yh<=EAf=Pl8frrR7Z#Z;nreCt}g&8+PzRD;?s=2FfgR=2Mcg6JF9VPCh18{hg7 z?~3+UOl0GsLbq|wYhNh8yCBt!!mIVRfx%6rFpWYb-x~_qqp&hFEb-w z5Abx*Rh~g96u?wwx{)Gi2!i2K2R}Qok)_5e;mX&cj?`;od2lBd%U1^+yqNKu;{r;i z+pLyg@?;7cYiF*4qKLc~4g=A4gPQ}*L=BLZLPqS8$}U$VxDPr8 zL6dDMt)VuR3MZ8uVNJv}j+MT*$d2X?R@5TY%J(VnTRGdjzGQ?qyYKLFouUSm_&nz{Mn7X!mTyJ*1#wD?Hx&(%AID zPSRoJqJfZX{>?*z7R7FRW%TT-GQrPtewF+rXTxZLzcJ+a zyHZ+Q)oS5*8(oKza~JfD_|s(k*2IaAf6~t`Mw47oGT7pu`>tX2;-U z`OZ3d?P3nxX+8;bVu?lxJ_YN?cpT{h><)KrK5Su=#1}YyUx1i9X_$0C70Oc*T-W&| zw>aq7Kzd1z<~Y-!XUw!6>&Hf(K_W(N>IaDAd1%#%RETCCMaOL*nVGUt#}ay*{CUQ; z3Xsq5JQLCdm==!pb(}^{uk@rhOrlp+c7fU_BcQfm%_(}O^UyKY^Eh6(%)Z+w&Y{Jv z4U6oeG=FW^=c{(zj-fyePs1}P7bO(Key#B$rc8M|sy=V2lIT}vG7o=uPq6=$r=&{= z2ge76Afu9VT4{-eX5BMD%l~3q4|2fw2QJBUU&Bv=ps~6B9dUlo!aUHtBIZg8YeKc$DB|?jee<`=T%8~VPrs;jR3Mwp3%lrU7nMW=O62X$bZ1)KujxWt$T(qy*uC>IBBy@#yBk1PD+j1sbVO0jN-_@l1BaHqt8oW(w)^w!jP+t>PK_cr<8M2p^gD=#_MK$Le|E z2O!X@xj66Hz#zw=^#^Jkz3t%H9jvlO;P_bl;;cFQdjSWxf`0M{2?r@uUyxYFND~P4 z>d3b+!jwjy*mEZNimTOUExHV{HMV*k#?-;5{w&a?zXomj+hU0m{sBq5P#jJFUKXVYxgviM>z~-Vf>^WUiV{RFs1dlDxA~=b71or zUxfs9{vfi=hio(ctu9eK{+oNjeEA7Bg+8!G%-Z6dV-I8y5dZsCLWC+kD%usEnR*%< zQxg*qn=)FZ(&gFOvYdtb4XRnF6=-(UWy|kv&qdPO$G@5)R+JZt6fWJOuupsse}NQM z1O%n&xepL|AC^FeuK{W!$M#wm@QbSh)tx3Vv}`hARi}|Tj`$ctI6wI zv+&A%wxQ5(+u=1sQea`wZF>JMp$_aF7zvcmlraMt9-(v2x{@NJ>AfiAJ?q71c-VvG zYd3W9a3){j=7>bw4e*@!j5)%@ty0Oww&+Kn>vnd#el<rk^De1R+nO`ENeS%lM7)QgZIa+_d;+gX@om zRR51hlg3>RF4w*S^~)xI0AG z+lE`F#jVbWa-fTg?LpT2EmjZxu~~EFQHM6N8|BY-H5Q#H0^QuF@Tg7xPi|+?F#BDw zb}fs2t{8XWN_u;2<@oa@!ipdER&uhqhRxpG_3|8B{&KpX#pKwq^D?_?$4Jb&eWdOb z#5z9Q-(DqA>Zb!!^yItn{!ijej!cR|jkj#hryLnGrovS~B-z{$X#g)NY@BuYNl3bo zUelTJb%^4)4@t!KfXk$7gOWpgmI=|vw z6T<0cgMmwlaK+#1CL{_(C#PK%u(tP=wDtverXAt^a_B-xrVZ1z97_A!tN|evPNy$^ zkEmW=oW@DxY#}xgA5a0c%F12v&9LFWn6C#UkrR;d3W;*x`uge%^MVnBh+JDffwa^a zU=-g;Xh$Y{qL-N}XY)7CI?DwJx)3+kyMmaD@)&Idlg?ZT^s{P2fGUbG&cjX_6if0j zbp4_#H7*QdnCX#}U~j1Bp(bA$t4|RpL{Ww%h$&z~c!)xt<{hK$^(`EewvHD}T3x6h zl4kOtQ)llC)kw>&VPl=@{^sh#lwbvB`1b4SB$i=zUEr!uhOxmb^Be7unV@5P%xsYI zPsRs>m%seVr-AKkW1Td>*&@9%g_U4b@3ZqAP~<7qz+*L(*uBr5d(iXlkJGjKFAhxh zpZk9|uRoykD4QUGmB{o80tk-WQ{7l}^1b*hmk*08iRFrh$To>rJoW{fR+7e{0LR2%Nb6wZ&?8=S0OjsIGI@yEPy1VYz$8|3 zdY^j+Q_pL1_bjkSAegMkRnw3#tvyPXc<*lQu8L=vy6{W3i&rJgX}?ZBN0|eHGC9)q zU+$Pv8VGq*4PRFjD01B~J5Bs-7{e+>m8T{@wI`fIdWUF(t~^<19v%t7;;S=lwAU4-vXksbB2@7m|ZDg`0&~|^l zuXGw_Qb#cQOlC$-N<{8`BMv*>D_eDG^=eBbK=2=T5Wk%n2T1v>8RYQ|Xe409pBj&{rZMkF9DH2UkX`QerOW0%Cg;nJ*LevXa0U1o z2mQp!MA0X%BOCs@*Rq~&-O5act%V21FI4+*`L*g$+}<#kf0*EKudMi(lN5q3B@&j{ zl@dP?lxzf#VXrmbrh!$!#vOd{)YxAMS`jB%*$c*!pd(<$C?HKBAB+SRNzezpMvzB{ zWZ&5P3?!2V{2W^@ez>16|IY0Zn-4ul&xg9Gc~(k&`t7l-XI`%_x^;W(SJedy3(Rg` z>3=K!DJ%q89uuEG*#myX6ub-t8vNeThLO8s$z+OwpUum^fk=*c#FChjs|Bu_MexYw z8Z(!GCuE{~{RhH4B{CFmtgHVpDkVoV>i3zb7lmhNPBr#3q?rTRCt3IJG~u(&K?0I4 z`v@QA1p0ioNYfaJu=cdK#9u=egu~e@SQVRd8Qj% zUwKepRuRO%Ja(C`tq-IfrF2bboGC^AK6v7F`(d7=P3GAa+u7`NaVAIf zhJD-Q;tY6f$ub<<;8VU=KSf!m5bAxvFgatVRnyUP4NYFF~m*ncQ*+T2BIVgOF9*BT?qF#-~6vnw5 z0tc+U97YBfQaJrl1%i%n{tj&)8r8S>G7L51I}2zWb(PZ3cp-(apN2NHFltMHBGi}; zvFvS!85p{CV{3B0bgMrU97RFhtf9%%9*xoT;$e%5)WK9BU;75@e+AZ!+MKVwP#eG6)Ydd&RYjIiw zFPU-nC=oat7)r(GKf*Dy^yD}yYxfen-@`VLmKE964tN~lWbcq;2~7*WhlR!APOuzi z4r-@zYZUMN7j7#~@R{{a>7oCW+k-X-wtI+Ym+v*6JQ1&{Yy%m;jrxWfY_7>Wk4l9( z38L=PCEZRqc-2iDwG_MrQPhmG4fiS1vqDz-^c5*6fX+O>n3AcBhk7Z(5*ZOGLR>Bt z)kXJ<+9M$X1f@V^p;O|n(xMXO(-#4fe0*TFGjW=+=DsFbrAUrhN(9oL$AFs}q772) z=k|1}p7$*1^Y;CU`h1Uq4%usjhfS}h+x^?3_mL!uN{d+2c5A51X#>B0JcpLzXNf(p z8v4ITop|=sKqjt5n5ac6Il{im-rEyJnGSxf9HJQpf=7|l6P&aNCa>B2;qWFl zdWCMDH^`qiRhG>q1+Jg{g#a2PvT00$OxEs(z0?1A?rj+_zNdfo40H|-%;Zw?3H@jk z@1Myu$9m=V#?!rv_B>vCl3QAqJE^GeFlOy9Ll4+Vp--~vCeKB)MD4;_`aHAF46_7Z zPQ4ci6Z}MG^(g82a-=a9tngLH+g+-&TjzCjqWmhu=693y4uau-fQM6>u?mxko45E3 zV1}RD%`={D`+FNmbYA2jR@v-=rtKF5y>gaS0 z3wcaj4ymFPyYWM8`Ky~^bV|WuUgMp9&&OQzBYHc@SH(F-3wCB>*-^TtMopkqe|alA zY=|TLFEw2}yR@g-I=%I^5{W@jvPVVZxVKgOEx!Y9L>THnk4OmOKilYAlSxNLOu!9n zH2mZyYRbK(E|=Fx;;?T`89Ks3H@#E-M|&lfFH)Uf=YCZzO#S(twA@c#bM<7=edVuHFAm9uq>(X4*&oF literal 0 HcmV?d00001 diff --git a/helm/observability/templates/observability-sa.yaml b/helm/observability/templates/observability-sa.yaml new file mode 100644 index 00000000..14c97409 --- /dev/null +++ b/helm/observability/templates/observability-sa.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + annotations: + eks.amazonaws.com/role-arn: {{ .Values.lgtm.role.arn | quote }} + name: observability \ No newline at end of file diff --git a/helm/observability/values.yaml b/helm/observability/values.yaml new file mode 100644 index 00000000..d2cc2cfb --- /dev/null +++ b/helm/observability/values.yaml @@ -0,0 +1,1108 @@ +--- +lgtm: + # -- (map) Configuration for IRSA role to use with service accounts. + role: + # -- (string) The arn of the aws role to associate with the service account that will be used for Loki and Mimir. + # Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + arn: + + # -- (map) Tempo configuration (currently disabled). + tempo: + # -- (bool) Enable or disable tempo. + enabled: false + + # -- (map) Mimir configuration. + mimir: + # -- (map) Docker image information. + image: + # -- (string) The Docker image repository for mimir. + repository: quay.io/cdis/mimir + # -- (string) The Docker image tag for the mimir. + tag: master + # -- (map) Mimir ingress configuration. + ingress: + # -- (map) Annotations to add to mimir ingress. + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internal + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: ip + # -- (bool) Enable or disable mirmir ingress. + enabled: true + # -- (string) Class name for ingress. + ingressClassName: "alb" + # -- (map) Additional paths to add to the ingress. + paths: + # -- (list) Additional paths to add to the query frontend. + query-frontend: + - path: /prometheus/api/v1/query + # -- (list) hostname for mimir ingress. + hosts: + - mimir.example.com + + # -- (map) minio configuration. + minio: + # -- (bool) Enable or disable minio. + enabled: false + + # -- (map) Rollout Operator configuration. + rollout_operator: + # -- (map) Docker image information. + image: + # -- (string) The Docker image repository for the rollout-operator. + repository: quay.io/cdis/rollout-operator + # -- (string) The Docker image tag for the rollout-operator. + tag: master + serviceAccount: + # -- (bool) Whether to create a service account or not. In case 'create' is false, do set 'name' to an existing service account name. The "observability" SA will be created by default via Helm. + create: false + # -- (string) Override for the generated service account name. + name: observability + + mimir: + # -- (map) Structured configuration settings for mimir. + structuredConfig: + limits: + # -- (int) Maximum number of global series allowed per user. Set to '0' for unlimited. + max_global_series_per_user: 0 + # -- (int) The rate limit for ingestion, measured in samples per second. + ingestion_rate: 10000000 + common: + storage: + # -- (string) Backend storage configuration. For example, s3 for AWS S3 storage. + backend: s3 + s3: + # -- (string) The S3 endpoint to use for storage. Ensure this matches your region. + endpoint: s3.us-east-1.amazonaws.com + # -- (string) AWS region where your S3 bucket is located. + region: us-east-1 + # # -- (string) Name of the S3 bucket used for storage. + # bucket_name: + blocks_storage: + # -- (string) Prefix used for storing blocks data. + storage_prefix: blocks + alertmanager_storage: + # -- (string) Prefix used for storing Alertmanager data. + storage_prefix: alertmanager + ruler_storage: + # -- (string) Prefix used for storing ruler data. + storage_prefix: ruler + query_scheduler: + # -- (string) Mode for service discovery in the query scheduler. Set to 'dns' for DNS-based service discovery. + service_discovery_mode: "dns" + + alertmanager: + # -- (map) Configuration for persistent volume in Alertmanager. + persistentVolume: + # -- (bool) Enable or disable the persistent volume for Alertmanager. Set to 'true' to enable, 'false' to disable. + enabled: true + # -- (int) Number of replicas for Alertmanager. Determines how many instances of Alertmanager to run. + replicas: 3 + # -- (map) Affinity rules for scheduling Alertmanager pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + resources: + # -- (map) Resource limits for Alertmanager pods. + limits: + # -- (string) Memory limit for Alertmanager pods. + memory: 2Gi + # -- (map) Resource requests for Alertmanager pods. + requests: + # -- (string) CPU request for Alertmanager pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for Alertmanager pods. Determines how much memory is guaranteed for the pod. + memory: 1Gi + # -- (map) Configuration for deploying Alertmanager as a StatefulSet. + statefulSet: + # -- (bool) Enable or disable the StatefulSet deployment for Alertmanager. Set to 'true' to enable, 'false' to disable. + enabled: true + + compactor: + # -- (map) Affinity rules for scheduling compactor pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (map) Persistent volume configuration for the compactor component. + persistentVolume: + # -- (string) Size of the persistent volume to be used by the compactor. + size: 50Gi + resources: + # -- (map) Resource limits for the compactor component. + limits: + # -- (string) Memory limit for the compactor pods. + memory: 3Gi + # -- (map) Resource requests for the compactor component. + requests: + # -- (string) CPU request for the compactor pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for the compactor pods. Determines how much memory is guaranteed for the pod. + memory: 2Gi + + distributor: + # -- (map) Affinity rules for scheduling distributor pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the distributor component. Determines how many instances to run. + replicas: 3 + resources: + # -- (map) Resource limits for the distributor component. + limits: + # -- (string) Memory limit for the distributor pods. + memory: 12Gi + # -- (map) Resource requests for the distributor component. + requests: + # -- (string) CPU request for the distributor pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the distributor pods. Determines how much memory is guaranteed for the pod. + memory: 8Gi + + ingester: + # -- (map) Persistent volume configuration for the ingester component. + persistentVolume: + # -- (string) Size of the persistent volume to be used by the ingester. + size: 50Gi + # -- (int) Number of replicas for the ingester component. Determines how many instances to run. + replicas: 5 + resources: + # -- (map) Resource limits for the ingester component. + limits: + # -- (string) Memory limit for the ingester pods. + memory: 12Gi + # -- (map) Resource requests for the ingester component. + requests: + # -- (string) CPU request for the ingester pods. Determines how much CPU is guaranteed for the pod. + cpu: 3.5 + # -- (string) Memory request for the ingester pods. Determines how much memory is guaranteed for the pod. + memory: 8Gi + # -- (map) Topology spread constraints for the ingester component. Empty by default. + topologySpreadConstraints: {} + affinity: + # -- (map) Affinity rules for scheduling ingester pods. + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (map) Zone-aware replication settings. Helps distribute data across zones. + zoneAwareReplication: + # -- (string) Topology key used for zone-aware replication. + topologyKey: 'kubernetes.io/hostname' + + overrides_exporter: + # -- (map) Affinity rules for scheduling overrides_exporter pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the overrides_exporter component. Determines how many instances to run. + replicas: 1 + resources: + # -- (map) Resource limits for the overrides_exporter component. + limits: + # -- (string) Memory limit for the overrides_exporter pods. + memory: 128Mi + # -- (map) Resource requests for the overrides_exporter component. + requests: + # -- (string) CPU request for the overrides_exporter pods. Determines how much CPU is guaranteed for the pod. + cpu: 100m + # -- (string) Memory request for the overrides_exporter pods. Determines how much memory is guaranteed for the pod. + memory: 128Mi + + querier: + # -- (map) Affinity rules for scheduling querier pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the querier component. Determines how many instances to run. + replicas: 3 + resources: + # -- (map) Resource limits for the querier component. + limits: + # -- (string) Memory limit for the querier pods. + memory: 8Gi + # -- (map) Resource requests for the querier component. + requests: + # -- (string) CPU request for the querier pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the querier pods. Determines how much memory is guaranteed for the pod. + memory: 6Gi + + query_scheduler: + # -- (map) Affinity rules for scheduling query_scheduler pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + + query_frontend: + # -- (map) Affinity rules for scheduling query_frontend pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the query_frontend component. Determines how many instances to run. + replicas: 2 + resources: + # -- (map) Resource limits for the query_frontend component. + limits: + # -- (string) Memory limit for the query_frontend pods. + memory: 3Gi + # -- (map) Resource requests for the query_frontend component. + requests: + # -- (string) CPU request for the query_frontend pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the query_frontend pods. Determines how much memory is guaranteed for the pod. + memory: 2Gi + + + ruler: + # -- (map) Affinity rules for scheduling ruler pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the ruler component. Determines how many instances to run. + replicas: 2 + resources: + # -- (map) Resource limits for the ruler component. + limits: + # -- (string) Memory limit for the ruler pods. + memory: 5Gi + # -- (map) Resource requests for the ruler component. + requests: + # -- (string) CPU request for the ruler pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for the ruler pods. Determines how much memory is guaranteed for the pod. + memory: 4Gi + + store_gateway: + # -- (map) Affinity rules for scheduling store_gateway pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (map) Persistent volume configuration for the store_gateway component. + persistentVolume: + # -- (string) Size of the persistent volume to be used by the store_gateway. + size: 50Gi + # -- (int) Number of replicas for the store_gateway component. Determines how many instances to run. + replicas: 2 + resources: + # -- (map) Resource limits for the store_gateway component. + limits: + # -- (string) Memory limit for the store_gateway pods. + memory: 8Gi + # -- (map) Resource requests for the store_gateway component. + requests: + # -- (string) CPU request for the store_gateway pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for the store_gateway pods. Determines how much memory is guaranteed for the pod. + memory: 6Gi + # -- (map) Topology spread constraints for the store_gateway component. Empty by default. + topologySpreadConstraints: {} + # -- (map) Zone-aware replication settings. Helps distribute data across zones. + zoneAwareReplication: + # -- (string) Topology key used for zone-aware replication. + topologyKey: 'kubernetes.io/hostname' + + nginx: + # -- (string) Affinity rules for scheduling nginx pods. Passed in as a multiline string. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + image: + # -- (string) Container image registry for nginx. + registry: quay.io/nginx + # -- (string) Repository for nginx unprivileged image. + repository: nginx-unprivileged + # -- (int) Number of replicas for the nginx component. Determines how many instances to run. + replicas: 3 + resources: + # -- (map) Resource limits for the nginx component. + limits: + # -- (string) Memory limit for the nginx pods. + memory: 731Mi + # -- (map) Resource requests for the nginx component. + requests: + # -- (string) CPU request for the nginx pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for the nginx pods. Determines how much memory is guaranteed for the pod. + memory: 512Mi + + gateway: + # -- (map) Affinity rules for scheduling gateway pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the gateway component. Determines how many instances to run. + replicas: 3 + resources: + # -- (map) Resource limits for the gateway component. + limits: + # -- (string) Memory limit for the gateway pods. + memory: 731Mi + # -- (map) Resource requests for the gateway component. + requests: + # -- (string) CPU request for the gateway pods. Determines how much CPU is guaranteed for the pod. + cpu: 1 + # -- (string) Memory request for the gateway pods. Determines how much memory is guaranteed for the pod. + memory: 512Mi + + + # -- (map) Loki configuration. + loki: + # -- (map) Persistence settings for loki. + persistence: + # -- (bool) Enable or disable persistence. + enabled: true + # -- (string) Service account configuration for loki. + serviceAccount: + # -- (string) Service account to use (will be created by default via this helm chart). + name: observability + gateway: + # -- (string) Affinity rules for scheduling gateway pods. Passed in as a multiline string. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - us-east-1a + # -- (map) Loki ingress configuration. + ingress: + # -- (map) Annotations to add to loki ingress. + annotations: {} + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internal + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: ip + # -- (bool) Enable or disable loki ingress. + enabled: true + # -- (string) Class name for ingress. + ingressClassName: "alb" + # -- (list) Hosts for loki ingress. + hosts: + # -- (string) Hostname for loki ingress. + - host: loki.example.com + paths: + # New data structure introduced + - path: / + # Newly added optional property + pathType: Prefix + + # -- (map) Scaling and configuring loki querier. + querier: + # -- (map) Resource requests and limits for querier. + resources: + # -- (map) Resource limits for the querier component. + limits: + # -- (string) Memory limit for the querier pods. + memory: 6Gi + # -- (map) Resource requests for the querier component. + requests: + # -- (string) CPU request for the querier pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the querier pods. Determines how much memory is guaranteed for the pod. + memory: 4Gi + # -- (string) Affinity rules for scheduling querier pods. Passed in as a multiline string. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + + # -- (map) Scaling and configuring loki queryFrontend. + queryFrontend: + # -- (map) Resource requests and limits for queryFrontend. + resources: + # -- (map) Resource limits for the queryFrontend component. + limits: + # -- (string) Memory limit for the queryFrontend pods. + memory: 6Gi + # -- (map) Resource requests for the queryFrontend component. + requests: + # -- (string) CPU request for the queryFrontend pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the queryFrontend pods. Determines how much memory is guaranteed for the pod. + memory: 4Gi + # -- (map) Affinity rules for scheduling queryFrontend pods. Passed in as a multiline string. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + + # -- (map) Scaling and configuring loki distributor. + distributor: + # -- (map) Affinity rules for scheduling distributor pods. Passed in as a multiline string. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (int) Number of replicas for the distributor component. Determines how many instances to run. + replicas: 3 + # -- (int) Maximum number of unavailable replicas allowed during an update. + maxUnavailable: 2 + resources: + # -- (map) Resource limits for the distributor component. + limits: + # -- (string) Memory limit for the distributor pods. + memory: 6Gi + # -- (map) Resource requests for the distributor component. + requests: + # -- (string) CPU request for the distributor pods. Determines how much CPU is guaranteed for the pod. + cpu: 2 + # -- (string) Memory request for the distributor pods. Determines how much memory is guaranteed for the pod. + memory: 4Gi + + + # -- (map) Scaling and configuring loki ingester. Passed in as a multiline string. + ingester: + # -- (map) Affinity rules for scheduling ingester pods. + affinity: | + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (map) Persistent volume configuration for the ingester component. + persistentVolume: + # -- (string) Size of the persistent volume to be used by the ingester. + size: 50Gi + # -- (int) Number of replicas for the ingester component. Determines how many instances to run. + replicas: 3 + # -- (int) Maximum number of unavailable replicas allowed during an update. + maxUnavailable: 2 + resources: + # -- (map) Resource limits for the ingester component. + limits: + # -- (string) Memory limit for the ingester pods. + memory: 12Gi + # -- (map) Resource requests for the ingester component. + requests: + # -- (string) CPU request for the ingester pods. Determines how much CPU is guaranteed for the pod. + cpu: 3.5 + # -- (string) Memory request for the ingester pods. Determines how much memory is guaranteed for the pod. + memory: 8Gi + + + # -- (map) Loki configuration. + loki: + # -- (map) Loki image details. + image: + # -- (string) Container image registry for Loki. + registry: quay.io/cdis + # -- (string) Repository for the Loki image. + repository: loki + # -- (string) Tag for the Loki image version. + tag: master + + # -- (map) Schema configuration for Loki. + schemaConfig: + configs: + - from: 2024-04-01 + # -- (string) Storage engine used by Loki. + store: tsdb + # -- (string) Object store for Loki data (e.g., S3). + object_store: s3 + # -- (string) Schema version for Loki. + schema: v13 + # -- (map) Index configuration for Loki. + index: + # -- (string) Prefix for the Loki index. + prefix: loki_index_ + # -- (string) Index rotation period for Loki, in hours. + period: 24h + # -- (map) Structured configuration settings for Loki. + structuredConfig: + server: + # -- (string) Log level for Loki server. Options include 'info', 'debug', etc. + log_level: debug + limits_config: + # -- (int) Maximum number of series that can be queried at once. + max_query_series: 30000 + # -- (int) Maximum number of streams a single user can have. + max_streams_per_user: 100000 + # -- (int) Maximum number of log entries per query. + max_entries_limit_per_query: 100000000 + common: + # -- (string) Path prefix where Loki stores data. + path_prefix: /var/loki + storage: + # -- (null) Filesystem storage is disabled. + filesystem: null + s3: + # -- (string) AWS region for S3 storage. + region: us-east-1 + # # -- (string) S3 bucket names for Loki storage. + # bucketnames: + + # -- (map) Grafana configuration. + grafana: + # -- (bool) Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. + enabled: true + # -- (map) Affinity rules for scheduling Grafana pods. + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a + # -- (map) Init container to chown data directories for Grafana. + initChownData: + image: + # -- (string) Container image registry for the init container. + registry: quay.io/cdis + # -- (string) Repository for the busybox image. + repository: busybox + # -- (string) Tag for the busybox image version. + tag: 1.32.0 + # -- (map) Image used to download Grafana dashboards. + downloadDashboardsImage: + # -- (string) Container image registry for the dashboard download image. + registry: quay.io/curl + # -- (string) Repository for the curl image. + repository: curl + # -- (string) Tag for the curl image version. + tag: 8.8.0 + + # -- (string) Reference a secret for environment variables. + envFromSecret: + ingress: + # -- (bool) Enable or disable ingress for Grafana. + enabled: true + # -- (map) Annotations for Grafana ingress. + annotations: {} + + ## Recommended annotations for AWS ALB (Application Load Balancer). + # alb.ingress.kubernetes.io/ssl-redirect: '443' + # alb.ingress.kubernetes.io/certificate-arn: + # alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600 + # alb.ingress.kubernetes.io/scheme: internet-facing + # alb.ingress.kubernetes.io/ssl-policy: + # alb.ingress.kubernetes.io/tags: Environment= + # alb.ingress.kubernetes.io/target-type: 'ip' + # alb.ingress.kubernetes.io/inbound-cidrs: + # -- (list) Hostname(s) for Grafana ingress. + hosts: + - grafana.example.com + # -- (string) Ingress class name to be used (e.g., 'alb' for AWS Application Load Balancer). + ingressClassName: "alb" + tls: + # -- (list) TLS configuration for the ingress. Reference to a secret that contains the TLS certificate. + - secretName: aws-load-balancer-tls + # -- (map) Persistence configuration for Grafana. + persistence: + # -- (bool) Enable or disable persistence for Grafana data. + enabled: true + + # -- (map) Image configuration for Grafana. + image: + # -- (string) Container image registry for Grafana. + registry: quay.io/cdis + # -- (string) Repository for the Grafana image. + repository: grafana + # -- (string) Pull policy for the Grafana image (e.g., 'Always'). + pullPolicy: Always + # -- (string) Tag for the Grafana image version. + tag: master + + # -- (map) Environment variables for Grafana. + env: + # -- (string) Root URL configuration for the Grafana server. + GF_SERVER_ROOT_URL: "https://grafana.example.com" + + # -- (map) Configuration for dashboard providers in Grafana. + dashboardProviders: + dashboardproviders.yaml: + # -- (int) API version for dashboard provider configuration. + apiVersion: 1 + # -- (list) List of dashboard providers. + providers: + - name: 'grafana-dashboards-kubernetes' + # -- (int) Organization ID in Grafana. + orgId: 1 + # -- (string) Folder where the dashboards will be placed in Grafana. + folder: 'Kubernetes' + # -- (string) Type of dashboard provider, usually 'file'. + type: file + # -- (bool) Prevent deletion of the provided dashboards. + disableDeletion: true + # -- (bool) Allow editing of the dashboards. + editable: true + # -- (map) Options for the dashboard provider. + options: + # -- (string) Path to the dashboard files. + path: /var/lib/grafana/dashboards/grafana-dashboards-kubernetes + + # -- (map) Dashboards configuration. URLs to fetch specific Kubernetes-related Grafana dashboards. + # Gen3 specific dashboards can be found here. https://github.com/uc-cdis/grafana-dashboards + dashboards: + grafana-dashboards-kubernetes: + k8s-system-api-server: + # -- (string) URL to the dashboard JSON file for the Kubernetes API server. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json + # -- (string) Authentication token for accessing the dashboard URL (optional). + token: '' + k8s-system-coredns: + # -- (string) URL to the dashboard JSON file for CoreDNS in Kubernetes. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json + token: '' + k8s-views-global: + # -- (string) URL to the dashboard JSON file for global views in Kubernetes. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json + token: '' + k8s-views-namespaces: + # -- (string) URL to the dashboard JSON file for Kubernetes namespace views. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json + token: '' + k8s-views-nodes: + # -- (string) URL to the dashboard JSON file for Kubernetes node views. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json + token: '' + k8s-views-pods: + # -- (string) URL to the dashboard JSON file for Kubernetes pod views. + url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json + token: '' + + grafana.ini: + # -- (map) Okta authentication settings in Grafana. + auth.okta: + # -- (bool) Enable or disable Okta authentication. + enabled: true + # -- (string) Icon used for Okta in the Grafana UI. + icon: okta + # -- (bool) Allow users to sign up automatically using Okta. + allow_sign_up: true + # -- (bool) Automatically log in users using Okta when visiting Grafana. + auto_login: true + # # -- (string) Okta client ID. + # client_id: + # # -- (string) Okta client secret. + # client_secret: + # # -- (string) Okta authorization URL. + # auth_url: + # # -- (string) Okta token URL. + # token_url: + # # -- (string) Okta API URL. + # api_url: + # -- (map) User configuration settings in Grafana. + users: + # -- (string) Auto-assign the specified role to new users upon login. Options: Viewer, Editor, Admin. + auto_assign_org_role: Editor + # -- (map) Logging configuration in Grafana. + log: + # -- (string) Logging level for Grafana. Options: debug, info, warn, error. + level: debug + # -- (map) Server configuration in Grafana. + server: + # -- (string) Domain name for the Grafana server. + domain: grafana.example.com + # -- (string) Root URL for Grafana, using the domain name. + root_url: "https://%(domain)s/" + # -- (map) Feature toggles in Grafana. + feature_toggles: + # -- (bool) Enable Single Sign-On (SSO) settings API. + ssoSettingsApi: true + # -- (bool) Enable support for transformations using variables in Grafana. + transformationsVariableSupport: true + # -- (list) Features to be enabled in Grafana. + enable: ssoSettingsAPI transformationsVariableSupport + + # -- (map) Gen3 built-in alerting configuration in Grafana. + alerting: + # -- (string) Alerting rules configuration file. + rules.yaml: + # -- (int) API version for the alerting rules configuration. + apiVersion: 1 + # -- (list) Groups of alerting rules. + groups: + - orgId: 1 + # -- (string) Name of the alert group. + name: Alerts + # -- (string) Folder where the alerts will be placed in Grafana. + folder: Alerts + # -- (string) Interval at which the alert rules are evaluated. + interval: 5m + # -- (list) List of alerting rules to be defined (add specific rules here). + rules: + - uid: edwb8zgcvq96oc + title: HTTP 500 errors detected + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({cluster=~".+"} | json | http_status_code="500" [1h])) > 0 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + summary: 'Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}' + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: adwb9vhb7irr4b + title: Error Logs Detected in Usersync Job + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster, namespace) (count_over_time({ app="gen3job", job_name=~"usersync-.*"} |= "ERROR - could not revoke policies from user `N/A`" [5m])) > 1 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}. + summary: Error Logs Detected in Usersync Job + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: ddwbc12l6wc8wf + title: Hatchery panic in {{`{{ env.name }}`}} + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({app="hatchery"} |= "panic" [5m])) > 1 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}. + summary: Hatchery panic + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: cdwbcbphz1zb4a + title: Http status code 431 + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum(count_over_time({cluster=~".+"} | json | http_status_code="431" [5m])) >= 2 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: Detected 431 HTTP status codes in the logs within the last 5 minutes. + summary: Http status code 431 + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: bdwbck1lgwdfka + title: Indexd is getting an excessive amount of traffic + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (cluster) (count_over_time({cluster=~".+", app="indexd", status="info"} [5m])) > 50000 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}. + summary: Indexd is getting an excessive amount of traffic + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: fdwbe5t439zpcd + title: Karpenter Resource Mismatch + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: | + sum by (cluster) (count_over_time({namespace="karpenter", cluster=~".+"} |= "ERROR" |= "not found" |= "getting providerRef" [5m])) > 10 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found. + summary: Karpenter Resource Mismatch + labels: {} + isPaused: false + notification_settings: + receiver: Slack + - uid: fdwbeuftc7400c + title: Nginx is logging excessive " limiting requests, excess:" + condition: A + data: + - refId: A + queryType: instant + relativeTimeRange: + from: 600 + to: 0 + datasourceUid: loki + model: + datasource: + type: loki + uid: loki + editorMode: code + expr: sum by (app, cluster) (count_over_time({app=~".+", cluster=~".+"} |= "status:error" |= "limiting requests, excess:" [5m])) > 1000 + hide: false + intervalMs: 1000 + maxDataPoints: 43200 + queryType: instant + refId: A + noDataState: OK + execErrState: KeepLast + for: 5m + annotations: + description: 'More than 1000 "limiting requests, excess" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.' + summary: Nginx is logging excessive " limiting requests, excess:" + labels: {} + isPaused: false + notification_settings: + receiver: Slack + contactpoints.yaml: + secret: + apiVersion: 1 + contactPoints: + - orgId: 1 + name: slack + receivers: + - uid: first_uid + type: Slack + settings: + url: https://hooks.slack.com/services/XXXXXXXXXX + group: slack + summary: | + {{ `{{ include "default.message" . }}` }} \ No newline at end of file diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8d1e3674..8d9884c5 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -102,5 +102,3 @@ A Helm chart for gen3 Peregrine service | volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 06e094e3..21914338 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -82,5 +82,3 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/portal/README.md b/helm/portal/README.md index 91329bc4..daafacfc 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -101,5 +101,3 @@ A Helm chart for gen3 data-portal | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/requestor/README.md b/helm/requestor/README.md index da178289..85792b12 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -117,5 +117,3 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 8d4bb54e..59baa504 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -104,5 +104,3 @@ A Helm chart for gen3 revproxy | tolerations | list | `[]` | Tolerations to use for the deployment. | | userhelperEnabled | bool | `false` | | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 1f744fa3..afbdd189 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -110,5 +110,3 @@ A Helm chart for gen3 Sheepdog Service | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/sower/README.md b/helm/sower/README.md index 62fd6a20..9644ad2e 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -181,5 +181,3 @@ A Helm chart for gen3 sower | volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 53df78fc..3bb1ab0a 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -112,5 +112,3 @@ A Helm chart for gen3 ssjdispatcher | volumeMounts | list | `[{"mountPath":"/credentials.json","name":"ssjdispatcher-creds-volume","readOnly":true,"subPath":"credentials.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/test.yaml b/helm/test.yaml new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/helm/test.yaml @@ -0,0 +1 @@ + diff --git a/helm/wts/README.md b/helm/wts/README.md index 3e545b7e..f755b799 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -105,5 +105,3 @@ A Helm chart for gen3 workspace token service | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 7928ed2ae365dedf592d3fae42625f5f9462f7ed Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:29:15 -0600 Subject: [PATCH 226/279] adding README.md for alloy and faro --- helm/alloy/README.md | 30 ++++++++++++++++++++++++++++++ helm/faro-collector/README.md | 32 ++++++++++++++++++++++++++++++++ helm/observability/values.yaml | 2 +- 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 helm/alloy/README.md create mode 100644 helm/faro-collector/README.md diff --git a/helm/alloy/README.md b/helm/alloy/README.md new file mode 100644 index 00000000..5c6a6b75 --- /dev/null +++ b/helm/alloy/README.md @@ -0,0 +1,30 @@ +# alloy + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) + +A Helm chart for deploying Grafana Alloy + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://grafana.github.io/helm-charts | alloy | 0.9.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| alloy.alloy.clustering.enabled | bool | `true` | | +| alloy.alloy.configMap.key | string | `"config"` | | +| alloy.alloy.configMap.name | string | `"alloy-gen3"` | | +| alloy.alloy.extraPorts | list | `[{"name":"otel-grpc","port":4317,"protocol":"TCP","targetPort":4317},{"name":"otel-http","port":4318,"protocol":"TCP","targetPort":4318}]` | Extra ports to expose on the Alloy container. | +| alloy.alloy.resources.requests.cpu | string | `"1000m"` | | +| alloy.alloy.resources.requests.memory | string | `"1Gi"` | | +| alloy.alloy.stabilityLevel | string | `"public-preview"` | | +| alloy.alloy.uiPathPrefix | string | `"/alloy"` | | +| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n write_to = [loki.write.endpoint.receiver]\n}\n\n/////////////////////// OTLP START ///////////////////////\n\notelcol.receiver.otlp \"default\" {\n grpc {}\n http {}\n\n output {\n metrics = [otelcol.processor.batch.default.input]\n traces = [otelcol.processor.batch.default.input]\n }\n}\n\notelcol.processor.batch \"default\" {\n output {\n metrics = [otelcol.exporter.prometheus.default.input]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}\n\notelcol.exporter.prometheus \"default\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://monitoring-tempo-distributor.monitoring:4317\"\n // Configure TLS settings for communicating with the endpoint.\n tls {\n // The connection is insecure.\n insecure = true\n // Do not verify TLS certificates when connecting.\n insecure_skip_verify = true\n }\n }\n}\n\n\n/////////////////////// OTLP END ///////////////////////\n\n// discover all pods, to be used later in this config\ndiscovery.kubernetes \"pods\" {\n role = \"pod\"\n}\n\n// discover all services, to be used later in this config\ndiscovery.kubernetes \"services\" {\n role = \"service\"\n}\n\n// discover all nodes, to be used later in this config\ndiscovery.kubernetes \"nodes\" {\n role = \"node\"\n}\n\n// Generic scrape of any pod with Annotation \"prometheus.io/scrape: true\"\ndiscovery.relabel \"annotation_autodiscovery_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the pod port\n // The discovery generates a target for each declared container port of the pod.\n // If the metricsPortName annotation has value, keep only the target where the port name matches the one of the annotation.\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n // If the metrics port number annotation has a value, override the target address to use it, regardless whether it is\n // one of the declared ports on that Pod.\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})\"\n replacement = \"[$2]:$1\" // IPv6\n target_label = \"__address__\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);((([0-9]+?)(\\\\.|$)){4})\" // IPv4, takes priority over IPv6 when both exists\n replacement = \"$2:$1\"\n target_label = \"__address__\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n\n\n // add labels\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n}\n\n// Generic scrape of any service with\n// Annotation Autodiscovery\ndiscovery.relabel \"annotation_autodiscovery_services\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the service port\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_port\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n}\n\nprometheus.scrape \"metrics\" {\n job_name = \"integrations/autodiscovery_metrics\"\n targets = concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output)\n honor_labels = true\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n\n// Node Exporter\n// TODO: replace with https://grafana.com/docs/alloy/latest/reference/components/prometheus.exporter.unix/\ndiscovery.relabel \"node_exporter\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_instance\"]\n regex = \"monitoring-extras\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n regex = \"node-exporter\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_node_name\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n}\n\nprometheus.scrape \"node_exporter\" {\n job_name = \"integrations/node_exporter\"\n targets = discovery.relabel.node_exporter.output\n scrape_interval = \"60s\"\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.node_exporter.receiver]\n}\n\nprometheus.relabel \"node_exporter\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|node_cpu.*|node_network.*|node_exporter_build_info|node_filesystem.*|node_memory.*|process_cpu_seconds_total|process_resident_memory_bytes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Logs from all pods\ndiscovery.relabel \"all_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n\n}\n\nloki.source.kubernetes \"pods\" {\n targets = discovery.relabel.all_pods.output\n forward_to = [loki.write.endpoint.receiver]\n}\n\n// kube-state-metrics\ndiscovery.relabel \"relabel_kube_state_metrics\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n regex = \"monitoring\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_name\"]\n regex = \"monitoring-extras-kube-state-metrics\"\n action = \"keep\"\n }\n}\n\nprometheus.scrape \"kube_state_metrics\" {\n targets = discovery.relabel.relabel_kube_state_metrics.output\n job_name = \"kube-state-metrics\"\n metrics_path = \"/metrics\"\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n// Kubelet\ndiscovery.relabel \"kubelet\" {\n targets = discovery.kubernetes.nodes.targets\n rule {\n target_label = \"__address__\"\n replacement = \"kubernetes.default.svc.cluster.local:443\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_node_name\"]\n regex = \"(.+)\"\n replacement = \"/api/v1/nodes/${1}/proxy/metrics\"\n target_label = \"__metrics_path__\"\n }\n}\n\nprometheus.scrape \"kubelet\" {\n job_name = \"integrations/kubernetes/kubelet\"\n targets = discovery.relabel.kubelet.output\n scheme = \"https\"\n scrape_interval = \"60s\"\n bearer_token_file = \"/var/run/secrets/kubernetes.io/serviceaccount/token\"\n tls_config {\n insecure_skip_verify = true\n }\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.kubelet.receiver]\n}\n\nprometheus.relabel \"kubelet\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|container_cpu_usage_seconds_total|kubelet_certificate_manager_client_expiration_renew_errors|kubelet_certificate_manager_client_ttl_seconds|kubelet_certificate_manager_server_ttl_seconds|kubelet_cgroup_manager_duration_seconds_bucket|kubelet_cgroup_manager_duration_seconds_count|kubelet_node_config_error|kubelet_node_name|kubelet_pleg_relist_duration_seconds_bucket|kubelet_pleg_relist_duration_seconds_count|kubelet_pleg_relist_interval_seconds_bucket|kubelet_pod_start_duration_seconds_bucket|kubelet_pod_start_duration_seconds_count|kubelet_pod_worker_duration_seconds_bucket|kubelet_pod_worker_duration_seconds_count|kubelet_running_container_count|kubelet_running_containers|kubelet_running_pod_count|kubelet_running_pods|kubelet_runtime_operations_errors_total|kubelet_runtime_operations_total|kubelet_server_expiration_renew_errors|kubelet_volume_stats_available_bytes|kubelet_volume_stats_capacity_bytes|kubelet_volume_stats_inodes|kubelet_volume_stats_inodes_used|kubernetes_build_info|namespace_workload_pod|rest_client_requests_total|storage_operation_duration_seconds_count|storage_operation_errors_total|volume_manager_total_volumes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Cluster Events\nloki.source.kubernetes_events \"cluster_events\" {\n job_name = \"integrations/kubernetes/eventhandler\"\n log_format = \"logfmt\"\n forward_to = [loki.write.endpoint.receiver]\n}\n\nprometheus.relabel \"metrics_service\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n\n// Write Endpoints\n// prometheus write endpoint\nprometheus.remote_write \"default\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://mimir.example.com/api/v1/push\"\n\n headers = {\n \"X-Scope-OrgID\" = \"anonymous\",\n }\n\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://loki.example.com/loki/api/v1/push\"\n }\n}"` | | +| alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"topology.kubernetes.io/zone"` | | +| alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | | +| alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"us-east-1a"` | | +| alloy.controller.type | string | `"deployment"` | | + diff --git a/helm/faro-collector/README.md b/helm/faro-collector/README.md new file mode 100644 index 00000000..92ef2253 --- /dev/null +++ b/helm/faro-collector/README.md @@ -0,0 +1,32 @@ +# alloy + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) + +A Helm chart for deploying Grafana Alloy + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://grafana.github.io/helm-charts | alloy | 0.9.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| alloy.alloy.clustering.enabled | bool | `true` | | +| alloy.alloy.configMap.key | string | `"config"` | | +| alloy.alloy.configMap.name | string | `"alloy-gen3"` | | +| alloy.alloy.extraPorts[0].name | string | `"faro"` | | +| alloy.alloy.extraPorts[0].port | int | `12347` | | +| alloy.alloy.extraPorts[0].protocol | string | `"TCP"` | | +| alloy.alloy.extraPorts[0].targetPort | int | `12347` | | +| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://grafana-tempo-distributor.monitoring:4317\"\n tls {\n insecure = true\n insecure_skip_verify = true\n }\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n endpoint {\n url = \"http://grafana-loki-gateway.monitoring:80/loki/api/v1/push\"\n }\n}\n\nfaro.receiver \"default\" {\n server {\n listen_address = \"0.0.0.0\"\n listen_port = 12347\n cors_allowed_origins = [\"*\"]\n }\n\n extra_log_labels = {\n service = \"frontend-app\",\n app_name = \"\",\n app_environment = \"\",\n app_namespace = \"\",\n app_version = \"\",\n }\n output {\n logs = [loki.write.endpoint.receiver]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}"` | | +| alloy.ingress.annotations | object | `{}` | | +| alloy.ingress.enabled | bool | `true` | Enables ingress for Alloy (Faro port) | +| alloy.ingress.faroPort | int | `12347` | | +| alloy.ingress.hosts[0] | string | `"faro.example.com"` | | +| alloy.ingress.ingressClassName | string | `"alb"` | | +| alloy.ingress.labels | object | `{}` | | +| alloy.ingress.path | string | `"/"` | | + diff --git a/helm/observability/values.yaml b/helm/observability/values.yaml index d2cc2cfb..075874ff 100644 --- a/helm/observability/values.yaml +++ b/helm/observability/values.yaml @@ -739,7 +739,7 @@ lgtm: ingressClassName: "alb" tls: # -- (list) TLS configuration for the ingress. Reference to a secret that contains the TLS certificate. - - secretName: aws-load-balancer-tls + - secretName: # -- (map) Persistence configuration for Grafana. persistence: # -- (bool) Enable or disable persistence for Grafana data. From 91710912b3e95182abe2e318a870415beeb44c2d Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:31:20 -0600 Subject: [PATCH 227/279] adding README.md for lgtm --- helm/observability/README.md | 309 +++++++++++++++++++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 helm/observability/README.md diff --git a/helm/observability/README.md b/helm/observability/README.md new file mode 100644 index 00000000..1fde09c2 --- /dev/null +++ b/helm/observability/README.md @@ -0,0 +1,309 @@ +# lgtma-chart + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart for deploying the LGTM stack with additional resources + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://grafana.github.io/helm-charts | lgtm(lgtm-distributed) | 2.1.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| lgtm.grafana | map | `{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}},"alerting":{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}},"dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":true,"editable":true,"folder":"Kubernetes","name":"grafana-dashboards-kubernetes","options":{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"},"orgId":1,"type":"file"}]}},"dashboards":{"grafana-dashboards-kubernetes":{"k8s-system-api-server":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json"},"k8s-system-coredns":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json"},"k8s-views-global":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json"},"k8s-views-namespaces":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json"},"k8s-views-nodes":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json"},"k8s-views-pods":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json"}}},"downloadDashboardsImage":{"registry":"quay.io/curl","repository":"curl","tag":"8.8.0"},"enabled":true,"env":{"GF_SERVER_ROOT_URL":"https://grafana.example.com"},"envFromSecret":null,"grafana.ini":{"auth.okta":{"allow_sign_up":true,"auto_login":true,"enabled":true,"icon":"okta"},"feature_toggles":{"enable":"ssoSettingsAPI transformationsVariableSupport","ssoSettingsApi":true,"transformationsVariableSupport":true},"log":{"level":"debug"},"server":{"domain":"grafana.example.com","root_url":"https://%(domain)s/"},"users":{"auto_assign_org_role":"Editor"}},"image":{"pullPolicy":"Always","registry":"quay.io/cdis","repository":"grafana","tag":"master"},"ingress":{"annotations":{},"enabled":true,"hosts":["grafana.example.com"],"ingressClassName":"alb","tls":[{"secretName":null}]},"initChownData":{"image":{"registry":"quay.io/cdis","repository":"busybox","tag":"1.32.0"}},"persistence":{"enabled":true}}` | Grafana configuration. | +| lgtm.grafana."grafana.ini"."auth.okta" | map | `{"allow_sign_up":true,"auto_login":true,"enabled":true,"icon":"okta"}` | Okta authentication settings in Grafana. | +| lgtm.grafana."grafana.ini"."auth.okta".allow_sign_up | bool | `true` | Allow users to sign up automatically using Okta. | +| lgtm.grafana."grafana.ini"."auth.okta".auto_login | bool | `true` | Automatically log in users using Okta when visiting Grafana. | +| lgtm.grafana."grafana.ini"."auth.okta".enabled | bool | `true` | Enable or disable Okta authentication. | +| lgtm.grafana."grafana.ini"."auth.okta".icon | string | `"okta"` | Icon used for Okta in the Grafana UI. | +| lgtm.grafana."grafana.ini".feature_toggles | map | `{"enable":"ssoSettingsAPI transformationsVariableSupport","ssoSettingsApi":true,"transformationsVariableSupport":true}` | Feature toggles in Grafana. | +| lgtm.grafana."grafana.ini".feature_toggles.enable | list | `"ssoSettingsAPI transformationsVariableSupport"` | Features to be enabled in Grafana. | +| lgtm.grafana."grafana.ini".feature_toggles.ssoSettingsApi | bool | `true` | Enable Single Sign-On (SSO) settings API. | +| lgtm.grafana."grafana.ini".feature_toggles.transformationsVariableSupport | bool | `true` | Enable support for transformations using variables in Grafana. | +| lgtm.grafana."grafana.ini".log | map | `{"level":"debug"}` | Logging configuration in Grafana. | +| lgtm.grafana."grafana.ini".log.level | string | `"debug"` | Logging level for Grafana. Options: debug, info, warn, error. | +| lgtm.grafana."grafana.ini".server | map | `{"domain":"grafana.example.com","root_url":"https://%(domain)s/"}` | Server configuration in Grafana. | +| lgtm.grafana."grafana.ini".server.domain | string | `"grafana.example.com"` | Domain name for the Grafana server. | +| lgtm.grafana."grafana.ini".server.root_url | string | `"https://%(domain)s/"` | Root URL for Grafana, using the domain name. | +| lgtm.grafana."grafana.ini".users | map | `{"auto_assign_org_role":"Editor"}` | User configuration settings in Grafana. | +| lgtm.grafana."grafana.ini".users.auto_assign_org_role | string | `"Editor"` | Auto-assign the specified role to new users upon login. Options: Viewer, Editor, Admin. | +| lgtm.grafana.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling Grafana pods. | +| lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.grafana.alerting | map | `{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}}` | Gen3 built-in alerting configuration in Grafana. | +| lgtm.grafana.alerting."rules.yaml" | string | `{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}` | Alerting rules configuration file. | +| lgtm.grafana.alerting."rules.yaml".apiVersion | int | `1` | API version for the alerting rules configuration. | +| lgtm.grafana.alerting."rules.yaml".groups | list | `[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]` | Groups of alerting rules. | +| lgtm.grafana.alerting."rules.yaml".groups[0].folder | string | `"Alerts"` | Folder where the alerts will be placed in Grafana. | +| lgtm.grafana.alerting."rules.yaml".groups[0].interval | string | `"5m"` | Interval at which the alert rules are evaluated. | +| lgtm.grafana.alerting."rules.yaml".groups[0].name | string | `"Alerts"` | Name of the alert group. | +| lgtm.grafana.alerting."rules.yaml".groups[0].rules | list | `[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]` | List of alerting rules to be defined (add specific rules here). | +| lgtm.grafana.dashboardProviders | map | `{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":true,"editable":true,"folder":"Kubernetes","name":"grafana-dashboards-kubernetes","options":{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"},"orgId":1,"type":"file"}]}}` | Configuration for dashboard providers in Grafana. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".apiVersion | int | `1` | API version for dashboard provider configuration. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers | list | `[{"disableDeletion":true,"editable":true,"folder":"Kubernetes","name":"grafana-dashboards-kubernetes","options":{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"},"orgId":1,"type":"file"}]` | List of dashboard providers. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].disableDeletion | bool | `true` | Prevent deletion of the provided dashboards. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].editable | bool | `true` | Allow editing of the dashboards. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].folder | string | `"Kubernetes"` | Folder where the dashboards will be placed in Grafana. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].options | map | `{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"}` | Options for the dashboard provider. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].options.path | string | `"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"` | Path to the dashboard files. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].orgId | int | `1` | Organization ID in Grafana. | +| lgtm.grafana.dashboardProviders."dashboardproviders.yaml".providers[0].type | string | `"file"` | Type of dashboard provider, usually 'file'. | +| lgtm.grafana.dashboards | map | `{"grafana-dashboards-kubernetes":{"k8s-system-api-server":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json"},"k8s-system-coredns":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json"},"k8s-views-global":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json"},"k8s-views-namespaces":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json"},"k8s-views-nodes":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json"},"k8s-views-pods":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json"}}}` | Dashboards configuration. URLs to fetch specific Kubernetes-related Grafana dashboards. Gen3 specific dashboards can be found here. https://github.com/uc-cdis/grafana-dashboards | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-system-api-server.token | string | `""` | Authentication token for accessing the dashboard URL (optional). | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-system-api-server.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json"` | URL to the dashboard JSON file for the Kubernetes API server. | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-system-coredns.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json"` | URL to the dashboard JSON file for CoreDNS in Kubernetes. | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-views-global.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json"` | URL to the dashboard JSON file for global views in Kubernetes. | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-views-namespaces.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json"` | URL to the dashboard JSON file for Kubernetes namespace views. | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-views-nodes.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json"` | URL to the dashboard JSON file for Kubernetes node views. | +| lgtm.grafana.dashboards.grafana-dashboards-kubernetes.k8s-views-pods.url | string | `"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json"` | URL to the dashboard JSON file for Kubernetes pod views. | +| lgtm.grafana.downloadDashboardsImage | map | `{"registry":"quay.io/curl","repository":"curl","tag":"8.8.0"}` | Image used to download Grafana dashboards. | +| lgtm.grafana.downloadDashboardsImage.registry | string | `"quay.io/curl"` | Container image registry for the dashboard download image. | +| lgtm.grafana.downloadDashboardsImage.repository | string | `"curl"` | Repository for the curl image. | +| lgtm.grafana.downloadDashboardsImage.tag | string | `"8.8.0"` | Tag for the curl image version. | +| lgtm.grafana.enabled | bool | `true` | Deploy Grafana if enabled. See [upstream readme](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) for full values reference. | +| lgtm.grafana.env | map | `{"GF_SERVER_ROOT_URL":"https://grafana.example.com"}` | Environment variables for Grafana. | +| lgtm.grafana.env.GF_SERVER_ROOT_URL | string | `"https://grafana.example.com"` | Root URL configuration for the Grafana server. | +| lgtm.grafana.envFromSecret | string | `nil` | Reference a secret for environment variables. | +| lgtm.grafana.image | map | `{"pullPolicy":"Always","registry":"quay.io/cdis","repository":"grafana","tag":"master"}` | Image configuration for Grafana. | +| lgtm.grafana.image.pullPolicy | string | `"Always"` | Pull policy for the Grafana image (e.g., 'Always'). | +| lgtm.grafana.image.registry | string | `"quay.io/cdis"` | Container image registry for Grafana. | +| lgtm.grafana.image.repository | string | `"grafana"` | Repository for the Grafana image. | +| lgtm.grafana.image.tag | string | `"master"` | Tag for the Grafana image version. | +| lgtm.grafana.ingress.annotations | map | `{}` | Annotations for Grafana ingress. | +| lgtm.grafana.ingress.enabled | bool | `true` | Enable or disable ingress for Grafana. | +| lgtm.grafana.ingress.hosts | list | `["grafana.example.com"]` | Hostname(s) for Grafana ingress. | +| lgtm.grafana.ingress.ingressClassName | string | `"alb"` | Ingress class name to be used (e.g., 'alb' for AWS Application Load Balancer). | +| lgtm.grafana.ingress.tls[0] | list | `{"secretName":null}` | TLS configuration for the ingress. Reference to a secret that contains the TLS certificate. | +| lgtm.grafana.initChownData | map | `{"image":{"registry":"quay.io/cdis","repository":"busybox","tag":"1.32.0"}}` | Init container to chown data directories for Grafana. | +| lgtm.grafana.initChownData.image.registry | string | `"quay.io/cdis"` | Container image registry for the init container. | +| lgtm.grafana.initChownData.image.repository | string | `"busybox"` | Repository for the busybox image. | +| lgtm.grafana.initChownData.image.tag | string | `"1.32.0"` | Tag for the busybox image version. | +| lgtm.grafana.persistence | map | `{"enabled":true}` | Persistence configuration for Grafana. | +| lgtm.grafana.persistence.enabled | bool | `true` | Enable or disable persistence for Grafana data. | +| lgtm.loki.distributor | map | `{"affinity":"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n","maxUnavailable":2,"replicas":3,"resources":{"limits":{"memory":"6Gi"},"requests":{"cpu":2,"memory":"4Gi"}}}` | Scaling and configuring loki distributor. | +| lgtm.loki.distributor.affinity | map | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n"` | Affinity rules for scheduling distributor pods. Passed in as a multiline string. | +| lgtm.loki.distributor.maxUnavailable | int | `2` | Maximum number of unavailable replicas allowed during an update. | +| lgtm.loki.distributor.replicas | int | `3` | Number of replicas for the distributor component. Determines how many instances to run. | +| lgtm.loki.distributor.resources.limits | map | `{"memory":"6Gi"}` | Resource limits for the distributor component. | +| lgtm.loki.distributor.resources.limits.memory | string | `"6Gi"` | Memory limit for the distributor pods. | +| lgtm.loki.distributor.resources.requests | map | `{"cpu":2,"memory":"4Gi"}` | Resource requests for the distributor component. | +| lgtm.loki.distributor.resources.requests.cpu | string | `2` | CPU request for the distributor pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.loki.distributor.resources.requests.memory | string | `"4Gi"` | Memory request for the distributor pods. Determines how much memory is guaranteed for the pod. | +| lgtm.loki.gateway.affinity | string | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: topology.kubernetes.io/zone\n operator: In\n values:\n - us-east-1a\n"` | Affinity rules for scheduling gateway pods. Passed in as a multiline string. | +| lgtm.loki.gateway.ingress.annotations | object | `{}` | | +| lgtm.loki.gateway.ingress.enabled | bool | `true` | Enable or disable loki ingress. | +| lgtm.loki.gateway.ingress.hosts | list | `[{"host":"loki.example.com","paths":[{"path":"/","pathType":"Prefix"}]}]` | Hosts for loki ingress. | +| lgtm.loki.gateway.ingress.hosts[0] | string | `{"host":"loki.example.com","paths":[{"path":"/","pathType":"Prefix"}]}` | Hostname for loki ingress. | +| lgtm.loki.gateway.ingress.ingressClassName | string | `"alb"` | Class name for ingress. | +| lgtm.loki.ingester | map | `{"affinity":"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n","maxUnavailable":2,"persistentVolume":{"size":"50Gi"},"replicas":3,"resources":{"limits":{"memory":"12Gi"},"requests":{"cpu":3.5,"memory":"8Gi"}}}` | Scaling and configuring loki ingester. Passed in as a multiline string. | +| lgtm.loki.ingester.affinity | map | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n"` | Affinity rules for scheduling ingester pods. | +| lgtm.loki.ingester.maxUnavailable | int | `2` | Maximum number of unavailable replicas allowed during an update. | +| lgtm.loki.ingester.persistentVolume | map | `{"size":"50Gi"}` | Persistent volume configuration for the ingester component. | +| lgtm.loki.ingester.persistentVolume.size | string | `"50Gi"` | Size of the persistent volume to be used by the ingester. | +| lgtm.loki.ingester.replicas | int | `3` | Number of replicas for the ingester component. Determines how many instances to run. | +| lgtm.loki.ingester.resources.limits | map | `{"memory":"12Gi"}` | Resource limits for the ingester component. | +| lgtm.loki.ingester.resources.limits.memory | string | `"12Gi"` | Memory limit for the ingester pods. | +| lgtm.loki.ingester.resources.requests | map | `{"cpu":3.5,"memory":"8Gi"}` | Resource requests for the ingester component. | +| lgtm.loki.ingester.resources.requests.cpu | string | `3.5` | CPU request for the ingester pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.loki.ingester.resources.requests.memory | string | `"8Gi"` | Memory request for the ingester pods. Determines how much memory is guaranteed for the pod. | +| lgtm.loki.loki | map | `{"image":{"registry":"quay.io/cdis","repository":"loki","tag":"master"},"schemaConfig":{"configs":[{"from":"2024-04-01","index":{"period":"24h","prefix":"loki_index_"},"object_store":"s3","schema":"v13","store":"tsdb"}]},"structuredConfig":{"common":{"path_prefix":"/var/loki","storage":{"filesystem":null,"s3":{"region":"us-east-1"}}},"limits_config":{"max_entries_limit_per_query":100000000,"max_query_series":30000,"max_streams_per_user":100000},"server":{"log_level":"debug"}}}` | Loki configuration. | +| lgtm.loki.loki.image | map | `{"registry":"quay.io/cdis","repository":"loki","tag":"master"}` | Loki image details. | +| lgtm.loki.loki.image.registry | string | `"quay.io/cdis"` | Container image registry for Loki. | +| lgtm.loki.loki.image.repository | string | `"loki"` | Repository for the Loki image. | +| lgtm.loki.loki.image.tag | string | `"master"` | Tag for the Loki image version. | +| lgtm.loki.loki.schemaConfig | map | `{"configs":[{"from":"2024-04-01","index":{"period":"24h","prefix":"loki_index_"},"object_store":"s3","schema":"v13","store":"tsdb"}]}` | Schema configuration for Loki. | +| lgtm.loki.loki.schemaConfig.configs[0].index | map | `{"period":"24h","prefix":"loki_index_"}` | Index configuration for Loki. | +| lgtm.loki.loki.schemaConfig.configs[0].index.period | string | `"24h"` | Index rotation period for Loki, in hours. | +| lgtm.loki.loki.schemaConfig.configs[0].index.prefix | string | `"loki_index_"` | Prefix for the Loki index. | +| lgtm.loki.loki.schemaConfig.configs[0].object_store | string | `"s3"` | Object store for Loki data (e.g., S3). | +| lgtm.loki.loki.schemaConfig.configs[0].schema | string | `"v13"` | Schema version for Loki. | +| lgtm.loki.loki.schemaConfig.configs[0].store | string | `"tsdb"` | Storage engine used by Loki. | +| lgtm.loki.loki.structuredConfig | map | `{"common":{"path_prefix":"/var/loki","storage":{"filesystem":null,"s3":{"region":"us-east-1"}}},"limits_config":{"max_entries_limit_per_query":100000000,"max_query_series":30000,"max_streams_per_user":100000},"server":{"log_level":"debug"}}` | Structured configuration settings for Loki. | +| lgtm.loki.loki.structuredConfig.common.path_prefix | string | `"/var/loki"` | Path prefix where Loki stores data. | +| lgtm.loki.loki.structuredConfig.common.storage.filesystem | null | `nil` | Filesystem storage is disabled. | +| lgtm.loki.loki.structuredConfig.common.storage.s3.region | string | `"us-east-1"` | AWS region for S3 storage. | +| lgtm.loki.loki.structuredConfig.limits_config.max_entries_limit_per_query | int | `100000000` | Maximum number of log entries per query. | +| lgtm.loki.loki.structuredConfig.limits_config.max_query_series | int | `30000` | Maximum number of series that can be queried at once. | +| lgtm.loki.loki.structuredConfig.limits_config.max_streams_per_user | int | `100000` | Maximum number of streams a single user can have. | +| lgtm.loki.loki.structuredConfig.server.log_level | string | `"debug"` | Log level for Loki server. Options include 'info', 'debug', etc. | +| lgtm.loki.persistence | map | `{"enabled":true}` | Persistence settings for loki. | +| lgtm.loki.persistence.enabled | bool | `true` | Enable or disable persistence. | +| lgtm.loki.querier | map | `{"affinity":"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n","resources":{"limits":{"memory":"6Gi"},"requests":{"cpu":2,"memory":"4Gi"}}}` | Scaling and configuring loki querier. | +| lgtm.loki.querier.affinity | string | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n"` | Affinity rules for scheduling querier pods. Passed in as a multiline string. | +| lgtm.loki.querier.resources | map | `{"limits":{"memory":"6Gi"},"requests":{"cpu":2,"memory":"4Gi"}}` | Resource requests and limits for querier. | +| lgtm.loki.querier.resources.limits | map | `{"memory":"6Gi"}` | Resource limits for the querier component. | +| lgtm.loki.querier.resources.limits.memory | string | `"6Gi"` | Memory limit for the querier pods. | +| lgtm.loki.querier.resources.requests | map | `{"cpu":2,"memory":"4Gi"}` | Resource requests for the querier component. | +| lgtm.loki.querier.resources.requests.cpu | string | `2` | CPU request for the querier pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.loki.querier.resources.requests.memory | string | `"4Gi"` | Memory request for the querier pods. Determines how much memory is guaranteed for the pod. | +| lgtm.loki.queryFrontend | map | `{"affinity":"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n","resources":{"limits":{"memory":"6Gi"},"requests":{"cpu":2,"memory":"4Gi"}}}` | Scaling and configuring loki queryFrontend. | +| lgtm.loki.queryFrontend.affinity | map | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n"` | Affinity rules for scheduling queryFrontend pods. Passed in as a multiline string. | +| lgtm.loki.queryFrontend.resources | map | `{"limits":{"memory":"6Gi"},"requests":{"cpu":2,"memory":"4Gi"}}` | Resource requests and limits for queryFrontend. | +| lgtm.loki.queryFrontend.resources.limits | map | `{"memory":"6Gi"}` | Resource limits for the queryFrontend component. | +| lgtm.loki.queryFrontend.resources.limits.memory | string | `"6Gi"` | Memory limit for the queryFrontend pods. | +| lgtm.loki.queryFrontend.resources.requests | map | `{"cpu":2,"memory":"4Gi"}` | Resource requests for the queryFrontend component. | +| lgtm.loki.queryFrontend.resources.requests.cpu | string | `2` | CPU request for the queryFrontend pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.loki.queryFrontend.resources.requests.memory | string | `"4Gi"` | Memory request for the queryFrontend pods. Determines how much memory is guaranteed for the pod. | +| lgtm.loki.serviceAccount | string | `{"name":"observability"}` | Service account configuration for loki. | +| lgtm.loki.serviceAccount.name | string | `"observability"` | Service account to use (will be created by default via this helm chart). | +| lgtm.mimir.alertmanager.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling Alertmanager pods. | +| lgtm.mimir.alertmanager.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.alertmanager.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.alertmanager.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.alertmanager.persistentVolume | map | `{"enabled":true}` | Configuration for persistent volume in Alertmanager. | +| lgtm.mimir.alertmanager.persistentVolume.enabled | bool | `true` | Enable or disable the persistent volume for Alertmanager. Set to 'true' to enable, 'false' to disable. | +| lgtm.mimir.alertmanager.replicas | int | `3` | Number of replicas for Alertmanager. Determines how many instances of Alertmanager to run. | +| lgtm.mimir.alertmanager.resources.limits | map | `{"memory":"2Gi"}` | Resource limits for Alertmanager pods. | +| lgtm.mimir.alertmanager.resources.limits.memory | string | `"2Gi"` | Memory limit for Alertmanager pods. | +| lgtm.mimir.alertmanager.resources.requests | map | `{"cpu":1,"memory":"1Gi"}` | Resource requests for Alertmanager pods. | +| lgtm.mimir.alertmanager.resources.requests.cpu | string | `1` | CPU request for Alertmanager pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.alertmanager.resources.requests.memory | string | `"1Gi"` | Memory request for Alertmanager pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.alertmanager.statefulSet | map | `{"enabled":true}` | Configuration for deploying Alertmanager as a StatefulSet. | +| lgtm.mimir.alertmanager.statefulSet.enabled | bool | `true` | Enable or disable the StatefulSet deployment for Alertmanager. Set to 'true' to enable, 'false' to disable. | +| lgtm.mimir.compactor.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling compactor pods. | +| lgtm.mimir.compactor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.compactor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.compactor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.compactor.persistentVolume | map | `{"size":"50Gi"}` | Persistent volume configuration for the compactor component. | +| lgtm.mimir.compactor.persistentVolume.size | string | `"50Gi"` | Size of the persistent volume to be used by the compactor. | +| lgtm.mimir.compactor.resources.limits | map | `{"memory":"3Gi"}` | Resource limits for the compactor component. | +| lgtm.mimir.compactor.resources.limits.memory | string | `"3Gi"` | Memory limit for the compactor pods. | +| lgtm.mimir.compactor.resources.requests | map | `{"cpu":1,"memory":"2Gi"}` | Resource requests for the compactor component. | +| lgtm.mimir.compactor.resources.requests.cpu | string | `1` | CPU request for the compactor pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.compactor.resources.requests.memory | string | `"2Gi"` | Memory request for the compactor pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.distributor.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling distributor pods. | +| lgtm.mimir.distributor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.distributor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.distributor.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.distributor.replicas | int | `3` | Number of replicas for the distributor component. Determines how many instances to run. | +| lgtm.mimir.distributor.resources.limits | map | `{"memory":"12Gi"}` | Resource limits for the distributor component. | +| lgtm.mimir.distributor.resources.limits.memory | string | `"12Gi"` | Memory limit for the distributor pods. | +| lgtm.mimir.distributor.resources.requests | map | `{"cpu":2,"memory":"8Gi"}` | Resource requests for the distributor component. | +| lgtm.mimir.distributor.resources.requests.cpu | string | `2` | CPU request for the distributor pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.distributor.resources.requests.memory | string | `"8Gi"` | Memory request for the distributor pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.gateway.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling gateway pods. | +| lgtm.mimir.gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.gateway.replicas | int | `3` | Number of replicas for the gateway component. Determines how many instances to run. | +| lgtm.mimir.gateway.resources.limits | map | `{"memory":"731Mi"}` | Resource limits for the gateway component. | +| lgtm.mimir.gateway.resources.limits.memory | string | `"731Mi"` | Memory limit for the gateway pods. | +| lgtm.mimir.gateway.resources.requests | map | `{"cpu":1,"memory":"512Mi"}` | Resource requests for the gateway component. | +| lgtm.mimir.gateway.resources.requests.cpu | string | `1` | CPU request for the gateway pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.gateway.resources.requests.memory | string | `"512Mi"` | Memory request for the gateway pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.image | map | `{"repository":"quay.io/cdis/mimir","tag":"master"}` | Docker image information. | +| lgtm.mimir.image.repository | string | `"quay.io/cdis/mimir"` | The Docker image repository for mimir. | +| lgtm.mimir.ingester.affinity.nodeAffinity | map | `{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}` | Affinity rules for scheduling ingester pods. | +| lgtm.mimir.ingester.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.ingester.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.ingester.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.ingester.persistentVolume | map | `{"size":"50Gi"}` | Persistent volume configuration for the ingester component. | +| lgtm.mimir.ingester.persistentVolume.size | string | `"50Gi"` | Size of the persistent volume to be used by the ingester. | +| lgtm.mimir.ingester.replicas | int | `5` | Number of replicas for the ingester component. Determines how many instances to run. | +| lgtm.mimir.ingester.resources.limits | map | `{"memory":"12Gi"}` | Resource limits for the ingester component. | +| lgtm.mimir.ingester.resources.limits.memory | string | `"12Gi"` | Memory limit for the ingester pods. | +| lgtm.mimir.ingester.resources.requests | map | `{"cpu":3.5,"memory":"8Gi"}` | Resource requests for the ingester component. | +| lgtm.mimir.ingester.resources.requests.cpu | string | `3.5` | CPU request for the ingester pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.ingester.resources.requests.memory | string | `"8Gi"` | Memory request for the ingester pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.ingester.topologySpreadConstraints | map | `{}` | Topology spread constraints for the ingester component. Empty by default. | +| lgtm.mimir.ingester.zoneAwareReplication | map | `{"topologyKey":"kubernetes.io/hostname"}` | Zone-aware replication settings. Helps distribute data across zones. | +| lgtm.mimir.ingester.zoneAwareReplication.topologyKey | string | `"kubernetes.io/hostname"` | Topology key used for zone-aware replication. | +| lgtm.mimir.ingress.annotations | object | `{}` | | +| lgtm.mimir.ingress.enabled | bool | `true` | Enable or disable mirmir ingress. | +| lgtm.mimir.ingress.hosts | list | `["mimir.example.com"]` | hostname for mimir ingress. | +| lgtm.mimir.ingress.ingressClassName | string | `"alb"` | Class name for ingress. | +| lgtm.mimir.ingress.paths | map | `{"query-frontend":[{"path":"/prometheus/api/v1/query"}]}` | Additional paths to add to the ingress. | +| lgtm.mimir.ingress.paths.query-frontend | list | `[{"path":"/prometheus/api/v1/query"}]` | Additional paths to add to the query frontend. | +| lgtm.mimir.mimir.structuredConfig | map | `{"alertmanager_storage":{"storage_prefix":"alertmanager"},"blocks_storage":{"storage_prefix":"blocks"},"common":{"storage":{"backend":"s3","s3":{"endpoint":"s3.us-east-1.amazonaws.com","region":"us-east-1"}}},"limits":{"ingestion_rate":10000000,"max_global_series_per_user":0},"query_scheduler":{"service_discovery_mode":"dns"},"ruler_storage":{"storage_prefix":"ruler"}}` | Structured configuration settings for mimir. | +| lgtm.mimir.mimir.structuredConfig.alertmanager_storage.storage_prefix | string | `"alertmanager"` | Prefix used for storing Alertmanager data. | +| lgtm.mimir.mimir.structuredConfig.blocks_storage.storage_prefix | string | `"blocks"` | Prefix used for storing blocks data. | +| lgtm.mimir.mimir.structuredConfig.common.storage.backend | string | `"s3"` | Backend storage configuration. For example, s3 for AWS S3 storage. | +| lgtm.mimir.mimir.structuredConfig.common.storage.s3.endpoint | string | `"s3.us-east-1.amazonaws.com"` | The S3 endpoint to use for storage. Ensure this matches your region. | +| lgtm.mimir.mimir.structuredConfig.common.storage.s3.region | string | `"us-east-1"` | AWS region where your S3 bucket is located. | +| lgtm.mimir.mimir.structuredConfig.limits.ingestion_rate | int | `10000000` | The rate limit for ingestion, measured in samples per second. | +| lgtm.mimir.mimir.structuredConfig.limits.max_global_series_per_user | int | `0` | Maximum number of global series allowed per user. Set to '0' for unlimited. | +| lgtm.mimir.mimir.structuredConfig.query_scheduler.service_discovery_mode | string | `"dns"` | Mode for service discovery in the query scheduler. Set to 'dns' for DNS-based service discovery. | +| lgtm.mimir.mimir.structuredConfig.ruler_storage.storage_prefix | string | `"ruler"` | Prefix used for storing ruler data. | +| lgtm.mimir.minio | map | `{"enabled":false}` | minio configuration. | +| lgtm.mimir.minio.enabled | bool | `false` | Enable or disable minio. | +| lgtm.mimir.nginx.affinity | string | `"nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone.\n - key: topology.kubernetes.io/zone\n # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values.\n operator: In\n # -- (list) List of values for the node selector, representing allowed zones.\n values:\n - us-east-1a\n"` | Affinity rules for scheduling nginx pods. Passed in as a multiline string. | +| lgtm.mimir.nginx.image.registry | string | `"quay.io/nginx"` | Container image registry for nginx. | +| lgtm.mimir.nginx.image.repository | string | `"nginx-unprivileged"` | Repository for nginx unprivileged image. | +| lgtm.mimir.nginx.replicas | int | `3` | Number of replicas for the nginx component. Determines how many instances to run. | +| lgtm.mimir.nginx.resources.limits | map | `{"memory":"731Mi"}` | Resource limits for the nginx component. | +| lgtm.mimir.nginx.resources.limits.memory | string | `"731Mi"` | Memory limit for the nginx pods. | +| lgtm.mimir.nginx.resources.requests | map | `{"cpu":1,"memory":"512Mi"}` | Resource requests for the nginx component. | +| lgtm.mimir.nginx.resources.requests.cpu | string | `1` | CPU request for the nginx pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.nginx.resources.requests.memory | string | `"512Mi"` | Memory request for the nginx pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.overrides_exporter.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling overrides_exporter pods. | +| lgtm.mimir.overrides_exporter.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.overrides_exporter.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.overrides_exporter.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.overrides_exporter.replicas | int | `1` | Number of replicas for the overrides_exporter component. Determines how many instances to run. | +| lgtm.mimir.overrides_exporter.resources.limits | map | `{"memory":"128Mi"}` | Resource limits for the overrides_exporter component. | +| lgtm.mimir.overrides_exporter.resources.limits.memory | string | `"128Mi"` | Memory limit for the overrides_exporter pods. | +| lgtm.mimir.overrides_exporter.resources.requests | map | `{"cpu":"100m","memory":"128Mi"}` | Resource requests for the overrides_exporter component. | +| lgtm.mimir.overrides_exporter.resources.requests.cpu | string | `"100m"` | CPU request for the overrides_exporter pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.overrides_exporter.resources.requests.memory | string | `"128Mi"` | Memory request for the overrides_exporter pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.querier.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling querier pods. | +| lgtm.mimir.querier.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.querier.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.querier.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.querier.replicas | int | `3` | Number of replicas for the querier component. Determines how many instances to run. | +| lgtm.mimir.querier.resources.limits | map | `{"memory":"8Gi"}` | Resource limits for the querier component. | +| lgtm.mimir.querier.resources.limits.memory | string | `"8Gi"` | Memory limit for the querier pods. | +| lgtm.mimir.querier.resources.requests | map | `{"cpu":2,"memory":"6Gi"}` | Resource requests for the querier component. | +| lgtm.mimir.querier.resources.requests.cpu | string | `2` | CPU request for the querier pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.querier.resources.requests.memory | string | `"6Gi"` | Memory request for the querier pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.query_frontend.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling query_frontend pods. | +| lgtm.mimir.query_frontend.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.query_frontend.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.query_frontend.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.query_frontend.replicas | int | `2` | Number of replicas for the query_frontend component. Determines how many instances to run. | +| lgtm.mimir.query_frontend.resources.limits | map | `{"memory":"3Gi"}` | Resource limits for the query_frontend component. | +| lgtm.mimir.query_frontend.resources.limits.memory | string | `"3Gi"` | Memory limit for the query_frontend pods. | +| lgtm.mimir.query_frontend.resources.requests | map | `{"cpu":2,"memory":"2Gi"}` | Resource requests for the query_frontend component. | +| lgtm.mimir.query_frontend.resources.requests.cpu | string | `2` | CPU request for the query_frontend pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.query_frontend.resources.requests.memory | string | `"2Gi"` | Memory request for the query_frontend pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.query_scheduler.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling query_scheduler pods. | +| lgtm.mimir.query_scheduler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.query_scheduler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.query_scheduler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.rollout_operator | map | `{"image":{"repository":"quay.io/cdis/rollout-operator","tag":"master"}}` | Rollout Operator configuration. | +| lgtm.mimir.rollout_operator.image | map | `{"repository":"quay.io/cdis/rollout-operator","tag":"master"}` | Docker image information. | +| lgtm.mimir.rollout_operator.image.repository | string | `"quay.io/cdis/rollout-operator"` | The Docker image repository for the rollout-operator. | +| lgtm.mimir.ruler.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling ruler pods. | +| lgtm.mimir.ruler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.ruler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.ruler.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.ruler.replicas | int | `2` | Number of replicas for the ruler component. Determines how many instances to run. | +| lgtm.mimir.ruler.resources.limits | map | `{"memory":"5Gi"}` | Resource limits for the ruler component. | +| lgtm.mimir.ruler.resources.limits.memory | string | `"5Gi"` | Memory limit for the ruler pods. | +| lgtm.mimir.ruler.resources.requests | map | `{"cpu":1,"memory":"4Gi"}` | Resource requests for the ruler component. | +| lgtm.mimir.ruler.resources.requests.cpu | string | `1` | CPU request for the ruler pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.ruler.resources.requests.memory | string | `"4Gi"` | Memory request for the ruler pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.serviceAccount.create | bool | `false` | Whether to create a service account or not. In case 'create' is false, do set 'name' to an existing service account name. The "observability" SA will be created by default via Helm. | +| lgtm.mimir.serviceAccount.name | string | `"observability"` | Override for the generated service account name. | +| lgtm.mimir.store_gateway.affinity | map | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}}` | Affinity rules for scheduling store_gateway pods. | +| lgtm.mimir.store_gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | +| lgtm.mimir.store_gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | +| lgtm.mimir.store_gateway.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | +| lgtm.mimir.store_gateway.persistentVolume | map | `{"size":"50Gi"}` | Persistent volume configuration for the store_gateway component. | +| lgtm.mimir.store_gateway.persistentVolume.size | string | `"50Gi"` | Size of the persistent volume to be used by the store_gateway. | +| lgtm.mimir.store_gateway.replicas | int | `2` | Number of replicas for the store_gateway component. Determines how many instances to run. | +| lgtm.mimir.store_gateway.resources.limits | map | `{"memory":"8Gi"}` | Resource limits for the store_gateway component. | +| lgtm.mimir.store_gateway.resources.limits.memory | string | `"8Gi"` | Memory limit for the store_gateway pods. | +| lgtm.mimir.store_gateway.resources.requests | map | `{"cpu":1,"memory":"6Gi"}` | Resource requests for the store_gateway component. | +| lgtm.mimir.store_gateway.resources.requests.cpu | string | `1` | CPU request for the store_gateway pods. Determines how much CPU is guaranteed for the pod. | +| lgtm.mimir.store_gateway.resources.requests.memory | string | `"6Gi"` | Memory request for the store_gateway pods. Determines how much memory is guaranteed for the pod. | +| lgtm.mimir.store_gateway.topologySpreadConstraints | map | `{}` | Topology spread constraints for the store_gateway component. Empty by default. | +| lgtm.mimir.store_gateway.zoneAwareReplication | map | `{"topologyKey":"kubernetes.io/hostname"}` | Zone-aware replication settings. Helps distribute data across zones. | +| lgtm.mimir.store_gateway.zoneAwareReplication.topologyKey | string | `"kubernetes.io/hostname"` | Topology key used for zone-aware replication. | +| lgtm.role.arn | string | `nil` | The arn of the aws role to associate with the service account that will be used for Loki and Mimir. Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | +| lgtm.tempo.enabled | bool | `false` | Enable or disable tempo. | + From ad8d3d2e0bbe033f61710fdfedda5b610f68d320 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:54:14 -0600 Subject: [PATCH 228/279] fixing linting --- helm/alloy/README.md | 2 +- helm/alloy/values.yaml | 2 +- helm/faro-collector/README.md | 2 +- helm/faro-collector/values.yaml | 2 +- helm/observability/Chart.yaml | 2 +- helm/observability/README.md | 4 ++-- helm/observability/values.yaml | 2 +- helm/test.yaml | 1 - 8 files changed, 8 insertions(+), 9 deletions(-) delete mode 100644 helm/test.yaml diff --git a/helm/alloy/README.md b/helm/alloy/README.md index 5c6a6b75..5ff407d1 100644 --- a/helm/alloy/README.md +++ b/helm/alloy/README.md @@ -22,7 +22,7 @@ A Helm chart for deploying Grafana Alloy | alloy.alloy.resources.requests.memory | string | `"1Gi"` | | | alloy.alloy.stabilityLevel | string | `"public-preview"` | | | alloy.alloy.uiPathPrefix | string | `"/alloy"` | | -| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n write_to = [loki.write.endpoint.receiver]\n}\n\n/////////////////////// OTLP START ///////////////////////\n\notelcol.receiver.otlp \"default\" {\n grpc {}\n http {}\n\n output {\n metrics = [otelcol.processor.batch.default.input]\n traces = [otelcol.processor.batch.default.input]\n }\n}\n\notelcol.processor.batch \"default\" {\n output {\n metrics = [otelcol.exporter.prometheus.default.input]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}\n\notelcol.exporter.prometheus \"default\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://monitoring-tempo-distributor.monitoring:4317\"\n // Configure TLS settings for communicating with the endpoint.\n tls {\n // The connection is insecure.\n insecure = true\n // Do not verify TLS certificates when connecting.\n insecure_skip_verify = true\n }\n }\n}\n\n\n/////////////////////// OTLP END ///////////////////////\n\n// discover all pods, to be used later in this config\ndiscovery.kubernetes \"pods\" {\n role = \"pod\"\n}\n\n// discover all services, to be used later in this config\ndiscovery.kubernetes \"services\" {\n role = \"service\"\n}\n\n// discover all nodes, to be used later in this config\ndiscovery.kubernetes \"nodes\" {\n role = \"node\"\n}\n\n// Generic scrape of any pod with Annotation \"prometheus.io/scrape: true\"\ndiscovery.relabel \"annotation_autodiscovery_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the pod port\n // The discovery generates a target for each declared container port of the pod.\n // If the metricsPortName annotation has value, keep only the target where the port name matches the one of the annotation.\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n // If the metrics port number annotation has a value, override the target address to use it, regardless whether it is\n // one of the declared ports on that Pod.\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})\"\n replacement = \"[$2]:$1\" // IPv6\n target_label = \"__address__\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);((([0-9]+?)(\\\\.|$)){4})\" // IPv4, takes priority over IPv6 when both exists\n replacement = \"$2:$1\"\n target_label = \"__address__\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n\n\n // add labels\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n}\n\n// Generic scrape of any service with\n// Annotation Autodiscovery\ndiscovery.relabel \"annotation_autodiscovery_services\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the service port\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_port\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n}\n\nprometheus.scrape \"metrics\" {\n job_name = \"integrations/autodiscovery_metrics\"\n targets = concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output)\n honor_labels = true\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n\n// Node Exporter\n// TODO: replace with https://grafana.com/docs/alloy/latest/reference/components/prometheus.exporter.unix/\ndiscovery.relabel \"node_exporter\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_instance\"]\n regex = \"monitoring-extras\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n regex = \"node-exporter\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_node_name\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n}\n\nprometheus.scrape \"node_exporter\" {\n job_name = \"integrations/node_exporter\"\n targets = discovery.relabel.node_exporter.output\n scrape_interval = \"60s\"\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.node_exporter.receiver]\n}\n\nprometheus.relabel \"node_exporter\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|node_cpu.*|node_network.*|node_exporter_build_info|node_filesystem.*|node_memory.*|process_cpu_seconds_total|process_resident_memory_bytes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Logs from all pods\ndiscovery.relabel \"all_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n\n}\n\nloki.source.kubernetes \"pods\" {\n targets = discovery.relabel.all_pods.output\n forward_to = [loki.write.endpoint.receiver]\n}\n\n// kube-state-metrics\ndiscovery.relabel \"relabel_kube_state_metrics\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n regex = \"monitoring\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_name\"]\n regex = \"monitoring-extras-kube-state-metrics\"\n action = \"keep\"\n }\n}\n\nprometheus.scrape \"kube_state_metrics\" {\n targets = discovery.relabel.relabel_kube_state_metrics.output\n job_name = \"kube-state-metrics\"\n metrics_path = \"/metrics\"\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n// Kubelet\ndiscovery.relabel \"kubelet\" {\n targets = discovery.kubernetes.nodes.targets\n rule {\n target_label = \"__address__\"\n replacement = \"kubernetes.default.svc.cluster.local:443\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_node_name\"]\n regex = \"(.+)\"\n replacement = \"/api/v1/nodes/${1}/proxy/metrics\"\n target_label = \"__metrics_path__\"\n }\n}\n\nprometheus.scrape \"kubelet\" {\n job_name = \"integrations/kubernetes/kubelet\"\n targets = discovery.relabel.kubelet.output\n scheme = \"https\"\n scrape_interval = \"60s\"\n bearer_token_file = \"/var/run/secrets/kubernetes.io/serviceaccount/token\"\n tls_config {\n insecure_skip_verify = true\n }\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.kubelet.receiver]\n}\n\nprometheus.relabel \"kubelet\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|container_cpu_usage_seconds_total|kubelet_certificate_manager_client_expiration_renew_errors|kubelet_certificate_manager_client_ttl_seconds|kubelet_certificate_manager_server_ttl_seconds|kubelet_cgroup_manager_duration_seconds_bucket|kubelet_cgroup_manager_duration_seconds_count|kubelet_node_config_error|kubelet_node_name|kubelet_pleg_relist_duration_seconds_bucket|kubelet_pleg_relist_duration_seconds_count|kubelet_pleg_relist_interval_seconds_bucket|kubelet_pod_start_duration_seconds_bucket|kubelet_pod_start_duration_seconds_count|kubelet_pod_worker_duration_seconds_bucket|kubelet_pod_worker_duration_seconds_count|kubelet_running_container_count|kubelet_running_containers|kubelet_running_pod_count|kubelet_running_pods|kubelet_runtime_operations_errors_total|kubelet_runtime_operations_total|kubelet_server_expiration_renew_errors|kubelet_volume_stats_available_bytes|kubelet_volume_stats_capacity_bytes|kubelet_volume_stats_inodes|kubelet_volume_stats_inodes_used|kubernetes_build_info|namespace_workload_pod|rest_client_requests_total|storage_operation_duration_seconds_count|storage_operation_errors_total|volume_manager_total_volumes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Cluster Events\nloki.source.kubernetes_events \"cluster_events\" {\n job_name = \"integrations/kubernetes/eventhandler\"\n log_format = \"logfmt\"\n forward_to = [loki.write.endpoint.receiver]\n}\n\nprometheus.relabel \"metrics_service\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n\n// Write Endpoints\n// prometheus write endpoint\nprometheus.remote_write \"default\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://mimir.example.com/api/v1/push\"\n\n headers = {\n \"X-Scope-OrgID\" = \"anonymous\",\n }\n\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://loki.example.com/loki/api/v1/push\"\n }\n}"` | | +| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n write_to = [loki.write.endpoint.receiver]\n}\n\n/////////////////////// OTLP START ///////////////////////\n\notelcol.receiver.otlp \"default\" {\n grpc {}\n http {}\n\n output {\n metrics = [otelcol.processor.batch.default.input]\n traces = [otelcol.processor.batch.default.input]\n }\n}\n\notelcol.processor.batch \"default\" {\n output {\n metrics = [otelcol.exporter.prometheus.default.input]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}\n\notelcol.exporter.prometheus \"default\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://monitoring-tempo-distributor.monitoring:4317\"\n // Configure TLS settings for communicating with the endpoint.\n tls {\n // The connection is insecure.\n insecure = true\n // Do not verify TLS certificates when connecting.\n insecure_skip_verify = true\n }\n }\n}\n\n\n/////////////////////// OTLP END ///////////////////////\n\n// discover all pods, to be used later in this config\ndiscovery.kubernetes \"pods\" {\n role = \"pod\"\n}\n\n// discover all services, to be used later in this config\ndiscovery.kubernetes \"services\" {\n role = \"service\"\n}\n\n// discover all nodes, to be used later in this config\ndiscovery.kubernetes \"nodes\" {\n role = \"node\"\n}\n\n// Generic scrape of any pod with Annotation \"prometheus.io/scrape: true\"\ndiscovery.relabel \"annotation_autodiscovery_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the pod port\n // The discovery generates a target for each declared container port of the pod.\n // If the metricsPortName annotation has value, keep only the target where the port name matches the one of the annotation.\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n // If the metrics port number annotation has a value, override the target address to use it, regardless whether it is\n // one of the declared ports on that Pod.\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})\"\n replacement = \"[$2]:$1\" // IPv6\n target_label = \"__address__\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_port\", \"__meta_kubernetes_pod_ip\"]\n regex = \"(\\\\d+);((([0-9]+?)(\\\\.|$)){4})\" // IPv4, takes priority over IPv6 when both exists\n replacement = \"$2:$1\"\n target_label = \"__address__\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n\n\n // add labels\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n}\n\n// Generic scrape of any service with\n// Annotation Autodiscovery\ndiscovery.relabel \"annotation_autodiscovery_services\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scrape\"]\n regex = \"true\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_job\"]\n action = \"replace\"\n target_label = \"job\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_instance\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_path\"]\n action = \"replace\"\n target_label = \"__metrics_path__\"\n }\n\n // Choose the service port\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_portName\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_name\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_port\"]\n regex = \"(.+)\"\n target_label = \"__tmp_port\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_port_number\"]\n action = \"keepequal\"\n target_label = \"__tmp_port\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_service_annotation_prometheus_io_scheme\"]\n action = \"replace\"\n target_label = \"__scheme__\"\n }\n}\n\nprometheus.scrape \"metrics\" {\n job_name = \"integrations/autodiscovery_metrics\"\n targets = concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output)\n honor_labels = true\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n\n// Node Exporter\n// TODO: replace with https://grafana.com/docs/alloy/latest/reference/components/prometheus.exporter.unix/\ndiscovery.relabel \"node_exporter\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_instance\"]\n regex = \"monitoring-extras\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n regex = \"node-exporter\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_node_name\"]\n action = \"replace\"\n target_label = \"instance\"\n }\n}\n\nprometheus.scrape \"node_exporter\" {\n job_name = \"integrations/node_exporter\"\n targets = discovery.relabel.node_exporter.output\n scrape_interval = \"60s\"\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.node_exporter.receiver]\n}\n\nprometheus.relabel \"node_exporter\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|node_cpu.*|node_network.*|node_exporter_build_info|node_filesystem.*|node_memory.*|process_cpu_seconds_total|process_resident_memory_bytes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Logs from all pods\ndiscovery.relabel \"all_pods\" {\n targets = discovery.kubernetes.pods.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n target_label = \"namespace\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n target_label = \"pod\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n target_label = \"container\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_pod_controller_name\"]\n target_label = \"controller\"\n }\n\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app\"]\n target_label = \"app\"\n }\n\n // map all labels\n rule {\n action = \"labelmap\"\n regex = \"__meta_kubernetes_pod_label_(.+)\"\n }\n\n}\n\nloki.source.kubernetes \"pods\" {\n targets = discovery.relabel.all_pods.output\n forward_to = [loki.write.endpoint.receiver]\n}\n\n// kube-state-metrics\ndiscovery.relabel \"relabel_kube_state_metrics\" {\n targets = discovery.kubernetes.services.targets\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n regex = \"monitoring\"\n action = \"keep\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_service_name\"]\n regex = \"monitoring-extras-kube-state-metrics\"\n action = \"keep\"\n }\n}\n\nprometheus.scrape \"kube_state_metrics\" {\n targets = discovery.relabel.relabel_kube_state_metrics.output\n job_name = \"kube-state-metrics\"\n metrics_path = \"/metrics\"\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n// Kubelet\ndiscovery.relabel \"kubelet\" {\n targets = discovery.kubernetes.nodes.targets\n rule {\n target_label = \"__address__\"\n replacement = \"kubernetes.default.svc.cluster.local:443\"\n }\n rule {\n source_labels = [\"__meta_kubernetes_node_name\"]\n regex = \"(.+)\"\n replacement = \"/api/v1/nodes/${1}/proxy/metrics\"\n target_label = \"__metrics_path__\"\n }\n}\n\nprometheus.scrape \"kubelet\" {\n job_name = \"integrations/kubernetes/kubelet\"\n targets = discovery.relabel.kubelet.output\n scheme = \"https\"\n scrape_interval = \"60s\"\n bearer_token_file = \"/var/run/secrets/kubernetes.io/serviceaccount/token\"\n tls_config {\n insecure_skip_verify = true\n }\n clustering {\n enabled = true\n }\n forward_to = [prometheus.relabel.kubelet.receiver]\n}\n\nprometheus.relabel \"kubelet\" {\n rule {\n source_labels = [\"__name__\"]\n regex = \"up|container_cpu_usage_seconds_total|kubelet_certificate_manager_client_expiration_renew_errors|kubelet_certificate_manager_client_ttl_seconds|kubelet_certificate_manager_server_ttl_seconds|kubelet_cgroup_manager_duration_seconds_bucket|kubelet_cgroup_manager_duration_seconds_count|kubelet_node_config_error|kubelet_node_name|kubelet_pleg_relist_duration_seconds_bucket|kubelet_pleg_relist_duration_seconds_count|kubelet_pleg_relist_interval_seconds_bucket|kubelet_pod_start_duration_seconds_bucket|kubelet_pod_start_duration_seconds_count|kubelet_pod_worker_duration_seconds_bucket|kubelet_pod_worker_duration_seconds_count|kubelet_running_container_count|kubelet_running_containers|kubelet_running_pod_count|kubelet_running_pods|kubelet_runtime_operations_errors_total|kubelet_runtime_operations_total|kubelet_server_expiration_renew_errors|kubelet_volume_stats_available_bytes|kubelet_volume_stats_capacity_bytes|kubelet_volume_stats_inodes|kubelet_volume_stats_inodes_used|kubernetes_build_info|namespace_workload_pod|rest_client_requests_total|storage_operation_duration_seconds_count|storage_operation_errors_total|volume_manager_total_volumes\"\n action = \"keep\"\n }\n forward_to = [prometheus.relabel.metrics_service.receiver]\n}\n\n// Cluster Events\nloki.source.kubernetes_events \"cluster_events\" {\n job_name = \"integrations/kubernetes/eventhandler\"\n log_format = \"logfmt\"\n forward_to = [loki.write.endpoint.receiver]\n}\n\nprometheus.relabel \"metrics_service\" {\n forward_to = [prometheus.remote_write.default.receiver]\n}\n\n\n// Write Endpoints\n// prometheus write endpoint\nprometheus.remote_write \"default\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://mimir.example.com/api/v1/push\"\n\n headers = {\n \"X-Scope-OrgID\" = \"anonymous\",\n }\n\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n external_labels = {\n cluster = \"{{ .Values.cluster }}\",\n project = \"{{ .Values.project }}\",\n }\n endpoint {\n url = \"https://loki.example.com/loki/api/v1/push\"\n }\n}\n"` | | | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"topology.kubernetes.io/zone"` | | | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | | | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"us-east-1a"` | | diff --git a/helm/alloy/values.yaml b/helm/alloy/values.yaml index 146cb8ea..27232540 100644 --- a/helm/alloy/values.yaml +++ b/helm/alloy/values.yaml @@ -442,4 +442,4 @@ alloy: endpoint { url = "https://loki.example.com/loki/api/v1/push" } - } \ No newline at end of file + } diff --git a/helm/faro-collector/README.md b/helm/faro-collector/README.md index 92ef2253..a01378de 100644 --- a/helm/faro-collector/README.md +++ b/helm/faro-collector/README.md @@ -21,7 +21,7 @@ A Helm chart for deploying Grafana Alloy | alloy.alloy.extraPorts[0].port | int | `12347` | | | alloy.alloy.extraPorts[0].protocol | string | `"TCP"` | | | alloy.alloy.extraPorts[0].targetPort | int | `12347` | | -| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://grafana-tempo-distributor.monitoring:4317\"\n tls {\n insecure = true\n insecure_skip_verify = true\n }\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n endpoint {\n url = \"http://grafana-loki-gateway.monitoring:80/loki/api/v1/push\"\n }\n}\n\nfaro.receiver \"default\" {\n server {\n listen_address = \"0.0.0.0\"\n listen_port = 12347\n cors_allowed_origins = [\"*\"]\n }\n\n extra_log_labels = {\n service = \"frontend-app\",\n app_name = \"\",\n app_environment = \"\",\n app_namespace = \"\",\n app_version = \"\",\n }\n output {\n logs = [loki.write.endpoint.receiver]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}"` | | +| alloy.alloyConfigmapData | string | `"logging {\n level = \"info\"\n format = \"json\"\n}\n\notelcol.exporter.otlp \"tempo\" {\n client {\n endpoint = \"http://grafana-tempo-distributor.monitoring:4317\"\n tls {\n insecure = true\n insecure_skip_verify = true\n }\n }\n}\n\n// loki write endpoint\nloki.write \"endpoint\" {\n endpoint {\n url = \"http://grafana-loki-gateway.monitoring:80/loki/api/v1/push\"\n }\n}\n\nfaro.receiver \"default\" {\n server {\n listen_address = \"0.0.0.0\"\n listen_port = 12347\n cors_allowed_origins = [\"*\"]\n }\n\n extra_log_labels = {\n service = \"frontend-app\",\n app_name = \"\",\n app_environment = \"\",\n app_namespace = \"\",\n app_version = \"\",\n }\n output {\n logs = [loki.write.endpoint.receiver]\n traces = [otelcol.exporter.otlp.tempo.input]\n }\n}\n"` | | | alloy.ingress.annotations | object | `{}` | | | alloy.ingress.enabled | bool | `true` | Enables ingress for Alloy (Faro port) | | alloy.ingress.faroPort | int | `12347` | | diff --git a/helm/faro-collector/values.yaml b/helm/faro-collector/values.yaml index 90326bc9..4770d4c1 100644 --- a/helm/faro-collector/values.yaml +++ b/helm/faro-collector/values.yaml @@ -74,4 +74,4 @@ alloy: logs = [loki.write.endpoint.receiver] traces = [otelcol.exporter.otlp.tempo.input] } - } \ No newline at end of file + } diff --git a/helm/observability/Chart.yaml b/helm/observability/Chart.yaml index 67ac2013..f3b07d82 100644 --- a/helm/observability/Chart.yaml +++ b/helm/observability/Chart.yaml @@ -28,4 +28,4 @@ dependencies: - name: lgtm-distributed version: "2.1.0" alias: lgtm - repository: "https://grafana.github.io/helm-charts" \ No newline at end of file + repository: "https://grafana.github.io/helm-charts" diff --git a/helm/observability/README.md b/helm/observability/README.md index 1fde09c2..21ad3855 100644 --- a/helm/observability/README.md +++ b/helm/observability/README.md @@ -14,7 +14,7 @@ A Helm chart for deploying the LGTM stack with additional resources | Key | Type | Default | Description | |-----|------|---------|-------------| -| lgtm.grafana | map | `{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}},"alerting":{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}},"dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":true,"editable":true,"folder":"Kubernetes","name":"grafana-dashboards-kubernetes","options":{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"},"orgId":1,"type":"file"}]}},"dashboards":{"grafana-dashboards-kubernetes":{"k8s-system-api-server":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json"},"k8s-system-coredns":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json"},"k8s-views-global":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json"},"k8s-views-namespaces":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json"},"k8s-views-nodes":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json"},"k8s-views-pods":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json"}}},"downloadDashboardsImage":{"registry":"quay.io/curl","repository":"curl","tag":"8.8.0"},"enabled":true,"env":{"GF_SERVER_ROOT_URL":"https://grafana.example.com"},"envFromSecret":null,"grafana.ini":{"auth.okta":{"allow_sign_up":true,"auto_login":true,"enabled":true,"icon":"okta"},"feature_toggles":{"enable":"ssoSettingsAPI transformationsVariableSupport","ssoSettingsApi":true,"transformationsVariableSupport":true},"log":{"level":"debug"},"server":{"domain":"grafana.example.com","root_url":"https://%(domain)s/"},"users":{"auto_assign_org_role":"Editor"}},"image":{"pullPolicy":"Always","registry":"quay.io/cdis","repository":"grafana","tag":"master"},"ingress":{"annotations":{},"enabled":true,"hosts":["grafana.example.com"],"ingressClassName":"alb","tls":[{"secretName":null}]},"initChownData":{"image":{"registry":"quay.io/cdis","repository":"busybox","tag":"1.32.0"}},"persistence":{"enabled":true}}` | Grafana configuration. | +| lgtm.grafana | map | `{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}]}]}}},"alerting":{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}\n","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}},"dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":true,"editable":true,"folder":"Kubernetes","name":"grafana-dashboards-kubernetes","options":{"path":"/var/lib/grafana/dashboards/grafana-dashboards-kubernetes"},"orgId":1,"type":"file"}]}},"dashboards":{"grafana-dashboards-kubernetes":{"k8s-system-api-server":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json"},"k8s-system-coredns":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json"},"k8s-views-global":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json"},"k8s-views-namespaces":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json"},"k8s-views-nodes":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json"},"k8s-views-pods":{"token":"","url":"https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json"}}},"downloadDashboardsImage":{"registry":"quay.io/curl","repository":"curl","tag":"8.8.0"},"enabled":true,"env":{"GF_SERVER_ROOT_URL":"https://grafana.example.com"},"envFromSecret":null,"grafana.ini":{"auth.okta":{"allow_sign_up":true,"auto_login":true,"enabled":true,"icon":"okta"},"feature_toggles":{"enable":"ssoSettingsAPI transformationsVariableSupport","ssoSettingsApi":true,"transformationsVariableSupport":true},"log":{"level":"debug"},"server":{"domain":"grafana.example.com","root_url":"https://%(domain)s/"},"users":{"auto_assign_org_role":"Editor"}},"image":{"pullPolicy":"Always","registry":"quay.io/cdis","repository":"grafana","tag":"master"},"ingress":{"annotations":{},"enabled":true,"hosts":["grafana.example.com"],"ingressClassName":"alb","tls":[{"secretName":null}]},"initChownData":{"image":{"registry":"quay.io/cdis","repository":"busybox","tag":"1.32.0"}},"persistence":{"enabled":true}}` | Grafana configuration. | | lgtm.grafana."grafana.ini"."auth.okta" | map | `{"allow_sign_up":true,"auto_login":true,"enabled":true,"icon":"okta"}` | Okta authentication settings in Grafana. | | lgtm.grafana."grafana.ini"."auth.okta".allow_sign_up | bool | `true` | Allow users to sign up automatically using Okta. | | lgtm.grafana."grafana.ini"."auth.okta".auto_login | bool | `true` | Automatically log in users using Okta when visiting Grafana. | @@ -35,7 +35,7 @@ A Helm chart for deploying the LGTM stack with additional resources | lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0] | string | `{"key":"topology.kubernetes.io/zone","operator":"In","values":["us-east-1a"]}` | Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. | | lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | Operator to apply to the node selector. 'In' means the node must match one of the values. | | lgtm.grafana.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values | list | `["us-east-1a"]` | List of values for the node selector, representing allowed zones. | -| lgtm.grafana.alerting | map | `{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}}` | Gen3 built-in alerting configuration in Grafana. | +| lgtm.grafana.alerting | map | `{"contactpoints.yaml":{"secret":{"apiVersion":1,"contactPoints":[{"name":"slack","orgId":1,"receivers":[{"settings":{"group":"slack","summary":"{{ `{{ include \"default.message\" . }}` }}\n","url":"https://hooks.slack.com/services/XXXXXXXXXX"},"type":"Slack","uid":"first_uid"}]}]}},"rules.yaml":{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}}` | Gen3 built-in alerting configuration in Grafana. | | lgtm.grafana.alerting."rules.yaml" | string | `{"apiVersion":1,"groups":[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]}` | Alerting rules configuration file. | | lgtm.grafana.alerting."rules.yaml".apiVersion | int | `1` | API version for the alerting rules configuration. | | lgtm.grafana.alerting."rules.yaml".groups | list | `[{"folder":"Alerts","interval":"5m","name":"Alerts","orgId":1,"rules":[{"annotations":{"summary":"Alert: HTTP 500 errors detected in the environment: {{`{{ $labels.clusters }}`}}"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\"} | json | http_status_code=\"500\" [1h])) > 0","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"HTTP 500 errors detected","uid":"edwb8zgcvq96oc"},{"annotations":{"description":"Error in usersync job detected in cluster {{`{{ $labels.clusters }}`}}, namespace {{`{{ $labels.namespace }}`}}.","summary":"Error Logs Detected in Usersync Job"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster, namespace) (count_over_time({ app=\"gen3job\", job_name=~\"usersync-.*\"} |= \"ERROR - could not revoke policies from user `N/A`\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Error Logs Detected in Usersync Job","uid":"adwb9vhb7irr4b"},{"annotations":{"description":"Panic detected in app {{`{{ $labels.app }}`}} within cluster {{`{{ $labels.clusters }}`}}.","summary":"Hatchery panic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({app=\"hatchery\"} |= \"panic\" [5m])) > 1","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Hatchery panic in {{`{{ env.name }}`}}","uid":"ddwbc12l6wc8wf"},{"annotations":{"description":"Detected 431 HTTP status codes in the logs within the last 5 minutes.","summary":"Http status code 431"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum(count_over_time({cluster=~\".+\"} | json | http_status_code=\"431\" [5m])) >= 2","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Http status code 431","uid":"cdwbcbphz1zb4a"},{"annotations":{"description":"High number of info status logs detected in the indexd service in cluster {{`{{ $labels.clusters }}`}}.","summary":"Indexd is getting an excessive amount of traffic"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({cluster=~\".+\", app=\"indexd\", status=\"info\"} [5m])) > 50000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Indexd is getting an excessive amount of traffic","uid":"bdwbck1lgwdfka"},{"annotations":{"description":"More than 10 errors detected in the karpenter namespace in cluster {{`{{ $labels.clusters }}`}} related to providerRef not found.","summary":"Karpenter Resource Mismatch"},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (cluster) (count_over_time({namespace=\"karpenter\", cluster=~\".+\"} |= \"ERROR\" |= \"not found\" |= \"getting providerRef\" [5m])) > 10\n","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Karpenter Resource Mismatch","uid":"fdwbe5t439zpcd"},{"annotations":{"description":"More than 1000 \"limiting requests, excess\" errors detected in service {{`{{ $labels.app }}`}} (cluster: {{`{{ $labels.clusters }}`}}) within the last 5 minutes.","summary":"Nginx is logging excessive \" limiting requests, excess:\""},"condition":"A","data":[{"datasourceUid":"loki","model":{"datasource":{"type":"loki","uid":"loki"},"editorMode":"code","expr":"sum by (app, cluster) (count_over_time({app=~\".+\", cluster=~\".+\"} |= \"status:error\" |= \"limiting requests, excess:\" [5m])) > 1000","hide":false,"intervalMs":1000,"maxDataPoints":43200,"queryType":"instant","refId":"A"},"queryType":"instant","refId":"A","relativeTimeRange":{"from":600,"to":0}}],"execErrState":"KeepLast","for":"5m","isPaused":false,"labels":{},"noDataState":"OK","notification_settings":{"receiver":"Slack"},"title":"Nginx is logging excessive \" limiting requests, excess:\"","uid":"fdwbeuftc7400c"}]}]` | Groups of alerting rules. | diff --git a/helm/observability/values.yaml b/helm/observability/values.yaml index 075874ff..64da0f61 100644 --- a/helm/observability/values.yaml +++ b/helm/observability/values.yaml @@ -1105,4 +1105,4 @@ lgtm: url: https://hooks.slack.com/services/XXXXXXXXXX group: slack summary: | - {{ `{{ include "default.message" . }}` }} \ No newline at end of file + {{ `{{ include "default.message" . }}` }} diff --git a/helm/test.yaml b/helm/test.yaml deleted file mode 100644 index 8b137891..00000000 --- a/helm/test.yaml +++ /dev/null @@ -1 +0,0 @@ - From ae61996d5dfbf3f77ecff37967f61069e6c5a270 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 14:04:26 -0600 Subject: [PATCH 229/279] fixing linting --- helm/faro-collector/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/faro-collector/values.yaml b/helm/faro-collector/values.yaml index 4770d4c1..0644b927 100644 --- a/helm/faro-collector/values.yaml +++ b/helm/faro-collector/values.yaml @@ -48,14 +48,14 @@ alloy: } } } - + // loki write endpoint loki.write "endpoint" { endpoint { url = "http://grafana-loki-gateway.monitoring:80/loki/api/v1/push" } } - + faro.receiver "default" { server { listen_address = "0.0.0.0" From bd696e53a21ed7377492da4c54532754fb3f6ad7 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 14:10:42 -0600 Subject: [PATCH 230/279] fix linting --- helm/observability/values.yaml | 74 +++++++++++++++++----------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/helm/observability/values.yaml b/helm/observability/values.yaml index 64da0f61..a40f8eea 100644 --- a/helm/observability/values.yaml +++ b/helm/observability/values.yaml @@ -43,13 +43,13 @@ lgtm: - path: /prometheus/api/v1/query # -- (list) hostname for mimir ingress. hosts: - - mimir.example.com + - mimir.example.com # -- (map) minio configuration. minio: # -- (bool) Enable or disable minio. enabled: false - + # -- (map) Rollout Operator configuration. rollout_operator: # -- (map) Docker image information. @@ -66,7 +66,7 @@ lgtm: mimir: # -- (map) Structured configuration settings for mimir. - structuredConfig: + structuredConfig: limits: # -- (int) Maximum number of global series allowed per user. Set to '0' for unlimited. max_global_series_per_user: 0 @@ -95,7 +95,7 @@ lgtm: query_scheduler: # -- (string) Mode for service discovery in the query scheduler. Set to 'dns' for DNS-based service discovery. service_discovery_mode: "dns" - + alertmanager: # -- (map) Configuration for persistent volume in Alertmanager. persistentVolume: @@ -531,7 +531,7 @@ lgtm: # -- (list) List of values for the node selector, representing allowed zones. values: - us-east-1a - + # -- (map) Scaling and configuring loki queryFrontend. queryFrontend: # -- (map) Resource requests and limits for queryFrontend. @@ -631,7 +631,7 @@ lgtm: # -- (map) Loki configuration. loki: # -- (map) Loki image details. - image: + image: # -- (string) Container image registry for Loki. registry: quay.io/cdis # -- (string) Repository for the Loki image. @@ -656,7 +656,7 @@ lgtm: # -- (string) Index rotation period for Loki, in hours. period: 24h # -- (map) Structured configuration settings for Loki. - structuredConfig: + structuredConfig: server: # -- (string) Log level for Loki server. Options include 'info', 'debug', etc. log_level: debug @@ -673,7 +673,7 @@ lgtm: storage: # -- (null) Filesystem storage is disabled. filesystem: null - s3: + s3: # -- (string) AWS region for S3 storage. region: us-east-1 # # -- (string) S3 bucket names for Loki storage. @@ -685,17 +685,17 @@ lgtm: enabled: true # -- (map) Affinity rules for scheduling Grafana pods. affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. - - key: topology.kubernetes.io/zone - # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. - operator: In - # -- (list) List of values for the node selector, representing allowed zones. - values: - - us-east-1a + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # -- (string) Node label key for affinity. Ensures pods are scheduled on nodes in the specified zone. + - key: topology.kubernetes.io/zone + # -- (string) Operator to apply to the node selector. 'In' means the node must match one of the values. + operator: In + # -- (list) List of values for the node selector, representing allowed zones. + values: + - us-east-1a # -- (map) Init container to chown data directories for Grafana. initChownData: image: @@ -716,7 +716,7 @@ lgtm: # -- (string) Reference a secret for environment variables. envFromSecret: - ingress: + ingress: # -- (bool) Enable or disable ingress for Grafana. enabled: true # -- (map) Annotations for Grafana ingress. @@ -733,7 +733,7 @@ lgtm: # alb.ingress.kubernetes.io/target-type: 'ip' # alb.ingress.kubernetes.io/inbound-cidrs: # -- (list) Hostname(s) for Grafana ingress. - hosts: + hosts: - grafana.example.com # -- (string) Ingress class name to be used (e.g., 'alb' for AWS Application Load Balancer). ingressClassName: "alb" @@ -752,7 +752,7 @@ lgtm: # -- (string) Repository for the Grafana image. repository: grafana # -- (string) Pull policy for the Grafana image (e.g., 'Always'). - pullPolicy: Always + pullPolicy: Always # -- (string) Tag for the Grafana image version. tag: master @@ -820,7 +820,7 @@ lgtm: # -- (bool) Enable or disable Okta authentication. enabled: true # -- (string) Icon used for Okta in the Grafana UI. - icon: okta + icon: okta # -- (bool) Allow users to sign up automatically using Okta. allow_sign_up: true # -- (bool) Automatically log in users using Okta when visiting Grafana. @@ -887,8 +887,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum by (cluster) (count_over_time({cluster=~".+"} | json | http_status_code="500" [1h])) > 0 hide: false @@ -917,8 +917,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum by (cluster, namespace) (count_over_time({ app="gen3job", job_name=~"usersync-.*"} |= "ERROR - could not revoke policies from user `N/A`" [5m])) > 1 hide: false @@ -948,8 +948,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum by (cluster) (count_over_time({app="hatchery"} |= "panic" [5m])) > 1 hide: false @@ -979,8 +979,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum(count_over_time({cluster=~".+"} | json | http_status_code="431" [5m])) >= 2 hide: false @@ -1010,8 +1010,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum by (cluster) (count_over_time({cluster=~".+", app="indexd", status="info"} [5m])) > 50000 hide: false @@ -1041,8 +1041,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: | sum by (cluster) (count_over_time({namespace="karpenter", cluster=~".+"} |= "ERROR" |= "not found" |= "getting providerRef" [5m])) > 10 @@ -1073,8 +1073,8 @@ lgtm: datasourceUid: loki model: datasource: - type: loki - uid: loki + type: loki + uid: loki editorMode: code expr: sum by (app, cluster) (count_over_time({app=~".+", cluster=~".+"} |= "status:error" |= "limiting requests, excess:" [5m])) > 1000 hide: false From cefbf6e9870793029b28dff769e49a669580a3e2 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 14:49:14 -0600 Subject: [PATCH 231/279] making small changes to documentation --- helm/alloy/SETUP.md | 2 +- helm/faro-collector/SETUP.md | 2 +- helm/observability/{image.png => Grafana.png} | Bin helm/observability/SETUP.md | 19 ++++++++++++++---- 4 files changed, 17 insertions(+), 6 deletions(-) rename helm/observability/{image.png => Grafana.png} (100%) diff --git a/helm/alloy/SETUP.md b/helm/alloy/SETUP.md index 0b3e1c74..6a0b28f2 100644 --- a/helm/alloy/SETUP.md +++ b/helm/alloy/SETUP.md @@ -6,7 +6,7 @@ This document provides a guide for deploying Grafana Alloy to your Kubernetes cl In this deployment, the Alloy ConfigMap plays a crucial role in configuring which logs are collected for Loki and which metrics are gathered for Mimir. It also specifies the endpoints for Loki and Mimir where the data will be sent. -Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the SETUP.md observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. +Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the [SETUP.md](https://github.com/uc-cdis/gen3-helm/blob/master/helm/observability/SETUP.md) observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. ## Configuring Alloy diff --git a/helm/faro-collector/SETUP.md b/helm/faro-collector/SETUP.md index 85f024eb..72f5e6c4 100644 --- a/helm/faro-collector/SETUP.md +++ b/helm/faro-collector/SETUP.md @@ -4,7 +4,7 @@ This guide provides a step-by-step approach to configuring an Alloy instance to collect Grafana Faro logs sent over the internet, similar to Real User Monitoring (RUM). The Portal service generates Faro logs, which Alloy collects and forwards to Loki for storage and analysis in Grafana. Additionally, this guide explains how to enable metrics in the Fence service and adjust the Faro URL in the Gen3 Portal configuration to route metrics to your Alloy instance. Future updates will enable more Gen3 services to offer metric collection. -Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. +Before deploying Alloy, it is important to first deploy the "observability" Helm chart, as it provides the necessary components and configuration for Alloy to function properly. Please refer to the [SETUP.md](https://github.com/uc-cdis/gen3-helm/blob/master/helm/observability/SETUP.md) observability chart documentation for instructions on how to set it up before proceeding with the Alloy deployment. ### Why Does Faro Require an Internet-Facing Ingress? diff --git a/helm/observability/image.png b/helm/observability/Grafana.png similarity index 100% rename from helm/observability/image.png rename to helm/observability/Grafana.png diff --git a/helm/observability/SETUP.md b/helm/observability/SETUP.md index 206a71fb..807f9552 100644 --- a/helm/observability/SETUP.md +++ b/helm/observability/SETUP.md @@ -2,7 +2,7 @@ ## Overview -This Helm chart provides an all-in-one solution for deploying Mimir, Loki, and Grafana to your Kubernetes cluster, enabling a complete observability stack for metrics, logs, and visualization. +The Observability Helm chart provides an all-in-one solution for deploying Mimir, Loki, and Grafana to your Kubernetes cluster, enabling a complete observability stack for metrics, logs, and visualization. ### Grafana: A leading open-source platform for data visualization and monitoring. Grafana allows you to create rich, interactive dashboards from a variety of data sources, making it easy to analyze metrics and logs from your systems. @@ -14,11 +14,22 @@ Grafana Mimir is a highly scalable time-series database optimized for storing an Grafana Loki is a log aggregation system designed to efficiently collect, store, and query logs from your applications. It works seamlessly with Grafana, providing an integrated way to visualize logs alongside metrics. By deploying this Helm chart, you'll set up these three components together, allowing you to monitor your systems and applications comprehensively with metrics from Mimir, logs from Loki, and dashboards and alerts in Grafana. + +### Alloy: +Grafana Alloy is a powerful observability tool that collects and ships logs and metrics from your services to Grafana Loki and Mimir for storage and analysis. + +***Note: Grafana is deployed in a separate Helm Chart. You will need to follow the instructions outlined in [Alloy Chart](../alloy/SETUP.md) after completing the following guide. + +### Faro Collector (Alloy): +Alloy Faro Collector is a specialized configuration of Alloy that enables it to gather Real User Monitoring (RUM) data from Portal through Grafana Faro. In this role, Alloy acts as an ingestion point for RUM data. + +***Note: The Faro Collector is deployed in a separate Helm Chart. You will need to follow the instructions outlined in [faro.md](../faro-collector/SETUP.md) after completing the following guide. + ## General Architecture -The Alloy Helm chart can be deployed across one or more environments or clusters. In this setup, Loki and Mimir are configured with internal ingress resources, enabling Alloy to send metrics and logs securely via VPC peering connections. Both Loki and Mimir write the ingested data to Amazon S3 for scalable and durable storage. This data can be queried and visualized through Grafana, which is hosted behind an internet-facing ingress. Access to Grafana can be restricted using CIDR ranges defined through the ALB ingress annotation: alb.ingress.kubernetes.io/inbound-cidrs: "cidrs". Additionally, the chart supports SAML authentication for Grafana, configured through the grafana.ini field, ensuring secure user access. +In this setup, Loki and Mimir are configured with internal ingress resources, enabling Alloy to send metrics and logs securely via VPC peering connections. Both Loki and Mimir write the ingested data to Amazon S3 for scalable and durable storage. This data can be queried and visualized through Grafana, which is hosted behind an internet-facing ingress. Access to Grafana can be restricted using CIDR ranges defined through the ALB ingress annotation: alb.ingress.kubernetes.io/inbound-cidrs: "cidrs". Additionally, the chart supports SAML authentication for Grafana, configured through the grafana.ini field, ensuring secure user access. -![Grafana Architecture](image.png) +![Grafana Architecture](Grafana.png) ### Fips compliant images @@ -295,4 +306,4 @@ Loki is used for log aggregation, querying, and management. Each Loki component 5. **Query Frontend** - **Pods**: `grafana-loki-query-frontend-*` - **Purpose**: Distributes and coordinates queries. - - **Function**: Splits large queries into smaller ones for faster execution by the queriers. \ No newline at end of file + - **Function**: Splits large queries into smaller ones for faster execution by the queriers. From c61bad4c75f2bdc30c56cf01bcfc6ce215a32ced Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 15 Oct 2024 15:30:48 -0600 Subject: [PATCH 232/279] fixing capitalization --- helm/observability/SETUP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/observability/SETUP.md b/helm/observability/SETUP.md index 807f9552..522345ce 100644 --- a/helm/observability/SETUP.md +++ b/helm/observability/SETUP.md @@ -33,7 +33,7 @@ In this setup, Loki and Mimir are configured with internal ingress resources, en ### Fips compliant images -Gen3 provides FIPS-compliant images, which are set as the default in the values file for Grafana, Mimir, and Loki. These images are self-hosted and maintained by the Gen3 platform team, ensuring secure and compliant operations. While the platform team manages image upgrades, the service versions will be updated as needed to align with operational requirements and best practices. +Gen3 provides FIPS-compliant images, which are set as the default in the values file for Grafana, Mimir, and Loki. These images are self-hosted and maintained by the Gen3 Platform Team, ensuring secure and compliant operations. While the Platform Team manages image upgrades, the service versions will be updated as needed to align with operational requirements and best practices. ### Helm Chart Links The links below will take you to the Grafana LGTM chart, as well as the Grafana, Loki, and Mimir charts, providing a comprehensive list of configurable options to help you further customize your setup. From 10f2475361d6f9cb064649cf890fd214a1e0cfdc Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 16 Oct 2024 09:06:50 -0600 Subject: [PATCH 233/279] small update --- helm/observability/SETUP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/observability/SETUP.md b/helm/observability/SETUP.md index 522345ce..43b84a86 100644 --- a/helm/observability/SETUP.md +++ b/helm/observability/SETUP.md @@ -33,7 +33,7 @@ In this setup, Loki and Mimir are configured with internal ingress resources, en ### Fips compliant images -Gen3 provides FIPS-compliant images, which are set as the default in the values file for Grafana, Mimir, and Loki. These images are self-hosted and maintained by the Gen3 Platform Team, ensuring secure and compliant operations. While the Platform Team manages image upgrades, the service versions will be updated as needed to align with operational requirements and best practices. +Gen3 provides FIPS-compliant images, which are set as the default in the values file for Grafana, Mimir, and Loki. These images are self-hosted and maintained by the Gen3 Platform Team, ensuring secure and compliant operations. The Platform Team is responsible for managing image upgrades, and service versions will be updated as deemed necessary by the team. ### Helm Chart Links The links below will take you to the Grafana LGTM chart, as well as the Grafana, Loki, and Mimir charts, providing a comprehensive list of configurable options to help you further customize your setup. From 7fee15899943e455dd5f94426a3b5b625c6d03a6 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 17 Oct 2024 13:50:50 -0600 Subject: [PATCH 234/279] adding in the es-garbage-collect cronjob to helm --- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 7 +- .../templates/es-garbage-collect-cronjob.yaml | 85 +++++++++++++++++++ helm/etl/values.yaml | 11 +++ 4 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 helm/etl/templates/es-garbage-collect-cronjob.yaml diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 3a862865..497180b1 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index 9d9640e3..4347fd4e 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -9,6 +9,11 @@ A Helm chart for gen3 etl | Key | Type | Default | Description | |-----|------|---------|-------------| | esEndpoint | string | `"gen3-elasticsearch-master"` | | +| esGarbageCollect | map | `{"custom_image":null,"enabled":false,"schedule":"0 0 * * *","slack_webhook":"None"}` | Configuration options for es garbage cronjob. | +| esGarbageCollect.custom_image | string | `nil` | To set a custom image for the es garbage collect cronjob. Default is the Gen3 Awshelper image. | +| esGarbageCollect.enabled | bool | `false` | Whether to create es garbage collect cronjob. | +| esGarbageCollect.schedule | string | `"0 0 * * *"` | The cron schedule expression to use in the es garbage collect cronjob. Runs once a day by default. | +| esGarbageCollect.slack_webhook | string | `"None"` | Slack webhook endpoint to use for cronjob. | | etlMapping.mappings[0].aggregated_props[0].fn | string | `"count"` | | | etlMapping.mappings[0].aggregated_props[0].name | string | `"_samples_count"` | | | etlMapping.mappings[0].aggregated_props[0].path | string | `"samples"` | | diff --git a/helm/etl/templates/es-garbage-collect-cronjob.yaml b/helm/etl/templates/es-garbage-collect-cronjob.yaml new file mode 100644 index 00000000..786172a7 --- /dev/null +++ b/helm/etl/templates/es-garbage-collect-cronjob.yaml @@ -0,0 +1,85 @@ +{{- if .Values.esGarbageCollect.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitops-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gitops-sa-role +rules: + - apiGroups: [""] + resources: ["namespaces","services"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gitops-sa-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gitops-sa-role +subjects: + - kind: ServiceAccount + name: gitops-sa + namespace: default +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: es-garbage +spec: + schedule: {{ .Values.esGarbageCollect.schedule | quote }} + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + concurrencyPolicy: Forbid + jobTemplate: + spec: + backoffLimit: 4 + template: + metadata: + labels: + app: gen3job + spec: + restartPolicy: Never + serviceAccountName: gitops-sa + securityContext: + fsGroup: 1000 + containers: + - name: awshelper + image: {{ .Values.esGarbageCollect.custom_image | default "quay.io/cdis/awshelper:master" }} + imagePullPolicy: Always + env: + - name: AWS_STS_REGIONAL_ENDPOINTS + value: regional + - name: ESHOST + value: {{ printf "%s:9200" .Values.esEndpoint | quote }} + - name: slackWebHook + value: {{ .Values.esGarbageCollect.slack_webhook | quote }} + command: ["/bin/bash" ] + args: + - "-c" + - | + export GEN3_HOME="$HOME/cloud-automation" + source "$GEN3_HOME/gen3/gen3setup.sh" + echo $ESHOST + if gen3 klock lock es-garbage-job gitops 900; then + repoList="$(gen3 es garbage)" + for indexName in $repoList; do + echo "deleting index $indexName" + gen3 es delete "$indexName" + done + if [[ -n "$repoList" && -n "$slackWebHook" && "$slackWebHook" != "None" ]]; then + curl -X POST --data-urlencode "payload={\"text\": \"es-garbage-collect in $(gen3 api hostname): \n\`\`\`\n${repoList}\n\`\`\`\"}" "${slackWebHook}" + fi + gen3 klock unlock es-garbage-job gitops + else + echo "Failed to acquire es-garbage-job lock: exiting without attempting to sync" + fi + echo "Exit code: $?" +{{- end }} \ No newline at end of file diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index 1db9765e..1601bfe2 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -143,3 +143,14 @@ etlMapping: target_nodes: - name: slide_image path: slides.samples.cases + +# -- (map) Configuration options for es garbage cronjob. +esGarbageCollect: + # -- (bool) Whether to create es garbage collect cronjob. + enabled: false + # -- (string) The cron schedule expression to use in the es garbage collect cronjob. Runs once a day by default. + schedule: "0 0 * * *" + # -- (string) To set a custom image for the es garbage collect cronjob. Default is the Gen3 Awshelper image. + custom_image: + # -- (string) Slack webhook endpoint to use for cronjob. + slack_webhook: None \ No newline at end of file From 6aa7613bc132960daa1bb56ae1438c234d5afec3 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 17 Oct 2024 13:55:31 -0600 Subject: [PATCH 235/279] fix linting --- helm/etl/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index 1601bfe2..718310b5 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -153,4 +153,4 @@ esGarbageCollect: # -- (string) To set a custom image for the es garbage collect cronjob. Default is the Gen3 Awshelper image. custom_image: # -- (string) Slack webhook endpoint to use for cronjob. - slack_webhook: None \ No newline at end of file + slack_webhook: None From 3a98c0edfde134bdd4d38a43458520747f8c6239 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Fri, 18 Oct 2024 11:51:25 -0600 Subject: [PATCH 236/279] bumping etl version --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 0534061a..1f83c1fb 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: 0.1.14 repository: file://../common - name: etl - version: 0.1.1 + version: 0.1.3 repository: file://../etl condition: etl.enabled - name: frontend-framework @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.42 +version: 0.1.43 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ed27d3c7..f9f94a19 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.42](https://img.shields.io/badge/Version-0.1.42-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.43](https://img.shields.io/badge/Version-0.1.43-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -24,7 +24,7 @@ Helm chart to deploy Gen3 Data Commons | file://../audit | audit | 0.1.13 | | file://../aws-es-proxy | aws-es-proxy | 0.1.10 | | file://../common | common | 0.1.14 | -| file://../etl | etl | 0.1.1 | +| file://../etl | etl | 0.1.3 | | file://../fence | fence | 0.1.23 | | file://../frontend-framework | frontend-framework | 0.1.3 | | file://../guppy | guppy | 0.1.13 | From 9cd16b41c039367d87e30940bc71c363ae8f2cc7 Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 10:11:09 -0600 Subject: [PATCH 237/279] Update values.yaml update support email --- helm/portal/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index be861167..f45d475d 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -332,7 +332,7 @@ gitops: "subTitle": "Explore, Analyze, and Share Data", "text": "This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.", "contact": "If you have any questions about access or the registration process, please contact ", - "email": "support@datacommons.io" + "email": "support@gen3.org" }, "certs": {}, "footerLogos": [ From fc88f1a3002842fa00cc59dfc8a92b0be55a36ec Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 10:12:10 -0600 Subject: [PATCH 238/279] Update gitops.json update support emails --- helm/portal/defaults/gitops.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portal/defaults/gitops.json b/helm/portal/defaults/gitops.json index 2f2486e2..dfcd0dcb 100644 --- a/helm/portal/defaults/gitops.json +++ b/helm/portal/defaults/gitops.json @@ -112,7 +112,7 @@ "subTitle": "Cross Environment Datasets", "text": "The website combines open access datasets from multiple disciplines to create clean, easy to navigate visualizations for data-driven discovery within the fields of allergy and infectious diseases.", "contact": "If you have any questions about access or the registration process, please contact ", - "email": "support@datacommons.io" + "email": "support@gen3.org" }, "footerLogos": [ { From 01612048c795d66522b9b0e633f7aaad6928ca79 Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 10:18:22 -0600 Subject: [PATCH 239/279] Update Chart.yaml update portal chart version --- helm/portal/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 5eac7025..ff1ec9d4 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 592051d19106e356fb852009051275e65e31a6ac Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 10:19:36 -0600 Subject: [PATCH 240/279] Update Chart.yaml update portal version --- helm/gen3/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 1f83c1fb..2fd7f8a9 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.17 + version: 0.1.18 repository: "file://../portal" condition: portal.enabled - name: requestor From 0ef63126db2eae83e6f31c01eb63e4a13e9eb632 Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 10:22:01 -0600 Subject: [PATCH 241/279] Update Chart.yaml update chart version --- helm/gen3/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 2fd7f8a9..715de771 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.43 +version: 0.1.44 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From e3a91c16fe4b79ac568aa1110e1171b730b3142d Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 12:59:49 -0600 Subject: [PATCH 242/279] Update fence_usersync_job.md Fix broken links, make some hyperlinked text more visible --- docs/fence_usersync_job.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/fence_usersync_job.md b/docs/fence_usersync_job.md index 26b50492..b01f170f 100644 --- a/docs/fence_usersync_job.md +++ b/docs/fence_usersync_job.md @@ -13,14 +13,14 @@ User lists can be synced from three sources: # S3 user.yaml Setup {#s3-setup} -Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md) documentation that details user.yaml formatting. +Please see [this](https://github.com/uc-cdis/fence/blob/master/docs/additional_documentation/user.yaml_guide.md) documentation that details user.yaml formatting. You can pull this file from an S3 bucket that is set in the `.Values.usersync.userYamlS3Path` field. Then input the IAM credentials for a user that has read access to the specified S3 bucket in the `.Values.secrets.awsAccessKeyId` and `.Values.secrets.awsSecretAccessKey` fields. You can utilize a local secret to avoid pasting credentials in the values.yaml file. Just set `.global.aws.useLocalSecret.enabled` to true and supply your secret name. ***Notice: -The Gen3 Helm chart has various jobs and uses for an IAM user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same IAM user for Fence Usersync, External Secrets, etc.- you can follow [THIS](global_iam_helm_user.md) guide that details how to setup a Helm global user.*** +The Gen3 Helm chart has various jobs and uses for an IAM user. To enhance code reusability, we've implemented the option for jobs and services to share the same AWS IAM global user. If you would like to use the same IAM user for Fence Usersync, External Secrets, etc.- you can follow [THIS guide that details how to setup a Helm global user](global_iam_helm_user.md).*** As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set to "none", the user.yaml file from Fence values.yaml will be used. @@ -28,7 +28,7 @@ As previously mentioned, if the `.Values.usersync.userYamlS3Path` string is set # Dbgap ## Sftp Setup {#sftp-setup} -You can configure one or more dbGaP SFTP servers to sync telemetry files from. To configure one single dbGaP server, add credentials and information to the fence-config.yaml under dbGaP, this is outlined [here](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L1796). +You can configure one or more dbGaP SFTP servers to sync telemetry files from. To configure one single dbGaP server, add credentials and information to the fence-config.yaml under dbGaP, [this is outlined here](https://github.com/uc-cdis/gen3-helm/blob/c7b8959cdf5f7756b29c33ff330923e95981827c/helm/fence/values.yaml#L1796). To configure additional dbGaP servers, include in the config.yaml a list of dbGaP servers under dbGaP, like so: @@ -48,9 +48,9 @@ dbGaP: ... ```` -You can find more detailed information on the setup with examples [here](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md). +You can find more detailed information on the setup with examples [here](https://github.com/uc-cdis/fence/blob/master/docs/additional_documentation/usersync.md). -For an example of a dbGap auth file (csv), please see [this](https://github.com/uc-cdis/fence/blob/master/docs/usersync.md#example-of-dbgap-authorization-file-csv-format) example for formatting. +For an example of a dbGap auth file (csv), please see [this](https://github.com/uc-cdis/fence/blob/master/docs/additional_documentation/usersync.md#example-of-dbgap-authorization-file-csv-format) example for formatting. ## Dbgap Options Set `.Values.usersync.addDbgap` to "true" to attempt a dbgap sync and fall back on user.yaml. @@ -67,4 +67,4 @@ For an example of a dbGap auth file (csv), please see [this](https://github.com/ ## Other Customizations The `.Values.usersync.schedule` option can be set to customize the cron schedule expression. The default setting is to have the job run once every 30 minutes. - The `.Values.usersync.custom_image` can be set to override the default "awshelper" image for the init container of the userync cronjob. \ No newline at end of file + The `.Values.usersync.custom_image` can be set to override the default "awshelper" image for the init container of the userync cronjob. From c1d20cf7fe69ee0e7b138120b2c9722a7b78853b Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 5 Nov 2024 12:00:09 -0700 Subject: [PATCH 243/279] Need to mount the configuration files in "requestor" and "metadata" directories to accommodate the new Dockerfile for these services. We are also using Poetry to manage virtual environments instead of python, so the command to run alembic needs to be modified. --- .secrets.baseline | 4 ++-- helm/gen3/Chart.yaml | 6 +++--- helm/gen3/README.md | 8 ++++---- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 8 ++++---- helm/metadata/values.yaml | 10 +++++++++- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 6 +++--- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 4 ++-- helm/requestor/values.yaml | 6 +++++- 11 files changed, 35 insertions(+), 23 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index c0929635..e6651717 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-09-09T20:23:45Z", + "generated_at": "2024-11-05T18:59:51Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -476,7 +476,7 @@ "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", "is_secret": false, "is_verified": false, - "line_number": 71, + "line_number": 70, "type": "Secret Keyword" }, { diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 715de771..22040675 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -56,7 +56,7 @@ dependencies: repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.13 + version: 0.1.14 repository: "file://../metadata" condition: metadata.enabled - name: peregrine @@ -72,7 +72,7 @@ dependencies: repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.12 + version: 0.1.13 repository: "file://../requestor" condition: requestor.enabled - name: revproxy @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.44 +version: 0.1.45 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index f9f94a19..005887fa 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.43](https://img.shields.io/badge/Version-0.1.43-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.45](https://img.shields.io/badge/Version-0.1.45-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -31,12 +31,12 @@ Helm chart to deploy Gen3 Data Commons | file://../hatchery | hatchery | 0.1.10 | | file://../indexd | indexd | 0.1.15 | | file://../manifestservice | manifestservice | 0.1.15 | -| file://../metadata | metadata | 0.1.13 | +| file://../metadata | metadata | 0.1.14 | | file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.14 | | file://../pidgin | pidgin | 0.1.11 | -| file://../portal | portal | 0.1.17 | -| file://../requestor | requestor | 0.1.12 | +| file://../portal | portal | 0.1.18 | +| file://../requestor | requestor | 0.1.13 | | file://../revproxy | revproxy | 0.1.17 | | file://../sheepdog | sheepdog | 0.1.15 | | file://../sower | sower | 0.1.13 | diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 6b4ce861..4b5070b2 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index c81a3f00..7ad8943f 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -25,7 +25,7 @@ A Helm chart for gen3 Metadata Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | aggMdsConfig | string | `"{\n \"configuration\": {\n \"schema\": {\n \"_subjects_count\": {\n \"type\": \"integer\"\n },\n \"__manifest\": {\n \"description\": \"an array of filename (usually DRS ids and its size\",\n \"type\": \"array\",\n \"properties\": {\n \"file_name\": {\n \"type\": \"string\"\n },\n \"file_size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"tags\": {\n \"type\": \"array\"\n },\n \"_unique_id\": {},\n \"study_description\": {},\n \"study_id\": {},\n \"study_url\": {},\n \"project_id\": {},\n \"short_name\": {\n \"default\": \"not_set\"\n },\n \"year\": {\n \"default\": \"not_set\"\n },\n \"full_name\": {},\n \"commons_url\": {},\n \"commons\": {}\n },\n \"settings\": {\n \"cache_drs\": true\n }\n },\n \"adapter_commons\": {\n \"Gen3\": {\n \"mds_url\": \"https://gen3.datacommons.io/\",\n \"commons_url\": \"gen3.datacommons.io/\",\n \"adapter\": \"gen3\",\n \"config\": {\n \"guid_type\": \"discovery_metadata\",\n \"study_field\": \"gen3_discovery\"\n },\n \"keep_original_fields\": false,\n \"field_mappings\": {\n \"tags\": \"path:tags\",\n \"_unique_id\": \"path:_unique_id\",\n \"study_description\": \"path:summary\",\n \"full_name\": \"path:study_title\",\n \"short_name\": \"path:short_name\",\n \"year\": \"path:year\",\n \"accession_number\": \"path:accession_number\",\n \"commons\": \"Gen3 Data Commons\",\n \"study_url\": {\n \"path\": \"link\",\n \"default\": \"unknown\"\n }\n }\n }\n }\n}\n"` | | | aggMdsNamespace | string | `"default"` | Namespae to use if AggMds is enabled. | -| args | list | `["-c","/env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","poetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | @@ -84,7 +84,7 @@ A Helm chart for gen3 Metadata Service | initResources.limits | map | `{"cpu":0.8,"memory":"512Mi"}` | The maximum amount of resources that the container is allowed to use | | initResources.limits.cpu | string | `0.8` | The maximum amount of CPU the container can use | | initResources.limits.memory | string | `"512Mi"` | The maximum amount of memory the container can use | -| initVolumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"}]` | Volumes to mount to the init container. | +| initVolumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/mds/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"}]` | Volumes to mount to the init container. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | partOf | string | `"Discovery-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | @@ -119,5 +119,5 @@ A Helm chart for gen3 Metadata Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | -| volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/mds/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 97d13e7c..068980c1 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -253,6 +253,10 @@ volumeMounts: readOnly: true mountPath: /src/.env subPath: metadata.env + - name: config-volume-g3auto + readOnly: true + mountPath: /mds/.env + subPath: metadata.env - name: config-volume readOnly: true mountPath: /aggregate_config.json @@ -286,6 +290,10 @@ initVolumeMounts: readOnly: true mountPath: /src/.env subPath: metadata.env + - name: config-volume-g3auto + readOnly: true + mountPath: /mds/.env + subPath: metadata.env # -- (map) Resource limits for the init container. initResources: # -- (map) The maximum amount of resources that the container is allowed to use @@ -300,7 +308,7 @@ command: ["/bin/sh"] args: - "-c" - | - /env/bin/alembic upgrade head + poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod serviceAnnotations: diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index ff1ec9d4..a3d01d8b 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 3a868761..906a8eb9 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -31,11 +31,11 @@ A Helm chart for gen3 data-portal | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | extraImages | map | `nil` | Extra images to be mounted in the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | +| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@gen3.org\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | | gitops.createdby | string | `"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg=="` | - createdby.png - base64 | | gitops.css | string | `"/* gitops default css */\n"` | - multiline string - gitops.css | | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | -| gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@datacommons.io\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | +| gitops.json | string | `"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@gen3.org\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n"` | multiline string - gitops.json | | gitops.logo | string | `"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII="` | - logo in base64 | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 5244fd6c..05ea48a5 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 01e5bf48..ff73f0f9 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -23,7 +23,7 @@ A Helm chart for gen3 Requestor Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["requestor"]` | Value for the match expression key. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | arboristUrl | string | `"http://arborist-service"` | Arborist service URL. | -| args | list | `["-c","/env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","poetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index e64454ad..05ea7d47 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -190,6 +190,10 @@ volumeMounts: # readOnly: true # mountPath: "/src/requestor-config.yaml" # subPath: "requestor-config.yaml" + # - name: "config-volume" + # readOnly: true + # mountPath: "/requestor/requestor-config.yaml" + # subPath: "requestor-config.yaml" # -- (map) Resource requests and limits for the containers in the pod resources: @@ -223,7 +227,7 @@ command: ["/bin/sh"] args: - "-c" - | - /env/bin/alembic upgrade head + poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod # -- (map) Kubernetes service information. From 7d93557cf1ef6c8c8cbc0ef69814afcab71777d7 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 5 Nov 2024 12:02:06 -0700 Subject: [PATCH 244/279] chart bump --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 22040675..8f3355d5 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../pidgin" condition: pidgin.enabled - name: portal - version: 0.1.18 + version: 0.1.19 repository: "file://../portal" condition: portal.enabled - name: requestor diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 005887fa..b119dd26 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -35,7 +35,7 @@ Helm chart to deploy Gen3 Data Commons | file://../neuvector | neuvector | 0.1.0 | | file://../peregrine | peregrine | 0.1.14 | | file://../pidgin | pidgin | 0.1.11 | -| file://../portal | portal | 0.1.18 | +| file://../portal | portal | 0.1.19 | | file://../requestor | requestor | 0.1.13 | | file://../revproxy | revproxy | 0.1.17 | | file://../sheepdog | sheepdog | 0.1.15 | From 2e5c72caffbc4378fa0691c7b6a0eb78c7463b6a Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 5 Nov 2024 12:11:13 -0700 Subject: [PATCH 245/279] adding wts --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- helm/wts/templates/deployment.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 8f3355d5..1229ecf3 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -92,7 +92,7 @@ dependencies: condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.14 + version: 0.1.15 repository: "file://../wts" condition: wts.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index b119dd26..c7b80ee3 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -41,7 +41,7 @@ Helm chart to deploy Gen3 Data Commons | file://../sheepdog | sheepdog | 0.1.15 | | file://../sower | sower | 0.1.13 | | file://../ssjdispatcher | ssjdispatcher | 0.1.11 | -| file://../wts | wts | 0.1.14 | +| file://../wts | wts | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 843b47dd..08dd4ab3 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index 18eaaf50..10cb3ff0 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 464607e9..fe1ab9ee 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -185,7 +185,7 @@ spec: if hash alembic 2>/dev/null; then echo "Running DB migration" cd /wts - alembic upgrade head + poetry run alembic upgrade head || alembic upgrade head else echo "Alembic not installed - not running DB migration" fi From 83333948a64a5028f85e94f04353f75777cd3c3b Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:21:31 -0600 Subject: [PATCH 246/279] Update CONFIGURATION.md update broken links, make some hyperlinked phrases more visible --- docs/CONFIGURATION.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 6ba633f8..5a8fe5a7 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -104,7 +104,7 @@ arborist: ## Extra Information -Common arborist database queries can be found [here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#arborist-database). +[Find common arborist database queries here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#arborist-database). --- @@ -160,12 +160,12 @@ You need to ensure a proper working fence-config file. Fence is highly configura 8. CIRRUS_CFG * If google buckets are used you need to configure this block. It is used to setup the google bucket workflow, which essentially creates google users and google bucket access groups, which get filled with users and added to bucket policies to allow implicit access to users. -For more infomation see [this](https://github.com/uc-cdis/fence/blob/master/fence/config-default.yaml) +For more infomation, [see this](https://github.com/uc-cdis/fence/blob/master/fence/config-default.yaml) -For user.yaml see this how to construct one properly. This will control access to your data commons: +A user.yaml will control access to your data commons. To see how to construct a user.yaml properly: -https://github.com/uc-cdis/fence/blob/master/docs/user.yaml_guide.md +https://github.com/uc-cdis/fence/blob/master/docs/additional_documentation/user.yaml_guide.md ## Extra Information @@ -175,7 +175,7 @@ Fence is split into 2 deployments. There is the regular fence deployment which h ### Troubleshooting Fence -There are some commons sql queries that can be found [here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#fence-database). +There are [some commons sql queries that can be found here](https://github.com/uc-cdis/cdis-wiki/blob/master/dev/gen3-sql-queries.md#fence-database). ### Setting up OIDC clients @@ -196,7 +196,7 @@ Guppy is used to render the explorer page. It uses elastic search indices to ren For a full set of configuration see the [helm README.md for guppy](../helm/guppy/README.md) or read the [values.yaml](../helm/guppy/values.yaml) directly -There is also config that needs to be set within the global block around the tier access level, defining how the explorer page should handle displaying unauthorized files, and the limit to how far unauthroized user can filter down files. Last there is a guppy block that needs to be configured with the elastic search indices guppy will use to render the explorer page. +There is also config that needs to be set within the global block around the tier access level, defining how the explorer page should handle displaying unauthorized files, and the limit to how far unauthorized user can filter down files. Last, there is a guppy block that needs to be configured with the elastic search indices guppy will use to render the explorer page. ``` global: @@ -230,7 +230,7 @@ guppy: ``` -You will also need a mapping file to map the fields you want to pull from postgres into the elasticsearch indices. There are too many fields to describe here, but an example mapping file can be found [here](https://github.com/uc-cdis/cdis-manifest/blob/master/gen3.biodatacatalyst.nhlbi.nih.gov/etlMapping.yaml). +You will also need a mapping file to map the fields you want to pull from postgres into the elasticsearch indices. There are too many fields to describe here, but [an example mapping file can be found here](https://github.com/uc-cdis/cdis-manifest/blob/master/gen3.biodatacatalyst.nhlbi.nih.gov/etlMapping.yaml). Last, guppy works closely with portal to render the explorer page. You will need to ensure a proper [dataExplorer block](https://github.com/uc-cdis/cdis-manifest/blob/master/gen3.biodatacatalyst.nhlbi.nih.gov/portal/gitops.json#L212) is setup within the gitops.json file, referencing fields that have been pulled from postgres into the elasticsearch indices. @@ -454,9 +454,9 @@ portal: ``` -To do this you can follow the example [here](https://github.com/uc-cdis/data-portal/blob/master/docs/portal_config.md). +To do this you can follow [the example here](https://github.com/uc-cdis/data-portal/blob/master/docs/portal_config.md). -Portal can also be configured with different images and icons by updating the values, similar to [this](https://github.com/uc-cdis/cdis-manifest/tree/master/gen3.biodatacatalyst.nhlbi.nih.gov/portal). +Portal can also be configured with different images and icons by updating the values, [similar to this](https://github.com/uc-cdis/cdis-manifest/tree/master/gen3.biodatacatalyst.nhlbi.nih.gov/portal). ## Extra Information @@ -605,4 +605,4 @@ sower: restart_policy: Never ``` -## Extra Information --> \ No newline at end of file +## Extra Information --> From b4c3920c3d477e95b174ca6d1730c505e07a0889 Mon Sep 17 00:00:00 2001 From: smvgarcia <111767892+smvgarcia@users.noreply.github.com> Date: Tue, 5 Nov 2024 14:00:30 -0600 Subject: [PATCH 247/279] Update CONFIGURATION.md update language in paragraph and fix incorrect link. --- docs/CONFIGURATION.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index 5a8fe5a7..3323c0e1 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -179,7 +179,9 @@ There are [some commons sql queries that can be found here](https://github.com/u ### Setting up OIDC clients -OIDC clients are used by applications to authenticate to fence. Many times this is external users to setup apps which leverage gen3 and an OIDC will have to be client will need to be setup for them. After creation, the client_id/secret will need to be shared with the application owner. To create these clients you will need to exec into a fence container and run the [following commands](https://github.com/uc-cdis/fence#register-oauth-client). +OIDC (OpenID Connect) clients allow applications to authenticate with Fence. This setup is often necessary for external users who want to integrate their applications with Gen3. For each application, you'll need to create a unique OIDC client, which will provide a client_id and client_secret for the application to use. + +Once the client is created, share the client_id and client_secret with the application owner so they can configure their application to authenticate with Fence. To create these clients, you will need to exec into a fence container and run the [following commands](https://github.com/uc-cdis/fence/blob/master/docs/additional_documentation/setup.md#register-oauth-client). --- From cd01be0904d5182d1e4eefed7090ac2e1cde2966 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Tue, 5 Nov 2024 15:17:33 -0700 Subject: [PATCH 248/279] adding audit --- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/audit/templates/deployment.yaml | 10 +++++++++- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 4112d571..b77dc25f 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index c840cd72..3fc12b4b 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index 77c723da..e42d3ab6 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -90,6 +90,10 @@ spec: readOnly: true mountPath: "/src/audit-service-config.yaml" subPath: "audit-service-config.yaml" + - name: "config-volume" + readOnly: true + mountPath: "/audit/audit-service-config.yaml" + subPath: "audit-service-config.yaml" {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -134,12 +138,16 @@ spec: args: - "-c" - | - /env/bin/alembic upgrade head + poetry run alembic upgrade head || /env/bin/alembic upgrade head volumeMounts: - name: "config-volume" readOnly: true mountPath: "/src/audit-service-config.yaml" subPath: "audit-service-config.yaml" + - name: "config-volume" + readOnly: true + mountPath: "/audit/audit-service-config.yaml" + subPath: "audit-service-config.yaml" {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 1229ecf3..54cdc771 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -17,7 +17,7 @@ dependencies: repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.13 + version: 0.1.14 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy diff --git a/helm/gen3/README.md b/helm/gen3/README.md index c7b80ee3..7dc8787e 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -21,7 +21,7 @@ Helm chart to deploy Gen3 Data Commons | file://../ambassador | ambassador | 0.1.12 | | file://../arborist | arborist | 0.1.12 | | file://../argo-wrapper | argo-wrapper | 0.1.8 | -| file://../audit | audit | 0.1.13 | +| file://../audit | audit | 0.1.14 | | file://../aws-es-proxy | aws-es-proxy | 0.1.10 | | file://../common | common | 0.1.14 | | file://../etl | etl | 0.1.3 | From 2f61f0aa6dc8434590a8b0d17e1175c25f667358 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:49:28 -0700 Subject: [PATCH 249/279] adding comments --- helm/audit/templates/deployment.yaml | 3 +++ helm/metadata/README.md | 2 +- helm/metadata/values.yaml | 3 +++ helm/requestor/README.md | 2 +- helm/requestor/values.yaml | 2 ++ helm/wts/templates/deployment.yaml | 1 + 6 files changed, 11 insertions(+), 2 deletions(-) diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index e42d3ab6..bad68a79 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -90,6 +90,7 @@ spec: readOnly: true mountPath: "/src/audit-service-config.yaml" subPath: "audit-service-config.yaml" + # Added an additional volume mount for new images using the / directory, while retaining the 'src' mount for backward compatibility. - name: "config-volume" readOnly: true mountPath: "/audit/audit-service-config.yaml" @@ -138,12 +139,14 @@ spec: args: - "-c" - | + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || /env/bin/alembic upgrade head volumeMounts: - name: "config-volume" readOnly: true mountPath: "/src/audit-service-config.yaml" subPath: "audit-service-config.yaml" + # Added an additional volume mount for new images using the / directory, while retaining the 'src' mount for backward compatibility. - name: "config-volume" readOnly: true mountPath: "/audit/audit-service-config.yaml" diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 7ad8943f..f7f0dc90 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -25,7 +25,7 @@ A Helm chart for gen3 Metadata Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | aggMdsConfig | string | `"{\n \"configuration\": {\n \"schema\": {\n \"_subjects_count\": {\n \"type\": \"integer\"\n },\n \"__manifest\": {\n \"description\": \"an array of filename (usually DRS ids and its size\",\n \"type\": \"array\",\n \"properties\": {\n \"file_name\": {\n \"type\": \"string\"\n },\n \"file_size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"tags\": {\n \"type\": \"array\"\n },\n \"_unique_id\": {},\n \"study_description\": {},\n \"study_id\": {},\n \"study_url\": {},\n \"project_id\": {},\n \"short_name\": {\n \"default\": \"not_set\"\n },\n \"year\": {\n \"default\": \"not_set\"\n },\n \"full_name\": {},\n \"commons_url\": {},\n \"commons\": {}\n },\n \"settings\": {\n \"cache_drs\": true\n }\n },\n \"adapter_commons\": {\n \"Gen3\": {\n \"mds_url\": \"https://gen3.datacommons.io/\",\n \"commons_url\": \"gen3.datacommons.io/\",\n \"adapter\": \"gen3\",\n \"config\": {\n \"guid_type\": \"discovery_metadata\",\n \"study_field\": \"gen3_discovery\"\n },\n \"keep_original_fields\": false,\n \"field_mappings\": {\n \"tags\": \"path:tags\",\n \"_unique_id\": \"path:_unique_id\",\n \"study_description\": \"path:summary\",\n \"full_name\": \"path:study_title\",\n \"short_name\": \"path:short_name\",\n \"year\": \"path:year\",\n \"accession_number\": \"path:accession_number\",\n \"commons\": \"Gen3 Data Commons\",\n \"study_url\": {\n \"path\": \"link\",\n \"default\": \"unknown\"\n }\n }\n }\n }\n}\n"` | | | aggMdsNamespace | string | `"default"` | Namespae to use if AggMds is enabled. | -| args | list | `["-c","poetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility \npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 068980c1..fa169c43 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -253,6 +253,7 @@ volumeMounts: readOnly: true mountPath: /src/.env subPath: metadata.env + # Added an additional volume mount for new images using the / directory, while retaining the 'src' mount for backward compatibility. - name: config-volume-g3auto readOnly: true mountPath: /mds/.env @@ -290,6 +291,7 @@ initVolumeMounts: readOnly: true mountPath: /src/.env subPath: metadata.env + # Added an additional volume mount for new images using the / directory, while retaining the 'src' mount for backward compatibility. - name: config-volume-g3auto readOnly: true mountPath: /mds/.env @@ -308,6 +310,7 @@ command: ["/bin/sh"] args: - "-c" - | + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod diff --git a/helm/requestor/README.md b/helm/requestor/README.md index ff73f0f9..8fa30166 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -23,7 +23,7 @@ A Helm chart for gen3 Requestor Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["requestor"]` | Value for the match expression key. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | arboristUrl | string | `"http://arborist-service"` | Arborist service URL. | -| args | list | `["-c","poetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility \npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 05ea7d47..fadb30ca 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -190,6 +190,7 @@ volumeMounts: # readOnly: true # mountPath: "/src/requestor-config.yaml" # subPath: "requestor-config.yaml" + # Added an additional volume mount for new images using the / directory, while retaining the 'src' mount for backward compatibility. # - name: "config-volume" # readOnly: true # mountPath: "/requestor/requestor-config.yaml" @@ -227,6 +228,7 @@ command: ["/bin/sh"] args: - "-c" - | + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index fe1ab9ee..a3d9e6ac 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -185,6 +185,7 @@ spec: if hash alembic 2>/dev/null; then echo "Running DB migration" cd /wts + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || alembic upgrade head else echo "Alembic not installed - not running DB migration" From 3739e806ae0a40df95957e178b59669159b47bb4 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:58:05 -0700 Subject: [PATCH 250/279] fixing trailng spaces --- helm/metadata/README.md | 2 +- helm/metadata/values.yaml | 2 +- helm/requestor/README.md | 2 +- helm/requestor/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/metadata/README.md b/helm/metadata/README.md index f7f0dc90..bb1b5331 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -25,7 +25,7 @@ A Helm chart for gen3 Metadata Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | aggMdsConfig | string | `"{\n \"configuration\": {\n \"schema\": {\n \"_subjects_count\": {\n \"type\": \"integer\"\n },\n \"__manifest\": {\n \"description\": \"an array of filename (usually DRS ids and its size\",\n \"type\": \"array\",\n \"properties\": {\n \"file_name\": {\n \"type\": \"string\"\n },\n \"file_size\": {\n \"type\": \"integer\"\n }\n }\n },\n \"tags\": {\n \"type\": \"array\"\n },\n \"_unique_id\": {},\n \"study_description\": {},\n \"study_id\": {},\n \"study_url\": {},\n \"project_id\": {},\n \"short_name\": {\n \"default\": \"not_set\"\n },\n \"year\": {\n \"default\": \"not_set\"\n },\n \"full_name\": {},\n \"commons_url\": {},\n \"commons\": {}\n },\n \"settings\": {\n \"cache_drs\": true\n }\n },\n \"adapter_commons\": {\n \"Gen3\": {\n \"mds_url\": \"https://gen3.datacommons.io/\",\n \"commons_url\": \"gen3.datacommons.io/\",\n \"adapter\": \"gen3\",\n \"config\": {\n \"guid_type\": \"discovery_metadata\",\n \"study_field\": \"gen3_discovery\"\n },\n \"keep_original_fields\": false,\n \"field_mappings\": {\n \"tags\": \"path:tags\",\n \"_unique_id\": \"path:_unique_id\",\n \"study_description\": \"path:summary\",\n \"full_name\": \"path:study_title\",\n \"short_name\": \"path:short_name\",\n \"year\": \"path:year\",\n \"accession_number\": \"path:accession_number\",\n \"commons\": \"Gen3 Data Commons\",\n \"study_url\": {\n \"path\": \"link\",\n \"default\": \"unknown\"\n }\n }\n }\n }\n}\n"` | | | aggMdsNamespace | string | `"default"` | Namespae to use if AggMds is enabled. | -| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility \npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility\npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index fa169c43..1b5d28cf 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -310,7 +310,7 @@ command: ["/bin/sh"] args: - "-c" - | - # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 8fa30166..a2b4d874 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -23,7 +23,7 @@ A Helm chart for gen3 Requestor Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["requestor"]` | Value for the match expression key. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | arboristUrl | string | `"http://arborist-service"` | Arborist service URL. | -| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility \npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | +| args | list | `["-c","# Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility\npoetry run alembic upgrade head || /env/bin/alembic upgrade head\n"]` | Arguments to pass to the init container. | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index fadb30ca..3453063a 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -228,7 +228,7 @@ command: ["/bin/sh"] args: - "-c" - | - # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility + # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility poetry run alembic upgrade head || /env/bin/alembic upgrade head # Service and Pod From 1a79dbe1f6cd34944ed46b58a14dab1d50b16941 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Fri, 8 Nov 2024 08:48:37 -0700 Subject: [PATCH 251/279] updating the default user.yaml so it passes validation --- .secrets.baseline | 4 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 4 +- helm/fence/values.yaml | 1023 +++++++--------------------------------- helm/gen3/Chart.yaml | 4 +- helm/gen3/README.md | 4 +- 6 files changed, 190 insertions(+), 851 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index e6651717..67c46195 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "^.secrets.baseline$", "lines": null }, - "generated_at": "2024-11-05T18:59:51Z", + "generated_at": "2024-11-08T15:48:27Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -321,7 +321,7 @@ "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", "is_secret": false, "is_verified": false, - "line_number": 1956, + "line_number": 1295, "type": "Secret Keyword" } ], diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index b591966e..f69ccd11 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.23 +version: 0.1.24 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 3a5f4b18..521aed4a 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.23](https://img.shields.io/badge/Version-0.1.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -70,7 +70,7 @@ A Helm chart for gen3 Fence | FENCE_CONFIG.USER_ALLOWED_SCOPES | list | `["fence","openid","user","data","admin","google_credentials","google_service_account","google_link","ga4gh_passport_v1"]` | these are the scopes that CAN be included in a user's own access_token | | FENCE_CONFIG.WTF_CSRF_SECRET_KEY | str | `"{{ENCRYPTION_KEY}}"` | signing key for WTForms to sign CSRF tokens with | | FENCE_CONFIG_PUBLIC | map | `{}` | Public configuration settings for Fence app | -| USER_YAML | string | `"cloud_providers: {}\ngroups: {}\nauthz:\n # policies automatically given to anyone, even if they haven't authenticated\n anonymous_policies: ['open_data_reader', 'full_open_access']\n\n # policies automatically given to authenticated users (in addition to their other\n # policies)\n all_users_policies: ['open_data_reader', 'authn_open_access']\n\n user_project_to_resource:\n QA: /programs/QA\n DEV: /programs/DEV\n test: /programs/QA/projects/test\n jenkins: /programs/jnkns/projects/jenkins\n jenkins2: /programs/jnkns/projects/jenkins2\n jnkns: /programs/jnkns\n\n policies:\n # General Access\n - id: 'workspace'\n description: 'be able to use workspace'\n resource_paths: ['/workspace']\n role_ids: ['workspace_user']\n - id: 'dashboard'\n description: 'be able to use the commons dashboard'\n resource_paths: ['/dashboard']\n role_ids: ['dashboard_user']\n - id: 'prometheus'\n description: 'be able to use prometheus'\n resource_paths: ['/prometheus']\n role_ids: ['prometheus_user']\n - id: 'ttyadmin'\n description: 'be able to use the admin tty'\n resource_paths: ['/ttyadmin']\n role_ids: ['ttyadmin_user']\n - id: 'mds_admin'\n description: 'be able to use metadata service'\n resource_paths: ['/mds_gateway']\n role_ids: ['mds_user']\n - id: 'data_upload'\n description: 'upload raw data files to S3'\n role_ids: ['file_uploader']\n resource_paths: ['/data_file']\n - description: be able to use sower job\n id: sower\n resource_paths: [/sower]\n role_ids: [sower_user]\n - id: 'mariner_admin'\n description: 'full access to mariner API'\n resource_paths: ['/mariner']\n role_ids: ['mariner_admin']\n - id: audit_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit\n - id: audit_login_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/login\n - id: audit_presigned_url_reader\n role_ids:\n - audit_reader\n resource_paths:\n - /services/audit/presigned_url\n - id: requestor_admin\n role_ids:\n - requestor_admin\n resource_paths:\n - /programs\n - id: requestor_reader\n role_ids:\n - requestor_reader\n resource_paths:\n - /programs\n - id: requestor_creator\n role_ids:\n - requestor_creator\n resource_paths:\n - /programs\n - id: requestor_updater\n role_ids:\n - requestor_updater\n resource_paths:\n - /programs\n - id: requestor_deleter\n role_ids:\n - requestor_deleter\n resource_paths:\n - /programs\n # Data Access\n\n # All programs policy\n - id: 'all_programs_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/programs']\n\n # # example if need access to write to storage\n # - id: 'programs.jnkns-storage_writer'\n # description: ''\n # role_ids:\n # - 'storage_writer'\n # resource_paths: ['/programs/jnkns']\n\n - id: 'programs.jnkns-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n - id: 'programs.jnkns-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/jnkns'\n - '/gen3/programs/jnkns'\n\n\n - id: 'programs.QA-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-admin-no-storage'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.QA-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/QA'\n - '/gen3/programs/QA'\n\n - id: 'programs.DEV-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n - 'storage_writer'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.DEV-storage_writer'\n description: ''\n role_ids:\n - 'storage_writer'\n resource_paths: ['/programs/DEV']\n\n - id: 'programs.DEV-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/DEV'\n - '/gen3/programs/DEV'\n\n - id: 'programs.test-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'programs.test-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/programs/test'\n - '/gen3/programs/test'\n\n - id: 'abc-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/abc'\n\n - id: 'gen3-admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/gen3'\n\n - id: 'gen3-hmb-researcher'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_reader'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/gen3'\n\n - id: 'abc.programs.test_program.projects.test_project1-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project1'\n\n - id: 'abc.programs.test_program.projects.test_project2-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program/projects/test_project2'\n\n - id: 'abc.programs.test_program2.projects.test_project3-viewer'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths:\n - '/abc/programs/test_program2/projects/test_project3'\n\n # Open data policies\n - id: 'authn_open_access'\n resource_paths: ['/programs/open/projects/authnRequired']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'full_open_access'\n resource_paths: ['/programs/open/projects/1000G']\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n - id: 'open_data_reader'\n description: ''\n role_ids:\n - 'reader'\n - 'storage_reader'\n resource_paths: ['/open']\n - id: 'open_data_admin'\n description: ''\n role_ids:\n - 'creator'\n - 'reader'\n - 'updater'\n - 'deleter'\n - 'storage_writer'\n - 'storage_reader'\n resource_paths: ['/open']\n\n # Consent Code Policies\n - id: 'not-for-profit-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NPU'\n\n - id: 'publication-required-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/PUB'\n\n - id: 'gru-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n\n - id: 'gru-cc-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n\n - id: 'hmb-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n\n - id: 'poa-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/POA'\n\n - id: 'ds-lung-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_LungDisease'\n\n - id: 'ds-chronic-obstructive-pulmonary-disease-researcher'\n description: ''\n role_ids:\n - 'admin'\n resource_paths:\n - '/consents/NRES'\n - '/consents/GRU'\n - '/consents/GRU_CC'\n - '/consents/HMB'\n - '/consents/DS_ChronicObstructivePulmonaryDisease'\n\n - id: 'services.sheepdog-admin'\n description: 'CRUD access to programs and projects'\n role_ids:\n - 'sheepdog_admin'\n resource_paths:\n - '/services/sheepdog/submission/program'\n - '/services/sheepdog/submission/project'\n\n # indexd\n - id: 'indexd_admin'\n description: 'full access to indexd API'\n role_ids:\n - 'indexd_admin'\n resource_paths:\n - '/programs'\n - '/services/indexd/admin'\n # # TODO resource path '/' is not valid right now in arborist, trying to decide\n # # how to handle all resources\n # - id: 'indexd_admin'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n # - id: 'indexd_record_reader'\n # description: ''\n # role_ids:\n # - 'indexd_record_reader'\n # resource_paths: ['/']\n # - id: 'indexd_record_editor'\n # description: ''\n # role_ids:\n # - 'indexd_record_creator'\n # - 'indexd_record_reader'\n # - 'indexd_record_updater'\n # - 'indexd_delete_record'\n # resource_paths: ['/']\n # - id: 'indexd_storage_reader'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # resource_paths: ['/']\n # - id: 'indexd_storage_editor'\n # description: ''\n # role_ids:\n # - 'indexd_storage_reader'\n # - 'indexd_storage_writer'\n # resource_paths: ['/']\n\n # argo\n - id: argo\n description: be able to use argo\n resource_paths: [/argo]\n role_ids: [argo_user]\n\n resources:\n # General Access\n - name: 'data_file'\n description: 'data files, stored in S3'\n - name: 'dashboard'\n description: 'commons /dashboard'\n - name: 'mds_gateway'\n description: 'commons /mds-admin'\n - name: 'prometheus'\n description: 'commons /prometheus and /grafana'\n - name: 'ttyadmin'\n description: 'commons /ttyadmin'\n - name: 'workspace'\n - name: \"sower\"\n - name: 'mariner'\n description: 'workflow execution service'\n - name: argo\n\n # OLD Data\n - name: 'programs'\n subresources:\n - name: 'open'\n subresources:\n - name: 'projects'\n subresources:\n - name: '1000G'\n - name: 'authnRequired'\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # NEW Data WITH PREFIX\n - name: 'gen3'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'QA'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'DEV'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n - name: 'jnkns'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'jenkins'\n - name: 'jenkins2'\n - name: 'test'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test'\n\n # consents obtained from DUO and NIH\n # https://github.com/EBISPOT/DUO\n # https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4721915/\n - name: 'consents'\n subresources:\n - name: 'NRES'\n description: 'no restriction'\n - name: 'GRU'\n description: 'general research use'\n - name: 'GRU_CC'\n description: 'general research use and clinical care'\n - name: 'HMB'\n description: 'health/medical/biomedical research'\n - name: 'POA'\n description: 'population origins or ancestry research'\n - name: 'NMDS'\n description: 'no general methods research'\n - name: 'NPU'\n description: 'not-for-profit use only'\n - name: 'PUB'\n description: 'publication required'\n - name: 'DS_LungDisease'\n description: 'disease-specific research for lung disease'\n - name: 'DS_ChronicObstructivePulmonaryDisease'\n description: 'disease-specific research for chronic obstructive pulmonary disease'\n\n - name: 'abc'\n subresources:\n - name: 'programs'\n subresources:\n - name: 'foo'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'bar'\n - name: 'test_program'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project1'\n - name: 'test_project2'\n - name: 'test_program2'\n subresources:\n - name: 'projects'\n subresources:\n - name: 'test_project3'\n\n\n # \"Sheepdog admin\" resources\n - name: 'services'\n subresources:\n - name: 'sheepdog'\n subresources:\n - name: 'submission'\n subresources:\n - name: 'program'\n - name: 'project'\n - name: 'indexd'\n subresources:\n - name: 'admin'\n - name: 'bundles'\n - name: audit\n subresources:\n - name: presigned_url\n - name: login\n\n\n - name: 'open'\n\n # action/methods:\n # create, read, update, delete, read-storage, write-storage,\n # file_upload, access\n roles:\n # General Access\n - id: 'file_uploader'\n description: 'can upload data files'\n permissions:\n - id: 'file_upload'\n action:\n service: '*'\n method: 'file_upload'\n - id: 'workspace_user'\n permissions:\n - id: 'workspace_access'\n action:\n service: 'jupyterhub'\n method: 'access'\n - id: 'dashboard_user'\n permissions:\n - id: 'dashboard_access'\n action:\n service: 'dashboard'\n method: 'access'\n - id: 'mds_user'\n permissions:\n - id: 'mds_access'\n action:\n service: 'mds_gateway'\n method: 'access'\n - id: 'prometheus_user'\n permissions:\n - id: 'prometheus_access'\n action:\n service: 'prometheus'\n method: 'access'\n - id: 'ttyadmin_user'\n permissions:\n - id: 'ttyadmin_access'\n action:\n service: 'ttyadmin'\n method: 'access'\n - id: 'sower_user'\n permissions:\n - id: 'sower_access'\n action:\n service: 'job'\n method: 'access'\n - id: 'mariner_admin'\n permissions:\n - id: 'mariner_access'\n action:\n service: 'mariner'\n method: 'access'\n - id: audit_reader\n permissions:\n - id: audit_reader_action\n action:\n service: audit\n method: read\n\n # All services\n - id: 'admin'\n description: ''\n permissions:\n - id: 'admin'\n action:\n service: '*'\n method: '*'\n - id: 'creator'\n description: ''\n permissions:\n - id: 'creator'\n action:\n service: '*'\n method: 'create'\n - id: 'reader'\n description: ''\n permissions:\n - id: 'reader'\n action:\n service: '*'\n method: 'read'\n - id: 'updater'\n description: ''\n permissions:\n - id: 'updater'\n action:\n service: '*'\n method: 'update'\n - id: 'deleter'\n description: ''\n permissions:\n - id: 'deleter'\n action:\n service: '*'\n method: 'delete'\n - id: 'storage_writer'\n description: ''\n permissions:\n - id: 'storage_writer'\n action:\n service: '*'\n method: 'write-storage'\n - id: 'storage_reader'\n description: ''\n permissions:\n - id: 'storage_reader'\n action:\n service: '*'\n method: 'read-storage'\n\n\n # Sheepdog admin role\n - id: 'sheepdog_admin'\n description: 'sheepdog admin role for program project crud'\n permissions:\n - id: 'sheepdog_admin_action'\n action:\n service: 'sheepdog'\n method: '*'\n\n\n # indexd\n - id: 'indexd_admin'\n # this only works if indexd.arborist is enabled in manifest!\n description: 'full access to indexd API'\n permissions:\n - id: 'indexd_admin'\n action:\n service: 'indexd'\n method: '*'\n - id: 'indexd_record_creator'\n description: ''\n permissions:\n - id: 'indexd_record_creator'\n action:\n service: 'indexd'\n method: 'create'\n - id: 'indexd_record_reader'\n description: ''\n permissions:\n - id: 'indexd_record_reader'\n action:\n service: 'indexd'\n method: 'read'\n - id: 'indexd_record_updater'\n description: ''\n permissions:\n - id: 'indexd_record_updater'\n action:\n service: 'indexd'\n method: 'update'\n - id: 'indexd_delete_record'\n description: ''\n permissions:\n - id: 'indexd_delete_record'\n action:\n service: 'indexd'\n method: 'delete'\n - id: 'indexd_storage_reader'\n description: ''\n permissions:\n - id: 'indexd_storage_reader'\n action:\n service: 'indexd'\n method: 'read-storage'\n - id: 'indexd_storage_writer'\n description: ''\n permissions:\n - id: 'indexd_storage_writer'\n action:\n service: 'indexd'\n method: 'write-storage'\n\n # arborist\n - id: 'arborist_creator'\n description: ''\n permissions:\n - id: 'arborist_creator'\n action:\n service: 'arborist'\n method: 'create'\n - id: 'arborist_reader'\n description: ''\n permissions:\n - id: 'arborist_reader'\n action:\n service: 'arborist'\n method: 'read'\n - id: 'arborist_updater'\n description: ''\n permissions:\n - id: 'arborist_updater'\n action:\n service: 'arborist'\n method: 'update'\n - id: 'arborist_deleter'\n description: ''\n permissions:\n - id: 'arborist_deleter'\n action:\n service: 'arborist'\n method: 'delete'\n\n # requestor\n - id: requestor_admin\n permissions:\n - id: requestor_admin_action\n action:\n service: requestor\n method: '*'\n - id: requestor_reader\n permissions:\n - id: requestor_reader_action\n action:\n service: requestor\n method: read\n - id: requestor_creator\n permissions:\n - id: requestor_creator_action\n action:\n service: requestor\n method: create\n - id: requestor_updater\n permissions:\n - id: requestor_updater_action\n action:\n service: requestor\n method: update\n - id: requestor_deleter\n permissions:\n - id: requestor_deleter_action\n action:\n service: requestor\n method: delete\n # argo\n - id: argo_user\n permissions:\n - id: argo_access\n action:\n service: argo\n method: access\n\nclients:\n basic-test-client:\n policies:\n - abc-admin\n - gen3-admin\n basic-test-abc-client:\n policies:\n - abc-admin\n wts:\n policies:\n - all_programs_reader\n - workspace\n\nusers:\n ### BEGIN INTERNS SECTION ###\n ### END INTERNS SECTION ###\n qureshi@uchicago.edu:\n admin: true\n policies:\n - data_upload\n - workspace\n - dashboard\n - mds_admin\n - prometheus\n - sower\n - services.sheepdog-admin\n - programs.QA-admin\n - programs.test-admin\n - programs.DEV-admin\n - programs.jnkns-admin\n - indexd_admin\n - ttyadmin\n projects:\n - auth_id: QA\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: test\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: DEV\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jenkins2\n privilege: [create, read, update, delete, upload, read-storage]\n - auth_id: jnkns\n privilege: [create, read, update, delete, upload, read-storage]\n"` | USER YAML. Passed in as a multiline string. | +| USER_YAML | string | `"cloud_providers: {}\nauthz:\n # policies automatically given to anyone, even if they are not authenticated\n anonymous_policies:\n - open_data_reader\n\n # policies automatically given to authenticated users (in addition to their other policies)\n all_users_policies: []\n\n groups:\n # can CRUD programs and projects and upload data files\n - name: data_submitters\n policies:\n - services.sheepdog-admin\n - data_upload\n - MyFirstProject_submitter\n users:\n - username1@gmail.com\n\n # can create/update/delete indexd records\n - name: indexd_admins\n policies:\n - indexd_admin\n users:\n - username1@gmail.com\n\n resources:\n - name: workspace\n - name: data_file\n - name: services\n subresources:\n - name: sheepdog\n subresources:\n - name: submission\n subresources:\n - name: program\n - name: project\n - name: 'indexd'\n subresources:\n - name: 'admin'\n - name: audit\n subresources:\n - name: presigned_url\n - name: login\n - name: open\n - name: programs\n subresources:\n - name: MyFirstProgram\n subresources:\n - name: projects\n subresources:\n - name: MyFirstProject\n\n policies:\n - id: workspace\n description: be able to use workspace\n resource_paths:\n - /workspace\n role_ids:\n - workspace_user\n - id: data_upload\n description: upload raw data files to S3\n role_ids:\n - file_uploader\n resource_paths:\n - /data_file\n - id: services.sheepdog-admin\n description: CRUD access to programs and projects\n role_ids:\n - sheepdog_admin\n resource_paths:\n - /services/sheepdog/submission/program\n - /services/sheepdog/submission/project\n - id: indexd_admin\n description: full access to indexd API\n role_ids:\n - indexd_admin\n resource_paths:\n - /programs\n - id: open_data_reader\n role_ids:\n - peregrine_reader\n - guppy_reader\n - fence_storage_reader\n resource_paths:\n - /open\n - id: all_programs_reader\n role_ids:\n - peregrine_reader\n - guppy_reader\n - fence_storage_reader\n resource_paths:\n - /programs\n - id: MyFirstProject_submitter\n role_ids:\n - reader\n - creator\n - updater\n - deleter\n - storage_reader\n - storage_writer\n resource_paths:\n - /programs/MyFirstProgram/projects/MyFirstProject\n\n roles:\n - id: file_uploader\n permissions:\n - id: file_upload\n action:\n service: fence\n method: file_upload\n - id: workspace_user\n permissions:\n - id: workspace_access\n action:\n service: jupyterhub\n method: access\n - id: sheepdog_admin\n description: CRUD access to programs and projects\n permissions:\n - id: sheepdog_admin_action\n action:\n service: sheepdog\n method: '*'\n - id: indexd_admin\n description: full access to indexd API\n permissions:\n - id: indexd_admin\n action:\n service: indexd\n method: '*'\n - id: admin\n permissions:\n - id: admin\n action:\n service: '*'\n method: '*'\n - id: creator\n permissions:\n - id: creator\n action:\n service: '*'\n method: create\n - id: reader\n permissions:\n - id: reader\n action:\n service: '*'\n method: read\n - id: updater\n permissions:\n - id: updater\n action:\n service: '*'\n method: update\n - id: deleter\n permissions:\n - id: deleter\n action:\n service: '*'\n method: delete\n - id: storage_writer\n permissions:\n - id: storage_creator\n action:\n service: '*'\n method: write-storage\n - id: storage_reader\n permissions:\n - id: storage_reader\n action:\n service: '*'\n method: read-storage\n - id: peregrine_reader\n permissions:\n - id: peregrine_reader\n action:\n method: read\n service: peregrine\n - id: guppy_reader\n permissions:\n - id: guppy_reader\n action:\n method: read\n service: guppy\n - id: fence_storage_reader\n permissions:\n - id: fence_storage_reader\n action:\n method: read-storage\n service: fence\n\nclients:\n wts:\n policies:\n - all_programs_reader\n - open_data_reader\n\nusers:\n username1@gmail.com: {}\n username2:\n tags:\n name: John Doe\n email: johndoe@gmail.com\n policies:\n - MyFirstProject_submitter\n\ncloud_providers: {}\ngroups: {}\n"` | USER YAML. Passed in as a multiline string. | | affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0] | int | `{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["fence"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}` | Weight value for preferred scheduling. | diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 026811a7..3919a20d 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -516,875 +516,214 @@ projects: # -- (string) USER YAML. Passed in as a multiline string. USER_YAML: | cloud_providers: {} - groups: {} authz: - # policies automatically given to anyone, even if they haven't authenticated - anonymous_policies: ['open_data_reader', 'full_open_access'] + # policies automatically given to anyone, even if they are not authenticated + anonymous_policies: + - open_data_reader - # policies automatically given to authenticated users (in addition to their other - # policies) - all_users_policies: ['open_data_reader', 'authn_open_access'] + # policies automatically given to authenticated users (in addition to their other policies) + all_users_policies: [] - user_project_to_resource: - QA: /programs/QA - DEV: /programs/DEV - test: /programs/QA/projects/test - jenkins: /programs/jnkns/projects/jenkins - jenkins2: /programs/jnkns/projects/jenkins2 - jnkns: /programs/jnkns + groups: + # can CRUD programs and projects and upload data files + - name: data_submitters + policies: + - services.sheepdog-admin + - data_upload + - MyFirstProject_submitter + users: + - username1@gmail.com - policies: - # General Access - - id: 'workspace' - description: 'be able to use workspace' - resource_paths: ['/workspace'] - role_ids: ['workspace_user'] - - id: 'dashboard' - description: 'be able to use the commons dashboard' - resource_paths: ['/dashboard'] - role_ids: ['dashboard_user'] - - id: 'prometheus' - description: 'be able to use prometheus' - resource_paths: ['/prometheus'] - role_ids: ['prometheus_user'] - - id: 'ttyadmin' - description: 'be able to use the admin tty' - resource_paths: ['/ttyadmin'] - role_ids: ['ttyadmin_user'] - - id: 'mds_admin' - description: 'be able to use metadata service' - resource_paths: ['/mds_gateway'] - role_ids: ['mds_user'] - - id: 'data_upload' - description: 'upload raw data files to S3' - role_ids: ['file_uploader'] - resource_paths: ['/data_file'] - - description: be able to use sower job - id: sower - resource_paths: [/sower] - role_ids: [sower_user] - - id: 'mariner_admin' - description: 'full access to mariner API' - resource_paths: ['/mariner'] - role_ids: ['mariner_admin'] - - id: audit_reader - role_ids: - - audit_reader - resource_paths: - - /services/audit - - id: audit_login_reader - role_ids: - - audit_reader - resource_paths: - - /services/audit/login - - id: audit_presigned_url_reader - role_ids: - - audit_reader - resource_paths: - - /services/audit/presigned_url - - id: requestor_admin - role_ids: - - requestor_admin - resource_paths: - - /programs - - id: requestor_reader - role_ids: - - requestor_reader - resource_paths: - - /programs - - id: requestor_creator - role_ids: - - requestor_creator - resource_paths: - - /programs - - id: requestor_updater - role_ids: - - requestor_updater - resource_paths: - - /programs - - id: requestor_deleter - role_ids: - - requestor_deleter - resource_paths: - - /programs - # Data Access - - # All programs policy - - id: 'all_programs_reader' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: ['/programs'] - - # # example if need access to write to storage - # - id: 'programs.jnkns-storage_writer' - # description: '' - # role_ids: - # - 'storage_writer' - # resource_paths: ['/programs/jnkns'] - - - id: 'programs.jnkns-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/programs/jnkns' - - '/gen3/programs/jnkns' - - - id: 'programs.jnkns-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/programs/jnkns' - - '/gen3/programs/jnkns' - - - - id: 'programs.QA-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/programs/QA' - - '/gen3/programs/QA' - - - id: 'programs.QA-admin-no-storage' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - resource_paths: - - '/programs/QA' - - '/gen3/programs/QA' - - - id: 'programs.QA-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/programs/QA' - - '/gen3/programs/QA' - - - id: 'programs.DEV-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - - 'storage_writer' - resource_paths: - - '/programs/DEV' - - '/gen3/programs/DEV' - - - id: 'programs.DEV-storage_writer' - description: '' - role_ids: - - 'storage_writer' - resource_paths: ['/programs/DEV'] - - - id: 'programs.DEV-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/programs/DEV' - - '/gen3/programs/DEV' - - - id: 'programs.test-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/programs/test' - - '/gen3/programs/test' - - - id: 'programs.test-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/programs/test' - - '/gen3/programs/test' - - - id: 'abc-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/abc' - - - id: 'gen3-admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/gen3' - - - id: 'gen3-hmb-researcher' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_reader' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - '/consents/HMB' - - '/gen3' - - - id: 'abc.programs.test_program.projects.test_project1-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/abc/programs/test_program/projects/test_project1' - - - id: 'abc.programs.test_program.projects.test_project2-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/abc/programs/test_program/projects/test_project2' - - - id: 'abc.programs.test_program2.projects.test_project3-viewer' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: - - '/abc/programs/test_program2/projects/test_project3' - - # Open data policies - - id: 'authn_open_access' - resource_paths: ['/programs/open/projects/authnRequired'] - description: '' - role_ids: - - 'reader' - - 'storage_reader' - - id: 'full_open_access' - resource_paths: ['/programs/open/projects/1000G'] - description: '' - role_ids: - - 'reader' - - 'storage_reader' - - id: 'open_data_reader' - description: '' - role_ids: - - 'reader' - - 'storage_reader' - resource_paths: ['/open'] - - id: 'open_data_admin' - description: '' - role_ids: - - 'creator' - - 'reader' - - 'updater' - - 'deleter' - - 'storage_writer' - - 'storage_reader' - resource_paths: ['/open'] - - # Consent Code Policies - - id: 'not-for-profit-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NPU' - - - id: 'publication-required-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/PUB' - - - id: 'gru-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - - id: 'gru-cc-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - - id: 'hmb-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - '/consents/HMB' - - - id: 'poa-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - '/consents/POA' - - - id: 'ds-lung-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - '/consents/HMB' - - '/consents/DS_LungDisease' - - - id: 'ds-chronic-obstructive-pulmonary-disease-researcher' - description: '' - role_ids: - - 'admin' - resource_paths: - - '/consents/NRES' - - '/consents/GRU' - - '/consents/GRU_CC' - - '/consents/HMB' - - '/consents/DS_ChronicObstructivePulmonaryDisease' - - - id: 'services.sheepdog-admin' - description: 'CRUD access to programs and projects' - role_ids: - - 'sheepdog_admin' - resource_paths: - - '/services/sheepdog/submission/program' - - '/services/sheepdog/submission/project' - - # indexd - - id: 'indexd_admin' - description: 'full access to indexd API' - role_ids: - - 'indexd_admin' - resource_paths: - - '/programs' - - '/services/indexd/admin' - # # TODO resource path '/' is not valid right now in arborist, trying to decide - # # how to handle all resources - # - id: 'indexd_admin' - # description: '' - # role_ids: - # - 'indexd_record_creator' - # - 'indexd_record_reader' - # - 'indexd_record_updater' - # - 'indexd_delete_record' - # - 'indexd_storage_reader' - # - 'indexd_storage_writer' - # resource_paths: ['/'] - # - id: 'indexd_record_reader' - # description: '' - # role_ids: - # - 'indexd_record_reader' - # resource_paths: ['/'] - # - id: 'indexd_record_editor' - # description: '' - # role_ids: - # - 'indexd_record_creator' - # - 'indexd_record_reader' - # - 'indexd_record_updater' - # - 'indexd_delete_record' - # resource_paths: ['/'] - # - id: 'indexd_storage_reader' - # description: '' - # role_ids: - # - 'indexd_storage_reader' - # resource_paths: ['/'] - # - id: 'indexd_storage_editor' - # description: '' - # role_ids: - # - 'indexd_storage_reader' - # - 'indexd_storage_writer' - # resource_paths: ['/'] - - # argo - - id: argo - description: be able to use argo - resource_paths: [/argo] - role_ids: [argo_user] + # can create/update/delete indexd records + - name: indexd_admins + policies: + - indexd_admin + users: + - username1@gmail.com resources: - # General Access - - name: 'data_file' - description: 'data files, stored in S3' - - name: 'dashboard' - description: 'commons /dashboard' - - name: 'mds_gateway' - description: 'commons /mds-admin' - - name: 'prometheus' - description: 'commons /prometheus and /grafana' - - name: 'ttyadmin' - description: 'commons /ttyadmin' - - name: 'workspace' - - name: "sower" - - name: 'mariner' - description: 'workflow execution service' - - name: argo - - # OLD Data - - name: 'programs' + - name: workspace + - name: data_file + - name: services + subresources: + - name: sheepdog subresources: - - name: 'open' - subresources: - - name: 'projects' - subresources: - - name: '1000G' - - name: 'authnRequired' - - name: 'QA' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - name: 'DEV' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - name: 'jnkns' - subresources: - - name: 'projects' - subresources: - - name: 'jenkins' - - name: 'jenkins2' - - name: 'test' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - # NEW Data WITH PREFIX - - name: 'gen3' + - name: submission + subresources: + - name: program + - name: project + - name: 'indexd' subresources: - - name: 'programs' - subresources: - - name: 'QA' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - name: 'DEV' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - name: 'jnkns' - subresources: - - name: 'projects' - subresources: - - name: 'jenkins' - - name: 'jenkins2' - - name: 'test' - subresources: - - name: 'projects' - subresources: - - name: 'test' - - # consents obtained from DUO and NIH - # https://github.com/EBISPOT/DUO - # https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4721915/ - - name: 'consents' + - name: 'admin' + - name: audit subresources: - - name: 'NRES' - description: 'no restriction' - - name: 'GRU' - description: 'general research use' - - name: 'GRU_CC' - description: 'general research use and clinical care' - - name: 'HMB' - description: 'health/medical/biomedical research' - - name: 'POA' - description: 'population origins or ancestry research' - - name: 'NMDS' - description: 'no general methods research' - - name: 'NPU' - description: 'not-for-profit use only' - - name: 'PUB' - description: 'publication required' - - name: 'DS_LungDisease' - description: 'disease-specific research for lung disease' - - name: 'DS_ChronicObstructivePulmonaryDisease' - description: 'disease-specific research for chronic obstructive pulmonary disease' - - - name: 'abc' + - name: presigned_url + - name: login + - name: open + - name: programs + subresources: + - name: MyFirstProgram subresources: - - name: 'programs' - subresources: - - name: 'foo' - subresources: - - name: 'projects' - subresources: - - name: 'bar' - - name: 'test_program' - subresources: - - name: 'projects' - subresources: - - name: 'test_project1' - - name: 'test_project2' - - name: 'test_program2' - subresources: - - name: 'projects' - subresources: - - name: 'test_project3' - - - # "Sheepdog admin" resources - - name: 'services' - subresources: - - name: 'sheepdog' - subresources: - - name: 'submission' - subresources: - - name: 'program' - - name: 'project' - - name: 'indexd' - subresources: - - name: 'admin' - - name: 'bundles' - - name: audit - subresources: - - name: presigned_url - - name: login - - - - name: 'open' - - # action/methods: - # create, read, update, delete, read-storage, write-storage, - # file_upload, access + - name: projects + subresources: + - name: MyFirstProject + + policies: + - id: workspace + description: be able to use workspace + resource_paths: + - /workspace + role_ids: + - workspace_user + - id: data_upload + description: upload raw data files to S3 + role_ids: + - file_uploader + resource_paths: + - /data_file + - id: services.sheepdog-admin + description: CRUD access to programs and projects + role_ids: + - sheepdog_admin + resource_paths: + - /services/sheepdog/submission/program + - /services/sheepdog/submission/project + - id: indexd_admin + description: full access to indexd API + role_ids: + - indexd_admin + resource_paths: + - /programs + - id: open_data_reader + role_ids: + - peregrine_reader + - guppy_reader + - fence_storage_reader + resource_paths: + - /open + - id: all_programs_reader + role_ids: + - peregrine_reader + - guppy_reader + - fence_storage_reader + resource_paths: + - /programs + - id: MyFirstProject_submitter + role_ids: + - reader + - creator + - updater + - deleter + - storage_reader + - storage_writer + resource_paths: + - /programs/MyFirstProgram/projects/MyFirstProject + roles: - # General Access - - id: 'file_uploader' - description: 'can upload data files' - permissions: - - id: 'file_upload' - action: - service: '*' - method: 'file_upload' - - id: 'workspace_user' - permissions: - - id: 'workspace_access' - action: - service: 'jupyterhub' - method: 'access' - - id: 'dashboard_user' - permissions: - - id: 'dashboard_access' - action: - service: 'dashboard' - method: 'access' - - id: 'mds_user' - permissions: - - id: 'mds_access' - action: - service: 'mds_gateway' - method: 'access' - - id: 'prometheus_user' - permissions: - - id: 'prometheus_access' - action: - service: 'prometheus' - method: 'access' - - id: 'ttyadmin_user' - permissions: - - id: 'ttyadmin_access' - action: - service: 'ttyadmin' - method: 'access' - - id: 'sower_user' - permissions: - - id: 'sower_access' - action: - service: 'job' - method: 'access' - - id: 'mariner_admin' - permissions: - - id: 'mariner_access' - action: - service: 'mariner' - method: 'access' - - id: audit_reader - permissions: - - id: audit_reader_action - action: - service: audit - method: read - - # All services - - id: 'admin' - description: '' - permissions: - - id: 'admin' - action: - service: '*' - method: '*' - - id: 'creator' - description: '' - permissions: - - id: 'creator' - action: - service: '*' - method: 'create' - - id: 'reader' - description: '' - permissions: - - id: 'reader' - action: - service: '*' - method: 'read' - - id: 'updater' - description: '' - permissions: - - id: 'updater' - action: - service: '*' - method: 'update' - - id: 'deleter' - description: '' - permissions: - - id: 'deleter' - action: - service: '*' - method: 'delete' - - id: 'storage_writer' - description: '' - permissions: - - id: 'storage_writer' - action: - service: '*' - method: 'write-storage' - - id: 'storage_reader' - description: '' - permissions: - - id: 'storage_reader' - action: - service: '*' - method: 'read-storage' - - - # Sheepdog admin role - - id: 'sheepdog_admin' - description: 'sheepdog admin role for program project crud' - permissions: - - id: 'sheepdog_admin_action' - action: - service: 'sheepdog' - method: '*' - - - # indexd - - id: 'indexd_admin' - # this only works if indexd.arborist is enabled in manifest! - description: 'full access to indexd API' - permissions: - - id: 'indexd_admin' - action: - service: 'indexd' - method: '*' - - id: 'indexd_record_creator' - description: '' - permissions: - - id: 'indexd_record_creator' - action: - service: 'indexd' - method: 'create' - - id: 'indexd_record_reader' - description: '' - permissions: - - id: 'indexd_record_reader' - action: - service: 'indexd' - method: 'read' - - id: 'indexd_record_updater' - description: '' - permissions: - - id: 'indexd_record_updater' - action: - service: 'indexd' - method: 'update' - - id: 'indexd_delete_record' - description: '' - permissions: - - id: 'indexd_delete_record' - action: - service: 'indexd' - method: 'delete' - - id: 'indexd_storage_reader' - description: '' - permissions: - - id: 'indexd_storage_reader' - action: - service: 'indexd' - method: 'read-storage' - - id: 'indexd_storage_writer' - description: '' - permissions: - - id: 'indexd_storage_writer' - action: - service: 'indexd' - method: 'write-storage' - - # arborist - - id: 'arborist_creator' - description: '' - permissions: - - id: 'arborist_creator' - action: - service: 'arborist' - method: 'create' - - id: 'arborist_reader' - description: '' - permissions: - - id: 'arborist_reader' - action: - service: 'arborist' - method: 'read' - - id: 'arborist_updater' - description: '' - permissions: - - id: 'arborist_updater' - action: - service: 'arborist' - method: 'update' - - id: 'arborist_deleter' - description: '' - permissions: - - id: 'arborist_deleter' - action: - service: 'arborist' - method: 'delete' - - # requestor - - id: requestor_admin - permissions: - - id: requestor_admin_action + - id: file_uploader + permissions: + - id: file_upload + action: + service: fence + method: file_upload + - id: workspace_user + permissions: + - id: workspace_access + action: + service: jupyterhub + method: access + - id: sheepdog_admin + description: CRUD access to programs and projects + permissions: + - id: sheepdog_admin_action + action: + service: sheepdog + method: '*' + - id: indexd_admin + description: full access to indexd API + permissions: + - id: indexd_admin + action: + service: indexd + method: '*' + - id: admin + permissions: + - id: admin action: - service: requestor + service: '*' method: '*' - - id: requestor_reader - permissions: - - id: requestor_reader_action - action: - service: requestor - method: read - - id: requestor_creator - permissions: - - id: requestor_creator_action + - id: creator + permissions: + - id: creator action: - service: requestor + service: '*' method: create - - id: requestor_updater - permissions: - - id: requestor_updater_action + - id: reader + permissions: + - id: reader + action: + service: '*' + method: read + - id: updater + permissions: + - id: updater action: - service: requestor + service: '*' method: update - - id: requestor_deleter - permissions: - - id: requestor_deleter_action + - id: deleter + permissions: + - id: deleter action: - service: requestor + service: '*' method: delete - # argo - - id: argo_user - permissions: - - id: argo_access - action: - service: argo - method: access + - id: storage_writer + permissions: + - id: storage_creator + action: + service: '*' + method: write-storage + - id: storage_reader + permissions: + - id: storage_reader + action: + service: '*' + method: read-storage + - id: peregrine_reader + permissions: + - id: peregrine_reader + action: + method: read + service: peregrine + - id: guppy_reader + permissions: + - id: guppy_reader + action: + method: read + service: guppy + - id: fence_storage_reader + permissions: + - id: fence_storage_reader + action: + method: read-storage + service: fence clients: - basic-test-client: - policies: - - abc-admin - - gen3-admin - basic-test-abc-client: - policies: - - abc-admin wts: policies: - all_programs_reader - - workspace + - open_data_reader users: - ### BEGIN INTERNS SECTION ### - ### END INTERNS SECTION ### - qureshi@uchicago.edu: - admin: true + username1@gmail.com: {} + username2: + tags: + name: John Doe + email: johndoe@gmail.com policies: - - data_upload - - workspace - - dashboard - - mds_admin - - prometheus - - sower - - services.sheepdog-admin - - programs.QA-admin - - programs.test-admin - - programs.DEV-admin - - programs.jnkns-admin - - indexd_admin - - ttyadmin - projects: - - auth_id: QA - privilege: [create, read, update, delete, upload, read-storage] - - auth_id: test - privilege: [create, read, update, delete, upload, read-storage] - - auth_id: DEV - privilege: [create, read, update, delete, upload, read-storage] - - auth_id: jenkins - privilege: [create, read, update, delete, upload, read-storage] - - auth_id: jenkins2 - privilege: [create, read, update, delete, upload, read-storage] - - auth_id: jnkns - privilege: [create, read, update, delete, upload, read-storage] + - MyFirstProject_submitter + + cloud_providers: {} + groups: {} # -- (map) Public configuration settings for Fence app FENCE_CONFIG_PUBLIC: {} diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 54cdc771..278de71a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.23 + version: 0.1.24 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.45 +version: 0.1.46 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 7dc8787e..3038a36a 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.45](https://img.shields.io/badge/Version-0.1.45-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.46](https://img.shields.io/badge/Version-0.1.46-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -25,7 +25,7 @@ Helm chart to deploy Gen3 Data Commons | file://../aws-es-proxy | aws-es-proxy | 0.1.10 | | file://../common | common | 0.1.14 | | file://../etl | etl | 0.1.3 | -| file://../fence | fence | 0.1.23 | +| file://../fence | fence | 0.1.24 | | file://../frontend-framework | frontend-framework | 0.1.3 | | file://../guppy | guppy | 0.1.13 | | file://../hatchery | hatchery | 0.1.10 | From b22f250aec63536a6558258ae759eb83a77c1be8 Mon Sep 17 00:00:00 2001 From: Aidan Hilt <11202897+AidanHilt@users.noreply.github.com> Date: Tue, 12 Nov 2024 16:52:47 -0500 Subject: [PATCH 252/279] Network Policies (#211) * First commit of netpolicies, now that it's working locally, let's break it in unfunded * Adding an s3: yes label to peregrine * Fixing typo in ssjdispatcher's netpolicy * Updating netpolicy names * Figured out why things weren't working, so blocked some stuff behind a feature flag, and cleaned up some values files elsewhere * Updating some labels for network policies * Do not understand how that happened * Well, that was embarassing * Postfix * Added the VPC netpolicy * Adding a beta flag to net policies * First commit of netpolicies, now that it's working locally, let's break it in unfunded * Adding an s3: yes label to peregrine * Fixing typo in ssjdispatcher's netpolicy * Updating netpolicy names * Figured out why things weren't working, so blocked some stuff behind a feature flag, and cleaned up some values files elsewhere * Updating some labels for network policies * Do not understand how that happened * Well, that was embarassing * Postfix * Added the VPC netpolicy * Adding a beta flag to net policies * Updating the common version ambassador points to * Need to update the common chart version everywhere * Just updating versioning * More version bumps * Trying an experiment * Think this is it * Still a little confused * Worst. Linter. Ever * Linter should be happy * Bumping versions * Need to update dependencies too * Update default netpol values, documentation * Fixing formatting for linter --- .pre-commit-config.yaml | 42 +- .secrets.baseline | 770 +++--------------- helm/alloy/Chart.yaml | 2 +- helm/alloy/README.md | 4 +- helm/ambassador/Chart.yaml | 8 +- helm/ambassador/README.md | 6 +- helm/ambassador/templates/deployment.yaml | 3 + helm/arborist/Chart.yaml | 16 +- helm/arborist/README.md | 8 +- helm/arborist/templates/deployment.yaml | 3 + helm/arborist/templates/netpolicy.yaml | 1 + helm/arborist/values.yaml | 11 +- helm/argo-wrapper/Chart.yaml | 8 +- helm/argo-wrapper/README.md | 12 +- helm/argo-wrapper/templates/netpolicy.yaml | 5 + helm/argo-wrapper/values.yaml | 53 +- helm/audit/Chart.yaml | 16 +- helm/audit/README.md | 11 +- helm/audit/templates/netpolicy.yaml | 9 + helm/audit/values.yaml | 51 +- helm/aws-es-proxy/Chart.yaml | 8 +- helm/aws-es-proxy/README.md | 10 +- helm/aws-es-proxy/templates/netpolicy.yaml | 5 + helm/aws-es-proxy/values.yaml | 24 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 8 +- .../common/templates/_netpolicy_templates.tpl | 68 ++ helm/common/values.yaml | 10 +- helm/dicom-server/Chart.yaml | 8 +- helm/dicom-server/README.md | 7 +- helm/dicom-server/templates/netpolicy.yaml | 1 + helm/dicom-server/values.yaml | 4 +- helm/dicom-viewer/Chart.yaml | 8 +- helm/dicom-viewer/README.md | 6 +- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 4 +- helm/faro-collector/Chart.yaml | 2 +- helm/faro-collector/README.md | 4 +- helm/fence/Chart.yaml | 16 +- helm/fence/README.md | 8 +- helm/fence/templates/fence-deployment.yaml | 3 + helm/fence/templates/netpolicy.yaml | 1 + helm/fence/templates/presigned-url-fence.yaml | 6 +- helm/fence/values.yaml | 367 ++++----- helm/frontend-framework/Chart.yaml | 8 +- helm/frontend-framework/README.md | 10 +- helm/frontend-framework/values.yaml | 39 +- helm/gen3/Chart.yaml | 222 ++--- helm/gen3/README.md | 57 +- helm/gen3/values.yaml | 64 +- helm/guppy/Chart.yaml | 8 +- helm/guppy/README.md | 8 +- helm/guppy/values.yaml | 44 +- helm/hatchery/Chart.yaml | 8 +- helm/hatchery/README.md | 9 +- helm/hatchery/templates/deployment.yaml | 3 + helm/hatchery/values.yaml | 80 +- helm/indexd/Chart.yaml | 17 +- helm/indexd/README.md | 11 +- helm/indexd/templates/deployment.yaml | 1 + helm/indexd/templates/netpolicy.yaml | 9 + helm/indexd/values.yaml | 58 +- helm/manifestservice/Chart.yaml | 8 +- helm/manifestservice/README.md | 6 +- .../manifestservice/templates/deployment.yaml | 6 +- helm/metadata/Chart.yaml | 24 +- helm/metadata/README.md | 8 +- helm/metadata/templates/deployment.yaml | 7 +- helm/metadata/templates/netpolicy.yaml | 1 + helm/metadata/values.yaml | 35 +- helm/neuvector/Chart.yaml | 2 +- helm/neuvector/README.md | 4 +- helm/observability/Chart.yaml | 2 +- helm/observability/README.md | 4 +- helm/peregrine/Chart.yaml | 17 +- helm/peregrine/README.md | 11 +- helm/peregrine/templates/deployment.yaml | 2 + helm/peregrine/templates/netpolicy.yaml | 9 + helm/peregrine/values.yaml | 33 +- helm/pidgin/Chart.yaml | 8 +- helm/pidgin/README.md | 8 +- helm/pidgin/values.yaml | 34 +- helm/portal/Chart.yaml | 8 +- helm/portal/README.md | 8 +- helm/portal/templates/deployment.yaml | 2 +- helm/portal/values.yaml | 49 +- helm/requestor/Chart.yaml | 17 +- helm/requestor/README.md | 8 +- helm/requestor/templates/netpolicy.yaml | 1 + helm/requestor/values.yaml | 34 +- helm/revproxy/Chart.yaml | 8 +- helm/revproxy/README.md | 11 +- helm/revproxy/templates/netpolicy.yaml | 61 ++ helm/revproxy/values.yaml | 27 +- helm/sheepdog/Chart.yaml | 16 +- helm/sheepdog/README.md | 8 +- helm/sheepdog/templates/deployment.yaml | 8 +- helm/sheepdog/templates/netpolicy.yaml | 1 + helm/sheepdog/values.yaml | 34 +- helm/sower/Chart.yaml | 8 +- helm/sower/README.md | 11 +- helm/sower/templates/deployment.yaml | 6 +- helm/sower/templates/netpolicy.yaml | 22 + helm/sower/values.yaml | 240 +++--- helm/ssjdispatcher/Chart.yaml | 8 +- helm/ssjdispatcher/README.md | 8 +- helm/ssjdispatcher/templates/deployment.yaml | 4 +- helm/ssjdispatcher/templates/netpolicy.yaml | 14 + helm/ssjdispatcher/values.yaml | 37 +- helm/wts/Chart.yaml | 16 +- helm/wts/README.md | 8 +- helm/wts/templates/deployment.yaml | 6 +- helm/wts/values.yaml | 12 +- wip/gen3-network-policies/.helmignore | 23 + wip/gen3-network-policies/Chart.yaml | 9 + .../templates/_helpers.tpl | 62 ++ .../templates/allow_nothing_netpolicy.yaml | 11 + .../templates/allowdns_netpolicy.yaml | 19 + .../templates/argo_workflows_netpolicy.yaml | 35 + .../templates/argocd_netpolicy.yaml | 34 + .../templates/auth_netpolicy.yaml | 27 + .../dev_elasticsearch_netpolicy.yaml | 29 + .../templates/dev_kube_api_netpolicy.yaml | 18 + .../templates/dev_postgres_netpolicy.yaml | 29 + .../templates/external_egress_netpolicy.yaml | 22 + .../templates/gen3job_netpolicy.yaml | 26 + .../templates/jh_netpolicy.yaml | 42 + .../templates/linklocal_netpolicy.yaml | 14 + .../templates/nolimit_netpolicy.yaml | 12 + .../templates/public_netpolicy.yaml | 38 + .../templates/s3_netpolicy.yaml | 12 + .../templates/vpc_netpolicy.yaml | 14 + wip/gen3-network-policies/values.yaml | 29 + 133 files changed, 2040 insertions(+), 1672 deletions(-) create mode 100644 helm/arborist/templates/netpolicy.yaml create mode 100644 helm/argo-wrapper/templates/netpolicy.yaml create mode 100644 helm/audit/templates/netpolicy.yaml create mode 100644 helm/aws-es-proxy/templates/netpolicy.yaml create mode 100644 helm/common/templates/_netpolicy_templates.tpl create mode 100644 helm/dicom-server/templates/netpolicy.yaml create mode 100644 helm/fence/templates/netpolicy.yaml create mode 100644 helm/indexd/templates/netpolicy.yaml create mode 100644 helm/metadata/templates/netpolicy.yaml create mode 100644 helm/peregrine/templates/netpolicy.yaml create mode 100644 helm/requestor/templates/netpolicy.yaml create mode 100644 helm/revproxy/templates/netpolicy.yaml create mode 100644 helm/sheepdog/templates/netpolicy.yaml create mode 100644 helm/sower/templates/netpolicy.yaml create mode 100644 helm/ssjdispatcher/templates/netpolicy.yaml create mode 100644 wip/gen3-network-policies/.helmignore create mode 100644 wip/gen3-network-policies/Chart.yaml create mode 100644 wip/gen3-network-policies/templates/_helpers.tpl create mode 100644 wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/allowdns_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/argocd_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/auth_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/external_egress_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/gen3job_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/jh_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/linklocal_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/nolimit_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/public_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/s3_netpolicy.yaml create mode 100644 wip/gen3-network-policies/templates/vpc_netpolicy.yaml create mode 100644 wip/gen3-network-policies/values.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3e2d2565..a993cb61 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: git@github.com:Yelp/detect-secrets - rev: v0.13.1 + rev: v1.5.0 hooks: - id: detect-secrets args: ["--baseline", ".secrets.baseline"] @@ -9,28 +9,28 @@ repos: hooks: - id: no-commit-to-branch args: [--branch, develop, --branch, master, --pattern, release/.*] - + # - repo: https://github.com/gruntwork-io/pre-commit # rev: v0.1.17 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases # hooks: # - id: helmlint - - repo: local - hooks: - - id: helm-docs - args: ["-c", "helm"] - description: Uses 'helm-docs' to create documentation from the Helm chart's 'values.yaml' file, and inserts the result into a corresponding 'README.md' file. - entry: git-hook/helm-docs.sh - language: script - name: Helm Docs - require_serial: true - - - repo: local - hooks: - - id: helm-chart-bump - args: [] - description: Updates the .Chart.yaml with updates version if there are changes since master branch. This is to ensure we bump our charts for updates. - entry: git-hook/helm-bump.sh - language: script - name: Helm Docs - require_serial: true \ No newline at end of file + - repo: local + hooks: + - id: helm-docs + args: ["-c", "helm"] + description: Uses 'helm-docs' to create documentation from the Helm chart's 'values.yaml' file, and inserts the result into a corresponding 'README.md' file. + entry: git-hook/helm-docs.sh + language: script + name: Helm Docs + require_serial: true + + - repo: local + hooks: + - id: helm-chart-bump + args: [] + description: Updates the .Chart.yaml with updates version if there are changes since master branch. This is to ensure we bump our charts for updates. + entry: git-hook/helm-bump.sh + language: script + name: Helm Docs + require_serial: true diff --git a/.secrets.baseline b/.secrets.baseline index 67c46195..c48bf693 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -1,19 +1,18 @@ { - "exclude": { - "files": "^.secrets.baseline$", - "lines": null - }, - "generated_at": "2024-11-08T15:48:27Z", + "version": "1.5.0", "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, { "name": "AWSKeyDetector" }, { - "name": "ArtifactoryDetector" + "name": "AzureStorageKeyDetector" }, { - "base64_limit": 4.5, - "name": "Base64HighEntropyString" + "name": "Base64HighEntropyString", + "limit": 4.5 }, { "name": "BasicAuthDetector" @@ -22,8 +21,17 @@ "name": "CloudantDetector" }, { - "hex_limit": 3, - "name": "HexHighEntropyString" + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 }, { "name": "IbmCloudIamDetector" @@ -31,719 +39,135 @@ { "name": "IbmCosHmacDetector" }, + { + "name": "IPPublicDetector" + }, { "name": "JwtTokenDetector" }, { - "keyword_exclude": null, - "name": "KeywordDetector" + "name": "KeywordDetector", + "keyword_exclude": "" }, { "name": "MailchimpDetector" }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, { "name": "PrivateKeyDetector" }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, { "name": "SlackDetector" }, { "name": "SoftlayerDetector" }, + { + "name": "SquareOAuthDetector" + }, { "name": "StripeDetector" }, + { + "name": "TelegramBotTokenDetector" + }, { "name": "TwilioKeyDetector" } ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.gibberish.should_exclude_secret", + "limit": 3.7 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], "results": { - "README.md": [ - { - "hashed_secret": "64ab0c1d3edc1c8c166351207b840ac7b2a90523", - "is_secret": false, - "is_verified": false, - "line_number": 59, - "type": "Secret Keyword" - } - ], - "docs/CONFIGURATION.md": [ - { - "hashed_secret": "64ab0c1d3edc1c8c166351207b840ac7b2a90523", - "is_secret": true, - "is_verified": false, - "line_number": 135, - "type": "Secret Keyword" - }, - { - "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", - "is_secret": true, - "is_verified": false, - "line_number": 301, - "type": "Secret Keyword" - } - ], - "docs/PREREQUISITES.md": [ - { - "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", - "is_secret": false, - "is_verified": false, - "line_number": 92, - "type": "Secret Keyword" - } - ], - "docs/databases.md": [ - { - "hashed_secret": "de469a49b80aa4bb9aed52a9eda64dea425dff69", - "is_secret": true, - "is_verified": false, - "line_number": 22, - "type": "Secret Keyword" - }, - { - "hashed_secret": "ac0fedaac180de6bd70a97b711692a92dade479e", - "is_secret": false, - "is_verified": false, - "line_number": 38, - "type": "Secret Keyword" - } - ], - "docs/kubernetes-in-docker.md": [ - { - "hashed_secret": "5320294d100314ce19330d99abada8c26c4993a3", - "is_secret": false, - "is_verified": false, - "line_number": 96, - "type": "Secret Keyword" - } - ], - "examples/gke_dev_values.yaml": [ - { - "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", - "is_secret": false, - "is_verified": false, - "line_number": 13, - "type": "Secret Keyword" - } - ], - "examples/gke_values.yaml": [ - { - "hashed_secret": "75cb4c02576c9abae38fadc84bc832f2af203f3e", - "is_secret": true, - "is_verified": false, - "line_number": 14, - "type": "Secret Keyword" - } - ], - "helm/arborist/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 51, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 70, - "type": "Secret Keyword" - } - ], - "helm/audit/README.md": [ - { - "hashed_secret": "a04a85e28ae4f699c0f8d014ad41160c9b9206f0", - "is_secret": false, - "is_verified": false, - "line_number": 36, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 61, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 82, - "type": "Secret Keyword" - } - ], - "helm/common/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 25, - "type": "Secret Keyword" - } - ], - "helm/common/templates/_postgres_secrets.tpl": [ - { - "hashed_secret": "07b87392697bbdd9d97f6cd887f901820a0150df", - "is_secret": false, - "is_verified": false, - "line_number": 34, - "type": "Secret Keyword" - }, - { - "hashed_secret": "e343239977fa87adac52528619fc6bf2e1a82ee7", - "is_secret": false, - "is_verified": false, - "line_number": 62, - "type": "Secret Keyword" - } - ], - "helm/dicom-server/README.md": [ - { - "hashed_secret": "b47233f6f28e9716c72d5eba0278edea3a24baad", - "is_secret": false, - "is_verified": false, - "line_number": 35, - "type": "Secret Keyword" - }, - { - "hashed_secret": "3f6d5580af2ddf647ca25346aa6ec9c434577d05", - "is_secret": false, - "is_verified": false, - "line_number": 51, - "type": "Secret Keyword" - } - ], - "helm/dicom-server/values.yaml": [ - { - "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", - "is_secret": false, - "is_verified": false, - "line_number": 81, - "type": "Secret Keyword" - } - ], - "helm/fence/README.md": [ - { - "hashed_secret": "7f57cb0116aa983d9844a39f6da9244cf98036b1", - "is_secret": false, - "is_verified": false, - "line_number": 90, - "type": "Secret Keyword" - }, - { - "hashed_secret": "b266a6d0f00bb36f6b98134bf4cec71f2d7943a3", - "is_secret": false, - "is_verified": false, - "line_number": 100, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 124, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 152, - "type": "Secret Keyword" - }, - { - "hashed_secret": "5c5a68077af6fa84424411537dda76467f993a83", - "is_secret": false, - "is_verified": false, - "line_number": 198, - "type": "Secret Keyword" - } - ], - "helm/fence/fence-secret/config_helper.py": [ - { - "hashed_secret": "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f", - "is_secret": false, - "is_verified": false, - "line_number": 66, - "type": "Basic Auth Credentials" - } - ], - "helm/fence/fence-secret/fence_settings.py": [ - { - "hashed_secret": "3ef0fb8a603abdc0b6caac44a23fdc6792f77ddf", - "is_secret": false, - "is_verified": false, - "line_number": 6, - "type": "Basic Auth Credentials" - }, - { - "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3", - "is_secret": false, - "is_verified": false, - "line_number": 58, - "type": "Secret Keyword" - }, - { - "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", - "is_secret": false, - "is_verified": false, - "line_number": 80, - "type": "Basic Auth Credentials" - } - ], - "helm/fence/templates/fence-creds.yaml": [ - { - "hashed_secret": "c2dae5a3c7ce218639b38d8a0256f02fe81d439e", - "is_secret": false, - "is_verified": false, - "line_number": 11, - "type": "Secret Keyword" - }, - { - "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c", - "is_secret": false, - "is_verified": false, - "line_number": 14, - "type": "Secret Keyword" - }, - { - "hashed_secret": "8db3b325254b6389ca194d829d2fc923dc0a945d", - "is_secret": false, - "is_verified": false, - "line_number": 15, - "type": "Secret Keyword" - } - ], - "helm/fence/values.yaml": [ - { - "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db", - "is_secret": false, - "is_verified": false, - "line_number": 1295, - "type": "Secret Keyword" - } - ], - "helm/frontend-framework/README.md": [ - { - "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab", - "is_secret": false, - "is_verified": false, - "line_number": 48, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 50, - "type": "Secret Keyword" - } - ], - "helm/gen3/README.md": [ - { - "hashed_secret": "7422c958ec5a8e5f87c9e81cdf426ef0e193332c", - "is_secret": false, - "is_verified": false, - "line_number": 83, - "type": "Secret Keyword" - }, - { - "hashed_secret": "1740c48fa3141d4851b14f97e3bc0f46f7670672", - "is_secret": false, - "is_verified": false, - "line_number": 121, - "type": "Secret Keyword" - } - ], - "helm/gen3/values.yaml": [ - { - "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", - "is_secret": false, - "is_verified": false, - "line_number": 198, - "type": "Secret Keyword" - } - ], - "helm/guppy/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 57, - "type": "Secret Keyword" - } - ], - "helm/hatchery/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 44, - "type": "Secret Keyword" - }, - { - "hashed_secret": "e94cc2a86b04ad4ddc98fcbf91ed236437939d47", - "is_secret": false, - "is_verified": false, - "line_number": 52, - "type": "Secret Keyword" - } - ], - "helm/hatchery/values.yaml": [ - { - "hashed_secret": "9b5925ea817163740dfb287a9894e8ab3aba2c18", - "is_secret": false, - "is_verified": false, - "line_number": 190, - "type": "Secret Keyword" - } - ], - "helm/indexd/README.md": [ - { - "hashed_secret": "167402961a8c8a8b3764e865e865efa9ada95369", - "is_secret": false, - "is_verified": false, - "line_number": 27, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 51, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 71, - "type": "Secret Keyword" - }, - { - "hashed_secret": "1cc98556e7b1353c7bd08344f9190808b0d3d6d4", - "is_secret": true, - "is_verified": false, - "line_number": 105, - "type": "Secret Keyword" - } - ], - "helm/indexd/indexd-settings/local_settings.py": [ - { - "hashed_secret": "0a0d18c85e096611b5685b62bc60ec534d19bacc", - "is_secret": false, - "is_verified": false, - "line_number": 60, - "type": "Basic Auth Credentials" - } - ], - "helm/manifestservice/README.md": [ - { - "hashed_secret": "cc524de4657898e872ff46e0a9256f4e186cdfe6", - "is_secret": false, - "is_verified": false, - "line_number": 33, - "type": "Secret Keyword" - }, - { - "hashed_secret": "611f2e9064b518afdb23f201321f39029dd28917", - "is_secret": false, - "is_verified": false, - "line_number": 83, - "type": "Secret Keyword" - } - ], - "helm/manifestservice/templates/manifestservice-creds.yaml": [ - { - "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", - "is_secret": false, - "is_verified": false, - "line_number": 13, - "type": "Secret Keyword" - } - ], - "helm/metadata/README.md": [ - { - "hashed_secret": "cbdb7939a61698c9c866ea614399ef7eb7770c68", - "is_secret": false, - "is_verified": false, - "line_number": 46, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 70, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 90, - "type": "Secret Keyword" - } - ], - "helm/peregrine/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 51, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 68, - "type": "Secret Keyword" - }, - { - "hashed_secret": "7d4e263f1ae83868444f5327219830493a7d1486", - "is_secret": false, - "is_verified": false, - "line_number": 100, - "type": "Secret Keyword" - } - ], - "helm/peregrine/peregrine-secret/config_helper.py": [ - { - "hashed_secret": "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f", - "is_secret": false, - "is_verified": false, - "line_number": 66, - "type": "Basic Auth Credentials" - } - ], - "helm/peregrine/peregrine-secret/settings.py": [ - { - "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", - "is_secret": false, - "is_verified": false, - "line_number": 45, - "type": "Basic Auth Credentials" - } - ], - "helm/pidgin/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 54, - "type": "Secret Keyword" - }, - { - "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", - "is_secret": false, - "is_verified": false, - "line_number": 66, - "type": "Secret Keyword" - } - ], "helm/portal/README.md": [ { + "type": "Base64 High Entropy String", + "filename": "helm/portal/README.md", "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", - "is_secret": false, "is_verified": false, - "line_number": 35, - "type": "Base64 High Entropy String" + "line_number": 34 }, { + "type": "Base64 High Entropy String", + "filename": "helm/portal/README.md", "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", - "is_secret": false, - "is_verified": false, - "line_number": 39, - "type": "Base64 High Entropy String" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, "is_verified": false, - "line_number": 58, - "type": "Secret Keyword" + "line_number": 39 } ], "helm/portal/values.yaml": [ { + "type": "Base64 High Entropy String", + "filename": "helm/portal/values.yaml", "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 472, - "type": "Base64 High Entropy String" + "line_number": 473 }, { + "type": "Base64 High Entropy String", + "filename": "helm/portal/values.yaml", "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 475, - "type": "Base64 High Entropy String" - } - ], - "helm/requestor/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 60, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 84, - "type": "Secret Keyword" - } - ], - "helm/revproxy/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 46, - "type": "Secret Keyword" - }, - { - "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e", - "is_secret": false, - "is_verified": false, - "line_number": 74, - "type": "Secret Keyword" + "line_number": 475 } ], "helm/revproxy/nginx/helpers.js": [ { + "type": "Base64 High Entropy String", + "filename": "helm/revproxy/nginx/helpers.js", "hashed_secret": "1d278d3c888d1a2fa7eed622bfc02927ce4049af", - "is_secret": false, - "is_verified": false, - "line_number": 10, - "type": "Base64 High Entropy String" - } - ], - "helm/sheepdog/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 60, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 76, - "type": "Secret Keyword" - } - ], - "helm/sheepdog/sheepdog-secret/config_helper.py": [ - { - "hashed_secret": "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f", - "is_secret": false, - "is_verified": false, - "line_number": 66, - "type": "Basic Auth Credentials" - } - ], - "helm/sheepdog/sheepdog-secret/settings.py": [ - { - "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3", - "is_secret": false, - "is_verified": false, - "line_number": 38, - "type": "Basic Auth Credentials" - } - ], - "helm/sower/README.md": [ - { - "hashed_secret": "3d4368cd822c4a36144c2bcc8cb8e90b63c7e5fe", - "is_secret": false, - "is_verified": false, - "line_number": 34, - "type": "Secret Keyword" - }, - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 57, - "type": "Secret Keyword" - } - ], - "helm/sower/templates/pelican-creds.yaml": [ - { - "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", - "is_secret": false, - "is_verified": false, - "line_number": 14, - "type": "Secret Keyword" - } - ], - "helm/ssjdispatcher/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 54, - "type": "Secret Keyword" - }, - { - "hashed_secret": "0c86d58792b32e1d12af733a0614837ff9002014", - "is_secret": false, - "is_verified": false, - "line_number": 110, - "type": "Secret Keyword" - } - ], - "helm/ssjdispatcher/templates/ssjdispatcher-secret.yaml": [ - { - "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5", - "is_secret": false, - "is_verified": false, - "line_number": 23, - "type": "Secret Keyword" - } - ], - "helm/ssjdispatcher/values.yaml": [ - { - "hashed_secret": "13d9ed7e3d69f1b6330dff80bc4658931708eddc", - "is_secret": false, - "is_verified": false, - "line_number": 219, - "type": "Secret Keyword" - } - ], - "helm/wts/README.md": [ - { - "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900", - "is_secret": false, - "is_verified": false, - "line_number": 49, - "type": "Secret Keyword" - }, - { - "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9", - "is_secret": false, - "is_verified": false, - "line_number": 71, - "type": "Secret Keyword" - } - ], - "skaffold.yaml": [ - { - "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3", - "is_secret": false, "is_verified": false, - "line_number": 30, - "type": "Secret Keyword" + "line_number": 10 } ] }, - "version": "0.13.1", - "word_list": { - "file": null, - "hash": null - } + "generated_at": "2024-11-11T22:26:01Z" } diff --git a/helm/alloy/Chart.yaml b/helm/alloy/Chart.yaml index 3ebd99ee..32399d2d 100644 --- a/helm/alloy/Chart.yaml +++ b/helm/alloy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/alloy/README.md b/helm/alloy/README.md index 5ff407d1..7b910464 100644 --- a/helm/alloy/README.md +++ b/helm/alloy/README.md @@ -1,6 +1,6 @@ # alloy -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for deploying Grafana Alloy @@ -28,3 +28,5 @@ A Helm chart for deploying Grafana Alloy | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"us-east-1a"` | | | alloy.controller.type | string | `"deployment"` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 7ff947a9..41fcca74 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.12 appVersion: "1.4.2" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index cc66f836..864fc6f4 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -57,3 +57,5 @@ A Helm chart for deploying ambassador for gen3 | tolerations | list | `[]` | Tolerations to use for the deployment. | | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml index 8b2cb2d8..6caaa168 100644 --- a/helm/ambassador/templates/deployment.yaml +++ b/helm/ambassador/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + netnolimit: "yes" + public: "yes" + userhelper: "yes" {{- include "ambassador.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 555c11fa..89ce9343 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,10 +24,10 @@ version: 0.1.12 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 87670b6c..35052045 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -43,7 +43,7 @@ A Helm chart for gen3 arborist | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -102,3 +102,5 @@ A Helm chart for gen3 arborist | volumeMounts | list | `[]` | Volume mounts to attach to the container | | volumes | list | `[]` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/arborist/templates/deployment.yaml b/helm/arborist/templates/deployment.yaml index 4b31f3a5..4f04a80b 100644 --- a/helm/arborist/templates/deployment.yaml +++ b/helm/arborist/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + authprovider: "yes" + dbarborist: "yes" + public: "yes" {{- include "arborist.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/arborist/templates/netpolicy.yaml b/helm/arborist/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/arborist/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml index f49035ef..32cb516a 100644 --- a/helm/arborist/values.yaml +++ b/helm/arborist/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -103,7 +103,6 @@ postgresql: # -- (bool) Option to persist the dbs data. enabled: false - # -- (int) Number of replicas for the deployment. replicaCount: 1 @@ -144,7 +143,8 @@ podSecurityContext: # fsGroup: 2000 # -- (map) Security context to apply to the container -securityContext: {} +securityContext: + {} # -- (map) Linux capabilities to drop # capabilities: @@ -216,7 +216,6 @@ env: - name: JWKS_ENDPOINT value: "http://fence-service/.well-known/jwks" - # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index b43e8925..9adfd19c 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.8 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 0507e7fc..0e128b22 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -31,6 +31,9 @@ A Helm chart for gen3 Argo Wrapper Service | environment | string | `"default"` | Environment name. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.netPolicy | bool | `{"dbSubnet":"","enabled":false}` | Global flags to control and manage network policies for a Gen3 installation NOTE: Network policies are currently a beta feature. Use with caution! | +| global.netPolicy.dbSubnet | array | `""` | A CIDR range representing a database subnet, that services with a database need access to | +| global.netPolicy.enabled | bool | `false` | Whether network policies are enabled | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/argo-wrapper","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | @@ -39,6 +42,9 @@ A Helm chart for gen3 Argo Wrapper Service | indexdAdminUser | string | `"fence"` | Admin user for Indexd. | | internalS3Bucket | string | `"argo-internal-bucket"` | Name of the internal Argo bucket for Argo artifacts (does not allow pre-signed URLs). | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | +| netPolicy | map | `{"egressApps":["argo-wrapper"],"ingressApps":["argo-wrapper"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["argo-wrapper"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["argo-wrapper"]` | List of app labels that require ingress to this service | | partOf | string | `"Apps-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{"gen3.io/network-ingress":"argo-wrapper"}` | Annotations to add to the pod. | | pvc | string | `"test-pvc"` | PVC for Argo. | @@ -61,3 +67,5 @@ A Helm chart for gen3 Argo Wrapper Service | volumeMounts | list | `[{"mountPath":"/argo.json","name":"argo-config","readOnly":true,"subPath":"argo.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/argo-wrapper/templates/netpolicy.yaml b/helm/argo-wrapper/templates/netpolicy.yaml new file mode 100644 index 00000000..0a469d51 --- /dev/null +++ b/helm/argo-wrapper/templates/netpolicy.yaml @@ -0,0 +1,5 @@ +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} \ No newline at end of file diff --git a/helm/argo-wrapper/values.yaml b/helm/argo-wrapper/values.yaml index e0045f6d..d1c90550 100644 --- a/helm/argo-wrapper/values.yaml +++ b/helm/argo-wrapper/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. @@ -11,6 +10,14 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (bool) Global flags to control and manage network policies for a Gen3 installation + # NOTE: Network policies are currently a beta feature. Use with caution! + netPolicy: + # -- (bool) Whether network policies are enabled + enabled: false + + # -- (array) A CIDR range representing a database subnet, that services with a database need access to + dbSubnet: "" # -- (bool) Whether Metrics are enabled. metricsEnabled: false @@ -52,20 +59,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - argo-wrapper - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - argo-wrapper + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Volumes to attach to the pod. volumes: @@ -108,12 +115,22 @@ service: # -- (int) The port number that the service exposes. port: 8000 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - argo-wrapper + + # -- (array) List of apps that this app requires egress to + egressApps: + - argo-wrapper + # Configmap # -- (list) The workflow scaling groups to be used by Argo. scalingGroups: -- user1: "workflow1" -- user2: "workflow2" -- user3: "workflow3" + - user1: "workflow1" + - user2: "workflow2" + - user3: "workflow3" # -- (string) S3 bucket name for Argo artifacts (allows pre-signed URLs). s3Bucket: "argo-artifact-downloadable" # -- (string) Name of the internal Argo bucket for Argo artifacts (does not allow pre-signed URLs). diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index b77dc25f..8a9fe516 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,10 +23,10 @@ version: 0.1.14 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/audit/README.md b/helm/audit/README.md index 3fc12b4b..faa4cd6e 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -53,7 +53,7 @@ A Helm chart for Kubernetes | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -75,6 +75,9 @@ A Helm chart for Kubernetes | initVolumeMounts | list | `[]` | Volumes to mount to the init container. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. This can be used to provide a unique name for a chart | +| netPolicy | map | `{"egressApps":["fence","presigned-url-fence"],"ingressApps":["fence","presigned-url-fence"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["fence","presigned-url-fence"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["fence","presigned-url-fence"]` | List of app labels that require ingress to this service | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Logging"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | @@ -120,3 +123,5 @@ A Helm chart for Kubernetes | volumeMounts | list | `[]` | Volumes to mount to the container. | | volumes | list | `[]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/audit/templates/netpolicy.yaml b/helm/audit/templates/netpolicy.yaml new file mode 100644 index 00000000..93949e3a --- /dev/null +++ b/helm/audit/templates/netpolicy.yaml @@ -0,0 +1,9 @@ +{{ include "common.db_netpolicy" . }} + +--- + +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} \ No newline at end of file diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml index 4e58d5aa..e8656e49 100644 --- a/helm/audit/values.yaml +++ b/helm/audit/values.yaml @@ -48,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -148,7 +149,8 @@ podAnnotations: {} podSecurityContext: {} # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: @@ -164,6 +166,17 @@ service: # -- (int) Port on which the service is exposed port: 80 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - fence + - presigned-url-fence + # -- (array) List of apps that this app requires egress to + egressApps: + - fence + - presigned-url-fence + # -- (map) Resource requests and limits for the containers in the pod resources: # -- (map) The amount of resources that the container requests @@ -191,7 +204,6 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 - # -- (map) Node Selector for the pods nodeSelector: {} @@ -203,20 +215,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - audit - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - audit + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Environment variables to pass to the container env: @@ -253,7 +265,8 @@ server: # -- (string) The URL for the SQS queue. url: "http://sqs.com" # -- (map) AWS credentials to access SQS queue. - AWS_CREDENTIALS: {} + AWS_CREDENTIALS: + {} # cred1: # aws_access_key_id: # aws_secret_access_key: diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index 4b3e15e7..a14f6b98 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.10 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 27fe4289..3166311f 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -33,12 +33,16 @@ A Helm chart for AWS ES Proxy Service for gen3 | global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any audit secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.netPolicy.enabled | bool | `false` | | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/aws-es-proxy","tag":""}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/aws-es-proxy"` | Docker repository. | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | +| netPolicy | map | `{"egressApps":["arranger","arranger-server","arranger-dashboard","guppy","metadata","spark","tube"],"ingressApps":["arranger","arranger-server","arranger-dashboard","guppy","metadata","spark","tube"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["arranger","arranger-server","arranger-dashboard","guppy","metadata","spark","tube"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["arranger","arranger-server","arranger-dashboard","guppy","metadata","spark","tube"]` | List of app labels that require ingress to this service | | partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `nil` | Annotations to add to the pod | | ports | list | `[{"containerPort":9200}]` | List of container ports | @@ -64,3 +68,5 @@ A Helm chart for AWS ES Proxy Service for gen3 | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | | volumes | list | `nil` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/aws-es-proxy/templates/netpolicy.yaml b/helm/aws-es-proxy/templates/netpolicy.yaml new file mode 100644 index 00000000..0a469d51 --- /dev/null +++ b/helm/aws-es-proxy/templates/netpolicy.yaml @@ -0,0 +1,5 @@ +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} \ No newline at end of file diff --git a/helm/aws-es-proxy/values.yaml b/helm/aws-es-proxy/values.yaml index b053eb5e..3a54b1b2 100644 --- a/helm/aws-es-proxy/values.yaml +++ b/helm/aws-es-proxy/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -24,6 +23,8 @@ global: deploy: false # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false + netPolicy: + enabled: false # -- (bool) Whether Metrics are enabled. metricsEnabled: false @@ -117,6 +118,27 @@ service: # -- (int) The port number that the service exposes. port: 9200 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - arranger + - arranger-server + - arranger-dashboard + - guppy + - metadata + - spark + - tube + # -- (array) List of apps that this app requires egress to + egressApps: + - arranger + - arranger-server + - arranger-dashboard + - guppy + - metadata + - spark + - tube + # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 428238e2..1e8308c6 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 6888a8c4..5fc9d467 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 @@ -18,7 +18,9 @@ A Helm chart for provisioning databases in gen3 | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"dbSubnets":[],"enabled":true}` | Configuration for network policies. | +| global.netPolicy.dbSubnets | array | `[]` | A list of subnets where databases reside. This is to enable access in production environments | +| global.netPolicy.enabled | bool | `true` | Whether or not to apply netpolicies | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | | global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | @@ -31,3 +33,5 @@ A Helm chart for provisioning databases in gen3 | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/common/templates/_netpolicy_templates.tpl b/helm/common/templates/_netpolicy_templates.tpl new file mode 100644 index 00000000..9613db41 --- /dev/null +++ b/helm/common/templates/_netpolicy_templates.tpl @@ -0,0 +1,68 @@ +{{/* + Templates for network policies that can be used by various subcharts +*/}} + +{{- define "common.db_netpolicy" -}} + {{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Chart.Name }}-db-netpolicy +spec: + egress: + {{- range .Values.global.netPolicy.dbSubnets }} + - to: + - ipBlock: + cidr: {{ . }} + {{- end }} + podSelector: + matchLabels: + app: {{ .Chart.Name }} + policyTypes: + - Egress + {{- end }} +{{- end }} + +{{ define "common.ingress_netpolicy" -}} + {{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Chart.Name }}-ingress-netpolicy +spec: + podSelector: + matchLabels: + app: {{ .Chart.Name }} + ingress: + - from: + - podSelector: + matchExpressions: + - key: app + operator: In + values: {{ toYaml .Values.netPolicy.ingressApps | nindent 12 }} + policyTypes: + - Ingress + {{- end }} +{{- end }} + +{{ define "common.egress_netpolicy" -}} + {{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Chart.Name }}-egress-netpolicy +spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: {{ toYaml .Values.netPolicy.ingressApps | nindent 6 }} + egress: + - to: + - podSelector: + matchLabels: + app: {{ .Chart.Name }} + policyTypes: + - Egress + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/common/values.yaml b/helm/common/values.yaml index 51b8616b..c30dfc91 100644 --- a/helm/common/values.yaml +++ b/helm/common/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -45,8 +44,13 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Configuration for network policies. + netPolicy: + # -- (bool) Whether or not to apply netpolicies + enabled: true + + # -- (array) A list of subnets where databases reside. This is to enable access in production environments + dbSubnets: [] # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index 9737e96a..f525ad97 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.9 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 644f3d32..78e0b4b4 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -23,6 +23,7 @@ A Helm chart for gen3 Dicom Server | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | +| global.netPolicy | map | `{"enabled":false}` | Settings for network policies | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | image | map | `{"pullPolicy":"Always","repository":"quay.io/cdis/gen3-orthanc","tag":"master"}` | Docker image information. | | image.pullPolicy | string | `"Always"` | Docker pull policy. | @@ -50,3 +51,5 @@ A Helm chart for gen3 Dicom Server | volumeMounts | list | `[{"mountPath":"/etc/orthanc/orthanc_config_overwrites.json","name":"config-volume-g3auto","readOnly":true,"subPath":"orthanc_config_overwrites.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/dicom-server/templates/netpolicy.yaml b/helm/dicom-server/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/dicom-server/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/dicom-server/values.yaml b/helm/dicom-server/values.yaml index 7bd4413c..81533e36 100644 --- a/helm/dicom-server/values.yaml +++ b/helm/dicom-server/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. @@ -11,6 +10,9 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) Settings for network policies + netPolicy: + enabled: false # -- (bool) Whether Metrics are enabled. metricsEnabled: false diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index f14ad58e..4123f9f1 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.9 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 141f8c65..3983a6e4 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -37,3 +37,5 @@ A Helm chart for gen3 Dicom Viewer | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 497180b1..7e5bcc3d 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index 4347fd4e..3d82c6e1 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -108,3 +108,5 @@ A Helm chart for gen3 etl | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/faro-collector/Chart.yaml b/helm/faro-collector/Chart.yaml index 3ebd99ee..32399d2d 100644 --- a/helm/faro-collector/Chart.yaml +++ b/helm/faro-collector/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/faro-collector/README.md b/helm/faro-collector/README.md index a01378de..97a65cde 100644 --- a/helm/faro-collector/README.md +++ b/helm/faro-collector/README.md @@ -1,6 +1,6 @@ # alloy -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for deploying Grafana Alloy @@ -30,3 +30,5 @@ A Helm chart for deploying Grafana Alloy | alloy.ingress.labels | object | `{}` | | | alloy.ingress.path | string | `"/"` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index f69ccd11..b57cb952 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.24 +version: 0.1.25 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,10 +23,10 @@ version: 0.1.24 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/fence/README.md b/helm/fence/README.md index 521aed4a..f9158f7e 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.24](https://img.shields.io/badge/Version-0.1.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -116,7 +116,7 @@ A Helm chart for gen3 Fence | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -197,3 +197,5 @@ A Helm chart for gen3 Fence | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"configMap":{"name":"manifest-fence","optional":true},"name":"config-volume-public"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index ba4ad72c..09484c52 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -21,6 +21,9 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + authprovider: "yes" + netnolimit: "yes" + userhelper: "yes" {{- include "fence.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/fence/templates/netpolicy.yaml b/helm/fence/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/fence/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index a4c5628f..3bb3d568 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -21,7 +21,11 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: - app: presigned-url-fence + app: "presigned-url-fence" + authprovder: "yes" + netnolimit: "yes" + public: "yes" + userhelper: "yes" spec: serviceAccountName: {{ include "fence.serviceAccountName" . }} volumes: diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml index 3919a20d..8cd72005 100644 --- a/helm/fence/values.yaml +++ b/helm/fence/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -61,8 +60,9 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -193,7 +193,8 @@ podSecurityContext: fsGroup: 101 # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -223,7 +224,6 @@ resources: # -- (string) The maximum amount of memory the container can use memory: 2Gi - # -- (map) Configuration for autoscaling the number of replicas autoscaling: # -- (bool) Whether autoscaling is enabled @@ -259,20 +259,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - fence - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - fence + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Environment variables to pass to the container env: @@ -731,7 +731,7 @@ FENCE_CONFIG_PUBLIC: {} # -- (map) Private configuration settings for Fence app FENCE_CONFIG: # -- (string) Name of the Fence app - APP_NAME: 'Gen3 Data Commons' + APP_NAME: "Gen3 Data Commons" # -- (string) A URL-safe base64-encoded 32-byte key for encrypting keys in db # in python you can use the following script to generate one: @@ -779,7 +779,7 @@ FENCE_CONFIG: ENABLE_CSRF_PROTECTION: true # -- (str) signing key for WTForms to sign CSRF tokens with - WTF_CSRF_SECRET_KEY: '{{ENCRYPTION_KEY}}' + WTF_CSRF_SECRET_KEY: "{{ENCRYPTION_KEY}}" # -- (bool) fence (at the moment) attempts a migration on startup. setting this to false will disable that # WARNING: ONLY set to false if you do NOT want to automatically migrate your database. @@ -789,7 +789,6 @@ FENCE_CONFIG: # NOTE: We are working to improve the migration process in the near future ENABLE_DB_MIGRATION: true - # -- (dict) Configurations for OpenID Connect (OIDC) authentication # - Fully configure at least one client so login works # - WARNING: Be careful changing the *_ALLOWED_SCOPES as you can break basic @@ -797,32 +796,32 @@ FENCE_CONFIG: OPENID_CONNECT: # any OIDC IDP that does not differ from the generic implementation can be # configured without code changes - generic_oidc_idp: # choose a unique ID and replace this key + generic_oidc_idp: # choose a unique ID and replace this key # -- (str) Optional; display name for this IDP - name: 'some_idp' + name: "some_idp" # -- (str) Client ID - client_id: '' + client_id: "" # -- (str) Client secret - client_secret: '' + client_secret: "" # -- (str) Redirect URL for this IDP - redirect_url: '{{BASE_URL}}/login/some_idp/login' # replace IDP name + redirect_url: "{{BASE_URL}}/login/some_idp/login" # replace IDP name # use `discovery` to configure IDPs that do not expose a discovery # endpoint. One of `discovery_url` or `discovery` should be configured # -- (str) URL of the OIDC discovery endpoint for the IDP - discovery_url: 'https://server.com/.well-known/openid-configuration' + discovery_url: "https://server.com/.well-known/openid-configuration" discovery: # -- (str) Authorization endpoint URL - authorization_endpoint: '' + authorization_endpoint: "" # -- (str) Token endpoint URL - token_endpoint: '' + token_endpoint: "" # -- (str) JSON Web Key Set (JWKS) URI - jwks_uri: '' + jwks_uri: "" # -- (str) Optional; claims field to get the user_id from (default "sub") - user_id_field: '' + user_id_field: "" # -- (str) Optional; claims field to get the user email from (default "email") - email_field: '' + email_field: "" # -- (str) Optional; default is "openid" - scope: '' + scope: "" # These Google values must be obtained from Google's Cloud Console # Follow: https://developers.google.com/identity/protocols/OpenIDConnect # @@ -832,24 +831,24 @@ FENCE_CONFIG: # -- (dict) Configuration for Google authentication provider google: # -- (str) URL of the OIDC discovery endpoint for Google - discovery_url: 'https://accounts.google.com/.well-known/openid-configuration' + discovery_url: "https://accounts.google.com/.well-known/openid-configuration" # -- (str) Client ID - client_id: '' + client_id: "" # -- (str) Client secret - client_secret: '' + client_secret: "" # -- (str) The allowed redirect back to fence, should not need to change - redirect_url: '{{BASE_URL}}/login/google/login/' + redirect_url: "{{BASE_URL}}/login/google/login/" # -- (str) The scope to request from Google (default "openid email") - scope: 'openid email' + scope: "openid email" # if mock is true, will fake a successful login response from Google in /login/google # NOTE: this will also modify the behavior of /link/google endpoints # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) # will login as the username set in cookie DEV_LOGIN_COOKIE_NAME or default provided # here # -- (str) Optional; defaults to '{{MOCK_GOOGLE_AUTH}}' for backwards compatibility with older cfg files - mock: '' + mock: "" # -- (str) Optional; defaults to 'test@example.com' - mock_default_user: 'test@example.com' + mock_default_user: "test@example.com" # -- (dict): Contains multi-tenant Fence configuration # Support for multi-tenant fence (another fence is this fence's IDP) @@ -859,40 +858,40 @@ FENCE_CONFIG: # -- (str): Root URL for the other fence # this api_base_url should be the root url for the OTHER fence # something like: https://example.com - api_base_url: '' + api_base_url: "" # -- (str): ID of the client of this fence on the other fence # this client_id and client_secret should be obtained by registering THIS fence as # a new client of the OTHER fence - client_id: '' + client_id: "" # -- (str): Secret of the client of this fence on the other fence - client_secret: '' + client_secret: "" # -- dict: Additional client parameters client_kwargs: # -- (str): Space-separated string of scopes # openid is required to use OIDC flow - scope: 'openid' + scope: "openid" # -- (str): The URL to which the other fence will redirect after logging in - redirect_uri: '{{BASE_URL}}/login/fence/login' + redirect_uri: "{{BASE_URL}}/login/fence/login" # -- (str): URL for authorization endpoint of the other fence # The next 3 should not need to be changed if the provider is following # Oauth2 endpoint naming conventions - authorize_url: '{{api_base_url}}/oauth2/authorize' + authorize_url: "{{api_base_url}}/oauth2/authorize" # -- (str): URL for access token endpoint of the other fence - access_token_url: '{{api_base_url}}/oauth2/token' + access_token_url: "{{api_base_url}}/oauth2/token" # -- (str): URL for refresh token endpoint of the other fence - refresh_token_url: '{{api_base_url}}/oauth2/token' + refresh_token_url: "{{api_base_url}}/oauth2/token" # -- (str): Name of the provider for consent screens # Custom name to display for consent screens. If not provided, will use `fence`. # If the other fence is using NIH Login, you should make name: `NIH Login` - name: '' + name: "" # -- (bool): Whether to mock a successful login response for testing purposes # if mock is true, will fake a successful login response for login @@ -900,72 +899,72 @@ FENCE_CONFIG: mock: false # -- (str): Default user for mock login - mock_default_user: 'test@example.com' + mock_default_user: "test@example.com" # -- (str): URL of the shibboleth discovery endpoint if needed for InCommon login # this is needed to enable InCommon login, if some LOGIN_OPTIONS are configured with idp=fence and a list of shib_idps: - shibboleth_discovery_url: 'https://login.bionimbus.org/Shibboleth.sso/DiscoFeed' + shibboleth_discovery_url: "https://login.bionimbus.org/Shibboleth.sso/DiscoFeed" orcid: - discovery_url: 'https://orcid.org/.well-known/openid-configuration' - client_id: '' - client_secret: '' + discovery_url: "https://orcid.org/.well-known/openid-configuration" + client_id: "" + client_secret: "" # make sure you put the FULL url for this deployment in the allowed redirects in # ORCID.org. DO NOT include {{BASE_URL}} at ORCID.org, you need to actually put the # full url - redirect_url: '{{BASE_URL}}/login/orcid/login/' - scope: 'openid' + redirect_url: "{{BASE_URL}}/login/orcid/login/" + scope: "openid" # if mock is true, will fake a successful login response for login # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) mock: false - mock_default_user: '0000-0002-2601-8132' + mock_default_user: "0000-0002-2601-8132" ras: - discovery_url: 'https://sts.nih.gov/.well-known/openid-configuration' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/ras/callback' - scope: 'openid email profile ga4gh_passport_v1' + discovery_url: "https://sts.nih.gov/.well-known/openid-configuration" + client_id: "" + client_secret: "" + redirect_url: "{{BASE_URL}}/login/ras/callback" + scope: "openid email profile ga4gh_passport_v1" # if mock is true, will fake a successful login response for login # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) mock: false - mock_default_user: 'test@example.com' + mock_default_user: "test@example.com" # Create a client in Azure here: # https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview # Currently supports organizational account only, so when registering a new App in # Azure, make sure to select the `Accounts in any organizational directory` for # supported account types. microsoft: - discovery_url: 'https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration' + discovery_url: "https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration" # after registering a new appl, client_id can be found as # "APPLICATION (CLIENT) ID" in Microsoft Azure - client_id: '' + client_id: "" # You have a generate a secret in Azure for this app, there should be a # "Certificates & secrets" section where you can create a "New client secret" - client_secret: '' + client_secret: "" # make sure you put the FULL url for this deployment in the allowed redirects in # your app in Azure. DO NOT include {{BASE_URL}} in Azure, you need to actually put the # full url - redirect_url: '{{BASE_URL}}/login/microsoft/login/' - scope: 'openid email' + redirect_url: "{{BASE_URL}}/login/microsoft/login/" + scope: "openid email" # if mock is true, will fake a successful login response for login # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) mock: false - mock_default_user: 'test@example.com' + mock_default_user: "test@example.com" # For information on configuring an Okta tenant as an OIDC IdP refer to Okta documentation at: # https://developer.okta.com/docs/reference/api/oidc/#2-okta-as-the-identity-platform-for-your-app-or-api okta: - discovery_url: '' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/okta/login/' - scope: 'openid email' + discovery_url: "" + client_id: "" + client_secret: "" + redirect_url: "{{BASE_URL}}/login/okta/login/" + scope: "openid email" cognito: # You must create a user pool in order to have a discovery url - discovery_url: 'https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration' - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/cognito/login/' - scope: 'openid email' + discovery_url: "https://cognito-idp.{REGION}.amazonaws.com/{USER-POOL-ID}/.well-known/openid-configuration" + client_id: "" + client_secret: "" + redirect_url: "{{BASE_URL}}/login/cognito/login/" + scope: "openid email" # In the case where Cognito is being used solely as an intermediary to a single IdP, # and that IdP is a SAML IdP with no 'email_verified' outgoing claim, but it is safe # to assume all emails from this SAML IdP are in fact verified, we may set this to True @@ -973,28 +972,28 @@ FENCE_CONFIG: # CILogon subscribers can create and manage OIDC clients using COmanage Registry. # Free tier users may request OIDC clients at https://cilogon.org/oauth2/register cilogon: - discovery_url: 'https://cilogon.org/.well-known/openid-configuration' - client_id: '' - client_secret: '' + discovery_url: "https://cilogon.org/.well-known/openid-configuration" + client_id: "" + client_secret: "" # When registering the Callback URLs for your CILogon OIDC client be # sure to include the FULL url for this deployment, including the https:// scheme # and server FQDN. - redirect_url: '{{BASE_URL}}/login/cilogon/login/' - scope: 'openid email profile' + redirect_url: "{{BASE_URL}}/login/cilogon/login/" + scope: "openid email profile" # if mock is true, will fake a successful login response for login # WARNING: DO NOT ENABLE IN PRODUCTION (for testing purposes only) mock: false - mock_default_user: 'http://cilogon.org/serverT/users/64703' + mock_default_user: "http://cilogon.org/serverT/users/64703" synapse: - discovery_url: '' - client_id: '' - client_secret: '' - redirect_url: '' - scope: 'openid' + discovery_url: "" + client_id: "" + client_secret: "" + redirect_url: "" + scope: "openid" shibboleth: - client_id: '' - client_secret: '' - redirect_url: '{{BASE_URL}}/login/shib/login' + client_id: "" + client_secret: "" + redirect_url: "{{BASE_URL}}/login/shib/login" # these are the *possible* scopes a client can be given, NOT scopes that are # given to all clients. You can be more restrictive during client creation @@ -1008,7 +1007,6 @@ FENCE_CONFIG: - "google_link" - "ga4gh_passport_v1" - # -- (list) these are the scopes that CAN be included in a user's own access_token USER_ALLOWED_SCOPES: - "fence" @@ -1021,7 +1019,6 @@ FENCE_CONFIG: - "google_link" - "ga4gh_passport_v1" - # -- (list) these are the scopes that a browser session can create for a user (very similar to USER_ALLOWED_SCOPES, as the session will actually create access_tokens for an actively logged in user) SESSION_ALLOWED_SCOPES: - "openid" @@ -1054,15 +1051,15 @@ FENCE_CONFIG: # be used by the frontend to display secondary buttons differently). # -- (list) List of enabled login options (used by data-portal to display login buttons). LOGIN_OPTIONS: - - name: 'Login from Google' - desc: 'description' + - name: "Login from Google" + desc: "description" idp: google # -- (string) Default login provider. - must be configured in LOGIN_OPTIONS and OPENID_CONNECT - - if several options in LOGIN_OPTIONS are defined for this IDP, will default to the first one DEFAULT_LOGIN_IDP: google # -- (string) Default login URL: DEPRECATED and replaced by LOGIN_OPTIONS + DEFAULT_LOGIN_IDP configs - DEFAULT_LOGIN_URL: '{{BASE_URL}}/login/google' + DEFAULT_LOGIN_URL: "{{BASE_URL}}/login/google" # `LOGIN_REDIRECT_WHITELIST` is a list of extra whitelisted URLs which can be redirected # to by the `/login/*` endpoints. Fence automatically populates this with the redirect @@ -1074,7 +1071,6 @@ FENCE_CONFIG: ### DEPRECATED and replaced by OPENID_CONNECT + LOGIN_OPTIONS configs ENABLED_IDENTITY_PROVIDERS: {} - # ////////////////////////////////////////////////////////////////////////////////////// # LIBRARY CONFIGURATION (authlib & flask) # - Already contains reasonable defaults @@ -1082,16 +1078,15 @@ FENCE_CONFIG: # authlib-specific configs for OIDC flow and JWTs # NOTE: the OAUTH2_JWT_KEY cfg gets set automatically by fence if keys are setup # correctly - OAUTH2_JWT_ALG: 'RS256' + OAUTH2_JWT_ALG: "RS256" OAUTH2_JWT_ENABLED: true - OAUTH2_JWT_ISS: '{{BASE_URL}}' - OAUTH2_PROVIDER_ERROR_URI: '/api/oauth2/errors' + OAUTH2_JWT_ISS: "{{BASE_URL}}" + OAUTH2_PROVIDER_ERROR_URI: "/api/oauth2/errors" # used for flask, "path mounted under by the application / web server" # since we deploy as microservices, fence is typically under {{base}}/user # this is also why our BASE_URL default ends in /user - APPLICATION_ROOT: '/user' - + APPLICATION_ROOT: "/user" # ////////////////////////////////////////////////////////////////////////////////////// # Tokens, Lifetimes, & Expirations @@ -1189,9 +1184,9 @@ FENCE_CONFIG: # - Contains defaults for using NIH's Login. # ////////////////////////////////////////////////////////////////////////////////////// # assumes shibboleth is deployed under {{BASE_URL}}/shibboleth - SHIBBOLETH_HEADER: 'persistent_id' - SSO_URL: 'https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=' - ITRUST_GLOBAL_LOGOUT: 'https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=' + SHIBBOLETH_HEADER: "persistent_id" + SSO_URL: "https://auth.nih.gov/affwebservices/public/saml2sso?SPID={{BASE_URL}}/shibboleth&RelayState=" + ITRUST_GLOBAL_LOGOUT: "https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=" # ////////////////////////////////////////////////////////////////////////////////////// # dbGaP USER SYNCING SUPPORT @@ -1204,13 +1199,13 @@ FENCE_CONFIG: # fence's README for more information dbGaP: - info: - host: '' - username: '' - password: '' + host: "" + username: "" + password: "" port: 22 - proxy: '' - protocol: 'sftp' - decrypt_key: '' + proxy: "" + protocol: "sftp" + decrypt_key: "" # parse out the consent from the dbgap accession number such that something # like "phs000123.v1.p1.c2" becomes "phs000123.c2". # @@ -1230,7 +1225,7 @@ FENCE_CONFIG: # subsequently gives access to an Arborist resource representing this common area # as well) study_common_exchange_areas: - 'example': 'test_common_exchange_area' + "example": "test_common_exchange_area" # 'studyX': 'test_common_exchange_area' # 'studyY': 'test_common_exchange_area' # 'studyZ': 'test_common_exchange_area' @@ -1238,8 +1233,8 @@ FENCE_CONFIG: # actual data lives in. For example, `studyX` data may exist in multiple organizations, so # we need to know how to map authorization to all orgs resources study_to_resource_namespaces: - '_default': ['/'] - 'test_common_exchange_area': ['/dbgap/'] + "_default": ["/"] + "test_common_exchange_area": ["/dbgap/"] # above are for default support and exchange area support # below are further examples # @@ -1254,7 +1249,7 @@ FENCE_CONFIG: # Will NOT MATCH forms like: phs000123 # # WARNING: Do not change this without consulting the code that uses it - DBGAP_ACCESSION_WITH_CONSENT_REGEX: '(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)' + DBGAP_ACCESSION_WITH_CONSENT_REGEX: "(?Pphs[0-9]+)(.(?Pv[0-9]+)){0,1}(.(?Pp[0-9]+)){0,1}.(?Pc[0-9]+)" # ////////////////////////////////////////////////////////////////////////////////////// # STORAGE BACKENDS AND CREDENTIALS @@ -1332,7 +1327,7 @@ FENCE_CONFIG: # `DATA_UPLOAD_BUCKET` specifies an S3 bucket to which data files are uploaded, # using the `/data/upload` endpoint. This must be one of the first keys under # `S3_BUCKETS` (since these are the buckets fence has credentials for). - DATA_UPLOAD_BUCKET: 'bucket1' + DATA_UPLOAD_BUCKET: "bucket1" # ////////////////////////////////////////////////////////////////////////////////////// # PROXY @@ -1354,9 +1349,9 @@ FENCE_CONFIG: INDEXD: http://indexd-service # this is the username which fence uses to make authenticated requests to indexd - INDEXD_USERNAME: 'fence' + INDEXD_USERNAME: "fence" # this is the password which fence uses to make authenticated requests to indexd - INDEXD_PASSWORD: '' + INDEXD_PASSWORD: "" # ////////////////////////////////////////////////////////////////////////////////////// # AZURE STORAGE BLOB CONFIGURATION @@ -1370,13 +1365,13 @@ FENCE_CONFIG: # AZ_BLOB_CONTAINER_URL: 'https://storageaccount.blob.core.windows.net/container/' # this is the container used for uploading, and should match the storage account # used in the connection string for AZ_BLOB_CREDENTIALS - AZ_BLOB_CONTAINER_URL: 'https://myfakeblob.blob.core.windows.net/my-fake-container/' + AZ_BLOB_CONTAINER_URL: "https://myfakeblob.blob.core.windows.net/my-fake-container/" # url where authz microservice is running ARBORIST: http://arborist-service # url where the audit-service is running - AUDIT_SERVICE: 'http://audit-service' + AUDIT_SERVICE: "http://audit-service" ENABLE_AUDIT_LOGS: presigned_url: false login: false @@ -1399,20 +1394,20 @@ FENCE_CONFIG: # Setting this up allows fence to create buckets, manage Google groups, etc. # See directions here for setting up cirrus: https://github.com/uc-cdis/cirrus CIRRUS_CFG: - GOOGLE_API_KEY: '' - GOOGLE_PROJECT_ID: '' - GOOGLE_APPLICATION_CREDENTIALS: '' - GOOGLE_STORAGE_CREDS: '' - GOOGLE_ADMIN_EMAIL: '' - GOOGLE_IDENTITY_DOMAIN: '' - GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL: '' + GOOGLE_API_KEY: "" + GOOGLE_PROJECT_ID: "" + GOOGLE_APPLICATION_CREDENTIALS: "" + GOOGLE_STORAGE_CREDS: "" + GOOGLE_ADMIN_EMAIL: "" + GOOGLE_IDENTITY_DOMAIN: "" + GOOGLE_CLOUD_IDENTITY_ADMIN_EMAIL: "" # Prefix to namespace Google Groups on a single Cloud Identity (see cirrus # setup for more info on Cloud Identity) # # NOTE: Make this short! Less than 8 characters if possible. Google has # length restrictions on group names. - GOOGLE_GROUP_PREFIX: '' + GOOGLE_GROUP_PREFIX: "" # Prefix to namespace Google Service Accounts in a single Google Cloud Platform Project. # This is primarily to support multiple instances of fence references the same Google @@ -1420,7 +1415,7 @@ FENCE_CONFIG: # # NOTE: Make this short! Less than 8 characters if possible. Google has # length restrictions on service account names. - GOOGLE_SERVICE_ACCOUNT_PREFIX: '' + GOOGLE_SERVICE_ACCOUNT_PREFIX: "" # A Google Project identitifier representing the default project to bill to for # accessing Google Requester Pays buckets (for signed urls and/or temporary service account @@ -1459,17 +1454,17 @@ FENCE_CONFIG: # # NOTE: Example in comments below GUN_MAIL: - 'datacommons.io': - smtp_hostname: 'smtp.mailgun.org' - api_key: '' - default_login: 'postmaster@mailgun.example.com' - api_url: 'https://api.mailgun.net/v3/mailgun.example.com' - smtp_password: '' + "datacommons.io": + smtp_hostname: "smtp.mailgun.org" + api_key: "" + default_login: "postmaster@mailgun.example.com" + api_url: "https://api.mailgun.net/v3/mailgun.example.com" + smtp_password: "" # For emails regarding users certificates - EMAIL_SERVER: 'localhost' - SEND_FROM: 'example@gmail.com' - SEND_TO: 'example@gmail.com' + EMAIL_SERVER: "localhost" + SEND_FROM: "example@gmail.com" + SEND_TO: "example@gmail.com" # ////////////////////////////////////////////////////////////////////////////////////// # DATA ACCESS: GOOGLE LINKING & SERVICE ACCOUNT REGISTRATION @@ -1500,9 +1495,9 @@ FENCE_CONFIG: REMOVE_SERVICE_ACCOUNT_EMAIL_NOTIFICATION: enable: false # this domain MUST exist in GUN_MAIL config - domain: 'example.com' - from: 'do-not-reply@example.com' - subject: 'User service account removal notification' + domain: "example.com" + from: "do-not-reply@example.com" + subject: "User service account removal notification" # the {} gets replaced dynamically in the Python code to be the Project ID content: > Service accounts were removed from access control data because some users or @@ -1513,13 +1508,13 @@ FENCE_CONFIG: # # WARNING: This is NOT a bcc so the email is visible to the end-user admin: - - 'admin@example.edu' + - "admin@example.edu" PROBLEM_USER_EMAIL_NOTIFICATION: # this domain MUST exist in GUN_MAIL config - domain: 'example.com' - from: 'do-not-reply@example.com' - subject: 'Account access error notification' + domain: "example.com" + from: "do-not-reply@example.com" + subject: "Account access error notification" # the {} gets replaced dynamically in the Python code to be the Project ID content: > The Data Commons Framework utilizes dbGaP for data access authorization. @@ -1531,55 +1526,55 @@ FENCE_CONFIG: # # WARNING: This is NOT a bcc so the email is visible to the end-user admin: - - 'admin@example.edu' + - "admin@example.edu" # Service account email domains that represent a service account that Google owns. # These are usually created when a sepcific GCP service is enabled. # This is used for Service Account Validation for Data Access. GOOGLE_MANAGED_SERVICE_ACCOUNT_DOMAINS: - - 'dataflow-service-producer-prod.iam.gserviceaccount.com' - - 'cloudbuild.gserviceaccount.com' - - 'cloud-ml.google.com.iam.gserviceaccount.com' - - 'container-engine-robot.iam.gserviceaccount.com' - - 'dataflow-service-producer-prod.iam.gserviceaccount.com' - - 'sourcerepo-service-accounts.iam.gserviceaccount.com' - - 'dataproc-accounts.iam.gserviceaccount.com' - - 'gae-api-prod.google.com.iam.gserviceaccount.com' - - 'genomics-api.google.com.iam.gserviceaccount.com' - - 'containerregistry.iam.gserviceaccount.com' - - 'container-analysis.iam.gserviceaccount.com' - - 'cloudservices.gserviceaccount.com' - - 'stackdriver-service.iam.gserviceaccount.com' - - 'appspot.gserviceaccount.com' - - 'partnercontent.gserviceaccount.com' - - 'trifacta-gcloud-prod.iam.gserviceaccount.com' - - 'gcf-admin-robot.iam.gserviceaccount.com' - - 'compute-system.iam.gserviceaccount.com' - - 'gcp-sa-websecurityscanner.iam.gserviceaccount.com' - - 'storage-transfer-service.iam.gserviceaccount.com' - - 'firebase-sa-management.iam.gserviceaccount.com' - - 'firebase-rules.iam.gserviceaccount.com' - - 'gcp-sa-cloudbuild.iam.gserviceaccount.com' - - 'gcp-sa-automl.iam.gserviceaccount.com' - - 'gcp-sa-datalabeling.iam.gserviceaccount.com' - - 'gcp-sa-cloudscheduler.iam.gserviceaccount.com' + - "dataflow-service-producer-prod.iam.gserviceaccount.com" + - "cloudbuild.gserviceaccount.com" + - "cloud-ml.google.com.iam.gserviceaccount.com" + - "container-engine-robot.iam.gserviceaccount.com" + - "dataflow-service-producer-prod.iam.gserviceaccount.com" + - "sourcerepo-service-accounts.iam.gserviceaccount.com" + - "dataproc-accounts.iam.gserviceaccount.com" + - "gae-api-prod.google.com.iam.gserviceaccount.com" + - "genomics-api.google.com.iam.gserviceaccount.com" + - "containerregistry.iam.gserviceaccount.com" + - "container-analysis.iam.gserviceaccount.com" + - "cloudservices.gserviceaccount.com" + - "stackdriver-service.iam.gserviceaccount.com" + - "appspot.gserviceaccount.com" + - "partnercontent.gserviceaccount.com" + - "trifacta-gcloud-prod.iam.gserviceaccount.com" + - "gcf-admin-robot.iam.gserviceaccount.com" + - "compute-system.iam.gserviceaccount.com" + - "gcp-sa-websecurityscanner.iam.gserviceaccount.com" + - "storage-transfer-service.iam.gserviceaccount.com" + - "firebase-sa-management.iam.gserviceaccount.com" + - "firebase-rules.iam.gserviceaccount.com" + - "gcp-sa-cloudbuild.iam.gserviceaccount.com" + - "gcp-sa-automl.iam.gserviceaccount.com" + - "gcp-sa-datalabeling.iam.gserviceaccount.com" + - "gcp-sa-cloudscheduler.iam.gserviceaccount.com" # The types of service accounts that are allowed to be registered at # /google/service_accounts endpoints ALLOWED_USER_SERVICE_ACCOUNT_DOMAINS: # compute engine default service account - - 'developer.gserviceaccount.com' + - "developer.gserviceaccount.com" # app engine default service account - - 'appspot.gserviceaccount.com' + - "appspot.gserviceaccount.com" # user-managed service account - - 'iam.gserviceaccount.com' + - "iam.gserviceaccount.com" # Synapse integration and DREAM challenge mapping. Team is from Synapse, and group is # providing the actual permission in Arborist. User will be added to the group for TTL # seconds if the team matches. - DREAM_CHALLENGE_TEAM: 'DREAM' - DREAM_CHALLENGE_GROUP: 'DREAM' - SYNAPSE_URI: 'https://repo-prod.prod.sagebase.org/auth/v1' + DREAM_CHALLENGE_TEAM: "DREAM" + DREAM_CHALLENGE_GROUP: "DREAM" + SYNAPSE_URI: "https://repo-prod.prod.sagebase.org/auth/v1" SYNAPSE_JWKS_URI: # deprecated, use the discovery_url in the OPENID_CONNECT block for the synapse client SYNAPSE_DISCOVERY_URL: @@ -1594,14 +1589,14 @@ FENCE_CONFIG: # If user registers, add them to configured Arborist group; idea is that the Arborist group # will have access to download data. REGISTER_USERS_ON: false - REGISTERED_USERS_GROUP: '' + REGISTERED_USERS_GROUP: "" # RAS refresh_tokens expire in 15 days RAS_REFRESH_EXPIRATION: 1296000 # List of JWT issuers from which Fence will accept GA4GH visas GA4GH_VISA_ISSUER_ALLOWLIST: - - '{{BASE_URL}}' - - 'https://sts.nih.gov' - - 'https://stsstg.nih.gov' + - "{{BASE_URL}}" + - "https://sts.nih.gov" + - "https://stsstg.nih.gov" # Number of projects that can be registered to a Google Service Accont SERVICE_ACCOUNT_LIMIT: 6 @@ -1617,4 +1612,4 @@ FENCE_CONFIG: fallback_to_dbgap_sftp: false visa_types: ras: ["https://ras.nih.gov/visas/v1", "https://ras.nih.gov/visas/v1.1"] - RAS_USERINFO_ENDPOINT: '/openid/connect/v1.1/userinfo' + RAS_USERINFO_ENDPOINT: "/openid/connect/v1.1/userinfo" diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 38c7a43d..1a48668b 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.3 appVersion: "develop" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 9c86f89c..3cc82305 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -31,7 +31,7 @@ A Helm chart for the gen3 frontend framework | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | env | list | `[]` | List of environment variables to add to the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":true,"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | +| global | map | `{"aws":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false},"dev":true,"dictionaryUrl":"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json","dispatcherJobNum":10,"environment":"default","hostname":"localhost","kubeBucket":"kube-gen3","logsBucket":"logs-gen3","netPolicy":{"enabled":false},"portalApp":"gitops","postgres":{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}},"publicDataSets":true,"revproxyArn":"arn:aws:acm:us-east-1:123456:certificate","syncFromDbgap":false,"tierAccessLevel":"libre","userYamlS3Path":"s3://cdis-gen3-users/test/user.yaml"}` | Global configuration options. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | | global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | | global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | @@ -43,7 +43,7 @@ A Helm chart for the gen3 frontend framework | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres | map | `{"dbCreate":true,"master":{"host":null,"password":null,"port":"5432","username":"postgres"}}` | Postgres database configuration. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -91,3 +91,5 @@ A Helm chart for the gen3 frontend framework | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 02f8d7b7..88df372c 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -49,8 +49,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`. tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: 10 @@ -92,11 +93,13 @@ serviceAccount: podAnnotations: {} # -- (map) Security context to apply to the pod -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Security context to apply to the container -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -149,20 +152,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - frontend-framework - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - frontend-framework + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 278de71a..3705e149 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -4,116 +4,120 @@ description: Helm chart to deploy Gen3 Data Commons # Dependencies dependencies: -- name: ambassador - version: 0.1.12 - repository: "file://../ambassador" - condition: ambassador.enabled -- name: arborist - version: 0.1.12 - repository: "file://../arborist" - condition: arborist.enabled -- name: argo-wrapper - version: 0.1.8 - repository: "file://../argo-wrapper" - condition: argo-wrapper.enabled -- name: audit - version: 0.1.14 - repository: "file://../audit" - condition: audit.enabled -- name: aws-es-proxy - version: 0.1.10 - repository: "file://../aws-es-proxy" - condition: aws-es-proxy.enabled -- name: common - version: 0.1.14 - repository: file://../common -- name: etl - version: 0.1.3 - repository: file://../etl - condition: etl.enabled -- name: frontend-framework - version: 0.1.3 - repository: "file://../frontend-framework" - condition: frontend-framework.enabled -- name: fence - version: 0.1.24 - repository: "file://../fence" - condition: fence.enabled -- name: guppy - version: 0.1.13 - repository: "file://../guppy" - condition: guppy.enabled -- name: hatchery - version: 0.1.10 - repository: "file://../hatchery" - condition: hatchery.enabled -- name: indexd - version: 0.1.15 - repository: "file://../indexd" - condition: indexd.enabled -- name: manifestservice - version: 0.1.15 - repository: "file://../manifestservice" - condition: manifestservice.enabled -- name: metadata - version: 0.1.14 - repository: "file://../metadata" - condition: metadata.enabled -- name: peregrine - version: 0.1.14 - repository: "file://../peregrine" - condition: peregrine.enabled -- name: pidgin - version: 0.1.11 - repository: "file://../pidgin" - condition: pidgin.enabled -- name: portal - version: 0.1.19 - repository: "file://../portal" - condition: portal.enabled -- name: requestor - version: 0.1.13 - repository: "file://../requestor" - condition: requestor.enabled -- name: revproxy - version: 0.1.17 - repository: "file://../revproxy" - condition: revproxy.enabled -- name: sheepdog - version: 0.1.15 - repository: "file://../sheepdog" - condition: sheepdog.enabled -- name: ssjdispatcher - version: 0.1.11 - repository: "file://../ssjdispatcher" - condition: ssjdispatcher.enabled -- name: sower - version: 0.1.13 - condition: sower.enabled - repository: "file://../sower" -- name: wts - version: 0.1.15 - repository: "file://../wts" - condition: wts.enabled + - name: ambassador + version: 0.1.15 + repository: "file://../ambassador" + condition: ambassador.enabled + - name: arborist + version: 0.1.13 + repository: "file://../arborist" + condition: arborist.enabled + - name: argo-wrapper + version: 0.1.9 + repository: "file://../argo-wrapper" + condition: argo-wrapper.enabled + - name: audit + version: 0.1.15 + repository: "file://../audit" + condition: audit.enabled + - name: aws-es-proxy + version: 0.1.12 + repository: "file://../aws-es-proxy" + condition: aws-es-proxy.enabled + - name: common + version: 0.1.15 + repository: file://../common + - name: etl + version: 0.1.4 + repository: file://../etl + condition: etl.enabled + - name: frontend-framework + version: 0.1.4 + repository: "file://../frontend-framework" + condition: frontend-framework.enabled + - name: fence + version: 0.1.25 + repository: "file://../fence" + condition: fence.enabled + - name: guppy + version: 0.1.15 + repository: "file://../guppy" + condition: guppy.enabled + - name: hatchery + version: 0.1.11 + repository: "file://../hatchery" + condition: hatchery.enabled + - name: indexd + version: 0.1.16 + repository: "file://../indexd" + condition: indexd.enabled + - name: manifestservice + version: 0.1.16 + repository: "file://../manifestservice" + condition: manifestservice.enabled + - name: metadata + version: 0.1.15 + repository: "file://../metadata" + condition: metadata.enabled + - name: peregrine + version: 0.1.15 + repository: "file://../peregrine" + condition: peregrine.enabled + - name: pidgin + version: 0.1.12 + repository: "file://../pidgin" + condition: pidgin.enabled + - name: portal + version: 0.1.20 + repository: "file://../portal" + condition: portal.enabled + - name: requestor + version: 0.1.14 + repository: "file://../requestor" + condition: requestor.enabled + - name: revproxy + version: 0.1.18 + repository: "file://../revproxy" + condition: revproxy.enabled + - name: sheepdog + version: 0.1.17 + repository: "file://../sheepdog" + condition: sheepdog.enabled + - name: ssjdispatcher + version: 0.1.12 + repository: "file://../ssjdispatcher" + condition: ssjdispatcher.enabled + - name: sower + version: 0.1.14 + condition: sower.enabled + repository: "file://../sower" + - name: wts + version: 0.1.16 + repository: "file://../wts" + condition: wts.enabled + - name: gen3-network-policies + version: 0.1.1 + repository: "file://../../wip/gen3-network-policies" + condition: global.netPolicy.enabled -- name: elasticsearch - version: 7.10.2 - repository: "https://helm.elastic.co" - condition: global.dev -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: global.dev + - name: elasticsearch + version: 7.10.2 + repository: "https://helm.elastic.co" + condition: global.dev + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: global.dev -# (optional) NeuVector Kubernetes Security Policy templates to protect Gen3 -# NeuVector must be installed separately. -# Reference: https://open-docs.neuvector.com/basics/overview -# Reference: https://github.com/neuvector/neuvector-helm -# For more information, please use the Gen3 community Slack. -- name: neuvector - version: "0.1.0" - repository: "file://../neuvector" - condition: neuvector.enabled + # (optional) NeuVector Kubernetes Security Policy templates to protect Gen3 + # NeuVector must be installed separately. + # Reference: https://open-docs.neuvector.com/basics/overview + # Reference: https://github.com/neuvector/neuvector-helm + # For more information, please use the Gen3 community Slack. + - name: neuvector + version: "0.1.1" + repository: "file://../neuvector" + condition: neuvector.enabled # A chart can be either an 'application' or a 'library' chart. # @@ -128,7 +132,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.46 +version: 0.1.47 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 3038a36a..cf0df847 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.46](https://img.shields.io/badge/Version-0.1.46-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.47](https://img.shields.io/badge/Version-0.1.47-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -18,30 +18,31 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../ambassador | ambassador | 0.1.12 | -| file://../arborist | arborist | 0.1.12 | -| file://../argo-wrapper | argo-wrapper | 0.1.8 | -| file://../audit | audit | 0.1.14 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.10 | -| file://../common | common | 0.1.14 | -| file://../etl | etl | 0.1.3 | -| file://../fence | fence | 0.1.24 | -| file://../frontend-framework | frontend-framework | 0.1.3 | -| file://../guppy | guppy | 0.1.13 | -| file://../hatchery | hatchery | 0.1.10 | -| file://../indexd | indexd | 0.1.15 | -| file://../manifestservice | manifestservice | 0.1.15 | -| file://../metadata | metadata | 0.1.14 | -| file://../neuvector | neuvector | 0.1.0 | -| file://../peregrine | peregrine | 0.1.14 | -| file://../pidgin | pidgin | 0.1.11 | -| file://../portal | portal | 0.1.19 | -| file://../requestor | requestor | 0.1.13 | -| file://../revproxy | revproxy | 0.1.17 | -| file://../sheepdog | sheepdog | 0.1.15 | -| file://../sower | sower | 0.1.13 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.11 | -| file://../wts | wts | 0.1.15 | +| file://../../wip/gen3-network-policies | gen3-network-policies | 0.1.1 | +| file://../ambassador | ambassador | 0.1.15 | +| file://../arborist | arborist | 0.1.13 | +| file://../argo-wrapper | argo-wrapper | 0.1.9 | +| file://../audit | audit | 0.1.15 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.12 | +| file://../common | common | 0.1.15 | +| file://../etl | etl | 0.1.4 | +| file://../fence | fence | 0.1.25 | +| file://../frontend-framework | frontend-framework | 0.1.4 | +| file://../guppy | guppy | 0.1.15 | +| file://../hatchery | hatchery | 0.1.11 | +| file://../indexd | indexd | 0.1.16 | +| file://../manifestservice | manifestservice | 0.1.16 | +| file://../metadata | metadata | 0.1.15 | +| file://../neuvector | neuvector | 0.1.1 | +| file://../peregrine | peregrine | 0.1.15 | +| file://../pidgin | pidgin | 0.1.12 | +| file://../portal | portal | 0.1.20 | +| file://../requestor | requestor | 0.1.14 | +| file://../revproxy | revproxy | 0.1.18 | +| file://../sheepdog | sheepdog | 0.1.17 | +| file://../sower | sower | 0.1.14 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.12 | +| file://../wts | wts | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | @@ -102,7 +103,9 @@ Helm chart to deploy Gen3 Data Commons | global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | bool | `{"dbSubnet":"","enabled":false}` | Global flags to control and manage network policies for a Gen3 installation NOTE: Network policies are currently a beta feature. Use with caution! | +| global.netPolicy.dbSubnet | array | `""` | A CIDR range representing a database subnet, that services with a database need access to | +| global.netPolicy.enabled | bool | `false` | Whether network policies are enabled | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | | global.postgres.master.host | string | `nil` | global postgres master host | @@ -178,3 +181,5 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index d644eaa4..2be04097 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -60,8 +60,14 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (bool) Global flags to control and manage network policies for a Gen3 installation + # NOTE: Network policies are currently a beta feature. Use with caution! + netPolicy: + # -- (bool) Whether network policies are enabled + enabled: false + + # -- (array) A CIDR range representing a database subnet, that services with a database need access to + dbSubnet: "" # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (map) If you would like to add any extra values to the manifest-global configmap. @@ -93,7 +99,6 @@ audit: # -- (bool) Whether to deploy the audit subchart. enabled: true - aws-es-proxy: # -- (bool) Whether to deploy the aws-es-proxy subchart. enabled: false @@ -155,7 +160,7 @@ hatchery: hatchery: sidecarContainer: # -- (string) The maximum amount of CPU the sidecar container can use - cpu-limit: '0.1' + cpu-limit: "0.1" # -- (string) The maximum amount of memory the sidecar container can use memory-limit: 256Mi # -- (string) The sidecar image. @@ -168,21 +173,20 @@ hatchery: args: [] # -- (list) Commands to run for the sidecar container. command: - - "/bin/bash" - - "./sidecar.sh" + - "/bin/bash" + - "./sidecar.sh" lifecycle-pre-stop: - - su - - "-c" - - echo test - - "-s" - - "/bin/sh" - - root + - su + - "-c" + - echo test + - "-s" + - "/bin/sh" + - root containers: - - - # -- (int) port to proxy traffic to in docker contaniner + - # -- (int) port to proxy traffic to in docker contaniner target-port: 8888 # -- (string) cpu limit of workspace container - cpu-limit: '1.0' + cpu-limit: "1.0" # -- (string) memory limit of workspace container memory-limit: 2Gi # -- (string) name of workspace @@ -193,35 +197,33 @@ hatchery: env: FRAME_ANCESTORS: https://{{ .Values.global.hostname }} args: - - "--NotebookApp.base_url=/lw-workspace/proxy/" - - "--NotebookApp.default_url=/lab" - - "--NotebookApp.password=''" - - "--NotebookApp.token=''" - - "--NotebookApp.shutdown_no_activity_timeout=5400" - - "--NotebookApp.quit_button=False" + - "--NotebookApp.base_url=/lw-workspace/proxy/" + - "--NotebookApp.default_url=/lab" + - "--NotebookApp.password=''" + - "--NotebookApp.token=''" + - "--NotebookApp.shutdown_no_activity_timeout=5400" + - "--NotebookApp.quit_button=False" command: - - start-notebook.sh + - start-notebook.sh path-rewrite: "/lw-workspace/proxy/" - use-tls: 'false' + use-tls: "false" ready-probe: "/lw-workspace/proxy/" lifecycle-post-start: - - "/bin/sh" - - "-c" - - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; - ln -s /data /home/$IAM/pd/; true + - "/bin/sh" + - "-c" + - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; + ln -s /data /home/$IAM/pd/; true user-uid: 1000 fs-gid: 100 user-volume-location: "/home/jovyan/pd" gen3-volume-location: "/home/jovyan/.gen3" - indexd: # -- (bool) Whether to deploy the indexd subchart. enabled: true # -- (string) the default prefix for indexd records defaultPrefix: "PREFIX/" - manifestservice: # -- (bool) Whether to deploy the manifest service subchart. enabled: true @@ -242,7 +244,6 @@ portal: # -- (bool) Whether to deploy the portal subchart. enabled: true - requestor: # -- (bool) Whether to deploy the requestor subchart. enabled: false @@ -255,7 +256,8 @@ revproxy: # -- (bool) Whether to create the custom revproxy ingress enabled: false # -- (map) Annotations to add to the ingress. - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # -- (list) Where to route the traffic. diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index dd539db1..e625d113 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.13 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index a6fb665e..9d08e3ea 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -49,7 +49,7 @@ A Helm chart for gen3 Guppy Service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -93,3 +93,5 @@ A Helm chart for gen3 Guppy Service | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml index 1f2ec669..55f3166c 100644 --- a/helm/guppy/values.yaml +++ b/helm/guppy/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -51,8 +50,9 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -106,20 +106,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - guppy - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - guppy + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Volumes to attach to the pod. volumes: @@ -142,7 +142,6 @@ image: # -- (string) Overrides the image tag whose default is the chart appVersion. tag: "" - # Environment Variables # -- (string) Elasticsearch endpoint. esEndpoint: "gen3-elasticsearch-master:9200" @@ -171,7 +170,6 @@ resources: # -- (string) The maximum amount of memory the container can use memory: 2Gi - # -- (map) Kubernetes service information. service: # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". @@ -186,10 +184,10 @@ service: # Configmap # -- (list) Elasticsearch index configurations indices: -- index: dev_case - type: case -- index: dev_file - type: file + - index: dev_case + type: case + - index: dev_file + type: file # -- (string) The Elasticsearch configuration index configIndex: dev_case-array-config # -- (string) The field used for access control and authorization filters diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 126d1bc7..5a86a60c 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.10 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 74059ee6..dc3e8e00 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -36,7 +36,7 @@ A Helm chart for gen3 Hatchery | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -50,6 +50,7 @@ A Helm chart for gen3 Hatchery | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | | hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | +| hatchery.containers | list | `[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}]` | Notebook configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | | hatchery.sidecarContainer.cpu-limit | string | `"0.1"` | The maximum amount of CPU the sidecar container can use | @@ -83,3 +84,5 @@ A Helm chart for gen3 Hatchery | volumeMounts | list | `[{"mountPath":"/hatchery.json","name":"hatchery-config","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index 4a22be93..81ae84aa 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + netnolimit: "yes" + public: "yes" + userhelper: "yes" {{- include "hatchery.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index b1cd4c10..7ee911ca 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -127,31 +127,31 @@ affinity: {} # -- (list) Environment variables to pass to the container env: -- name: HTTP_PORT - value: "8000" -- name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: HTTP_PORT + value: "8000" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace # -- (list) Volumes to attach to the container. volumes: -- name: hatchery-config - configMap: - name: manifest-hatchery + - name: hatchery-config + configMap: + name: manifest-hatchery # -- (list) Volumes to mount to the container. volumeMounts: -- name: hatchery-config - readOnly: true - mountPath: /hatchery.json - subPath: json + - name: hatchery-config + readOnly: true + mountPath: /hatchery.json + subPath: json # -- (map) Hatchery sidcar container configuration. hatchery: sidecarContainer: # -- (string) The maximum amount of CPU the sidecar container can use - cpu-limit: '0.1' + cpu-limit: "0.1" # -- (string) The maximum amount of memory the sidecar container can use memory-limit: 256Mi # -- (string) The sidecar image. @@ -164,43 +164,43 @@ hatchery: args: [] # -- (list) Commands to run for the sidecar container. command: - - "/bin/bash" - - "./sidecar.sh" + - "/bin/bash" + - "./sidecar.sh" # -- (list) Commands that are run before the container is stopped. lifecycle-pre-stop: - - su - - "-c" - - echo test - - "-s" - - "/bin/sh" - - root - -# -- (list) Notebook configuration. + - su + - "-c" + - echo test + - "-s" + - "/bin/sh" + - root + + # -- (list) Notebook configuration. containers: - target-port: 8888 - cpu-limit: '1.0' + cpu-limit: "1.0" memory-limit: 2Gi name: "(Tutorials) Example Analysis Jupyter Lab Notebooks" image: quay.io/cdis/heal-notebooks:combined_tutorials__latest env: FRAME_ANCESTORS: https://{{ .Values.global.hostname }} args: - - "--NotebookApp.base_url=/lw-workspace/proxy/" - - "--NotebookApp.default_url=/lab" - - "--NotebookApp.password=''" - - "--NotebookApp.token=''" - - "--NotebookApp.shutdown_no_activity_timeout=5400" - - "--NotebookApp.quit_button=False" + - "--NotebookApp.base_url=/lw-workspace/proxy/" + - "--NotebookApp.default_url=/lab" + - "--NotebookApp.password=''" + - "--NotebookApp.token=''" + - "--NotebookApp.shutdown_no_activity_timeout=5400" + - "--NotebookApp.quit_button=False" command: - - start-notebook.sh + - start-notebook.sh path-rewrite: "/lw-workspace/proxy/" - use-tls: 'false' + use-tls: "false" ready-probe: "/lw-workspace/proxy/" lifecycle-post-start: - - "/bin/sh" - - "-c" - - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; - ln -s /data /home/$IAM/pd/; true + - "/bin/sh" + - "-c" + - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; + ln -s /data /home/$IAM/pd/; true user-uid: 1000 fs-gid: 100 user-volume-location: "/home/jovyan/pd" diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index b5879156..dec59592 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,12 +23,11 @@ version: 0.1.15 # It is recommended to use it with quotes. appVersion: "master" - dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 17430159..369ad988 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -43,7 +43,7 @@ A Helm chart for gen3 indexd | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -64,6 +64,9 @@ A Helm chart for gen3 indexd | imagePullSecrets | list | `[]` | Docker image pull secrets. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | +| netPolicy | map | `{"egressApps":["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"],"ingressApps":["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["fence","presigned-url-fence","fenceshib","peregrine","sheepdog","ssjdispatcherjob","metadata","mariner","mariner-engine"]` | List of app labels that require ingress to this service | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"S3-GS"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | @@ -104,3 +107,5 @@ A Helm chart for gen3 indexd | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/indexd/templates/deployment.yaml b/helm/indexd/templates/deployment.yaml index 85656b54..cbb05552 100644 --- a/helm/indexd/templates/deployment.yaml +++ b/helm/indexd/templates/deployment.yaml @@ -21,6 +21,7 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + public: "yes" {{- include "indexd.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/indexd/templates/netpolicy.yaml b/helm/indexd/templates/netpolicy.yaml new file mode 100644 index 00000000..93949e3a --- /dev/null +++ b/helm/indexd/templates/netpolicy.yaml @@ -0,0 +1,9 @@ +{{ include "common.db_netpolicy" . }} + +--- + +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} \ No newline at end of file diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml index 97b71d49..935e9d86 100644 --- a/helm/indexd/values.yaml +++ b/helm/indexd/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -51,8 +50,9 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -69,6 +69,32 @@ global: # -- (bool) Whether Metrics are enabled. metricsEnabled: false +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - fence + - presigned-url-fence + - fenceshib + - peregrine + - sheepdog + - ssjdispatcherjob + - metadata + - mariner + - mariner-engine + + # -- (array) List of apps that this app requires egress to + egressApps: + - fence + - presigned-url-fence + - fenceshib + - peregrine + - sheepdog + - ssjdispatcherjob + - metadata + - mariner + - mariner-engine + # -- (map) External Secrets settings. externalSecrets: # -- (string) Will create the Helm "indexd-service-creds" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. @@ -150,11 +176,13 @@ serviceAccount: podAnnotations: {} # -- (map) Security context for the pod -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -206,19 +234,19 @@ affinity: {} # -- (list) Volumes to attach to the pod volumes: -- name: uwsgi-config - configMap: - name: indexd-uwsgi -- name: config-volume - secret: - secretName: "indexd-settings" + - name: uwsgi-config + configMap: + name: indexd-uwsgi + - name: config-volume + secret: + secretName: "indexd-settings" # -- (list) Volumes to mount to the container. volumeMounts: -- name: "config-volume" - readOnly: true - mountPath: "/var/www/indexd/local_settings.py" - subPath: "local_settings.py" + - name: "config-volume" + readOnly: true + mountPath: "/var/www/indexd/local_settings.py" + subPath: "local_settings.py" # -- (list) Environment variables to pass to the container env: diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 66288065..4e5ad932 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.15 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 03d6d3c0..06f23829 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -82,3 +82,5 @@ A Helm chart for Kubernetes | volumeMounts | list | `[{"mountPath":"/var/gen3/config/","name":"config-volume","readOnly":true}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 7c2cee70..9c362f6a 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -17,11 +17,11 @@ spec: template: metadata: labels: - {{- include "manifestservice.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} - s3: "yes" public: "yes" + s3: "yes" userhelper: "yes" + {{- include "manifestservice.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} annotations: {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 4b5070b2..5def4e33 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,14 +24,14 @@ version: 0.1.14 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate -- name: elasticsearch - version: "7.17.1" - repository: "https://helm.elastic.co" - condition: elasticsearch.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate + - name: elasticsearch + version: "7.17.1" + repository: "https://helm.elastic.co" + condition: elasticsearch.separate diff --git a/helm/metadata/README.md b/helm/metadata/README.md index bb1b5331..578ac30d 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.17.1 | @@ -62,7 +62,7 @@ A Helm chart for gen3 Metadata Service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -121,3 +121,5 @@ A Helm chart for gen3 Metadata Service | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/mds/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index a8ec17ad..58e06603 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -19,12 +19,11 @@ spec: template: metadata: labels: + netnolimit: "yes" + public: "yes" + userhelper: "yes" {{- include "metadata.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} - # gen3 networkpolicy labels - netnolimit: 'yes' - public: 'yes' - userhelper: 'yes' annotations: {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} diff --git a/helm/metadata/templates/netpolicy.yaml b/helm/metadata/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/metadata/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 1b5d28cf..99cbd8ba 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -140,20 +140,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - metadata - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - metadata + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false @@ -177,7 +177,6 @@ useAggMds: "True" # -- (string) Namespae to use if AggMds is enabled. aggMdsNamespace: default - aggMdsConfig: | { "configuration": { diff --git a/helm/neuvector/Chart.yaml b/helm/neuvector/Chart.yaml index 46be470b..1a064380 100644 --- a/helm/neuvector/Chart.yaml +++ b/helm/neuvector/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/neuvector/README.md b/helm/neuvector/README.md index c69d8513..d075b808 100644 --- a/helm/neuvector/README.md +++ b/helm/neuvector/README.md @@ -1,6 +1,6 @@ # neuvector -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) NeuVector Kubernetes Security Policy templates to protect Gen3 @@ -19,3 +19,5 @@ NeuVector Kubernetes Security Policy templates to protect Gen3 | policies.include | bool | `true` | | | policies.policyMode | string | `"Monitor"` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/observability/Chart.yaml b/helm/observability/Chart.yaml index f3b07d82..ba80df7a 100644 --- a/helm/observability/Chart.yaml +++ b/helm/observability/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/observability/README.md b/helm/observability/README.md index 21ad3855..f9e9ef36 100644 --- a/helm/observability/README.md +++ b/helm/observability/README.md @@ -1,6 +1,6 @@ # lgtma-chart -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) A Helm chart for deploying the LGTM stack with additional resources @@ -307,3 +307,5 @@ A Helm chart for deploying the LGTM stack with additional resources | lgtm.role.arn | string | `nil` | The arn of the aws role to associate with the service account that will be used for Loki and Mimir. Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | | lgtm.tempo.enabled | bool | `false` | Enable or disable tempo. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index e190277b..58ea23bf 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,12 +23,11 @@ version: 0.1.14 # It is recommended to use it with quotes. appVersion: "master" - dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 0272b818..8b5ca77a 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -43,7 +43,7 @@ A Helm chart for gen3 Peregrine service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -61,6 +61,9 @@ A Helm chart for gen3 Peregrine service | imagePullSecrets | list | `[]` | Docker image pull secrets. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | +| netPolicy | map | `{"egressApps":["pidgin"],"ingressApps":["pidgin"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["pidgin"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["pidgin"]` | List of app labels that require ingress to this service | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | @@ -99,3 +102,5 @@ A Helm chart for gen3 Peregrine service | volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index 978b5a68..b56eca44 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -21,6 +21,8 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + public: "yes" + s3: "yes" {{- include "peregrine.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} spec: diff --git a/helm/peregrine/templates/netpolicy.yaml b/helm/peregrine/templates/netpolicy.yaml new file mode 100644 index 00000000..93949e3a --- /dev/null +++ b/helm/peregrine/templates/netpolicy.yaml @@ -0,0 +1,9 @@ +{{ include "common.db_netpolicy" . }} + +--- + +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} \ No newline at end of file diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index 79c488dd..e8f97995 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -1,7 +1,6 @@ # Default values for peregrine. # This is a YAML-formatted file. - # Global configuration global: # -- (map) AWS configuration @@ -46,8 +45,9 @@ global: logsBucket: logs-gen3 # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -75,7 +75,6 @@ secrets: # -- (str) AWS secret access key ID. Overrides global key. awsSecretAccessKey: - # -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you postgres: # (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore @@ -139,11 +138,13 @@ serviceAccount: podAnnotations: {} # -- (map) Security context for the pod -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -158,6 +159,16 @@ service: # -- (int) The port number that the service exposes. port: 80 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - pidgin + + # -- (array) List of apps that this app requires egress to + egressApps: + - pidgin + # -- (map) Resource requests and limits for the containers in the pod resources: # -- (map) The amount of resources that the container requests @@ -199,11 +210,11 @@ env: # -- (list) Volumes to attach to the container. volumes: -- name: shared-data - emptyDir: {} -- name: config-volume - secret: - secretName: "peregrine-secret" + - name: shared-data + emptyDir: {} + - name: config-volume + secret: + secretName: "peregrine-secret" # -- (list) Volumes to mount to the container. volumeMounts: diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 0a535a12..a0086a5e 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.11 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 522b1c49..552d0d20 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -46,7 +46,7 @@ A Helm chart for gen3 Pidgin Service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -82,3 +82,5 @@ A Helm chart for gen3 Pidgin Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml index 414d642b..4ac6b14f 100644 --- a/helm/pidgin/values.yaml +++ b/helm/pidgin/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) Whether Datadog is enabled. @@ -114,20 +114,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - pidgin - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - pidgin + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index a3d01d8b..55943894 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.19 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index 906a8eb9..7d425ee9 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -50,7 +50,7 @@ A Helm chart for gen3 data-portal | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -98,3 +98,5 @@ A Helm chart for gen3 data-portal | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 4ca45131..2445821f 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -24,9 +24,9 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: + public: "yes" {{- include "portal.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} - public: "yes" spec: {{- with .Values.nodeSelector }} nodeSelector: diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index f45d475d..2ec452f7 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -50,8 +50,9 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -99,11 +100,13 @@ serviceAccount: podAnnotations: {} # -- (map) Security context to apply to the pod -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Security context to apply to the container -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -153,20 +156,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - portal - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - portal + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false @@ -200,7 +203,6 @@ commonLabels: extraImages: # - url: https://raw.githubusercontent.com/uc-cdis/gen3-helm/master/docs/images/gen3-blue-dark.png - # -- (map) GitOps configuration for portal gitops: # -- (string) multiline string - gitops.json @@ -463,15 +465,12 @@ gitops: } } # -- (string) - favicon in base64 - favicon: - "AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//" + favicon: "AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//" # -- (string) - multiline string - gitops.css css: | /* gitops default css */ # -- (string) - logo in base64 - logo: - "iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=" + logo: "iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=" # -- (string) - createdby.png - base64 - createdby: - "iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==" + createdby: "iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==" sponsors: diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 05ea48a5..23d832fc 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -23,12 +23,11 @@ version: 0.1.13 # It is recommended to use it with quotes. appVersion: "master" - dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/requestor/README.md b/helm/requestor/README.md index a2b4d874..a93ea478 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -51,7 +51,7 @@ A Helm chart for gen3 Requestor Service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.onlyDbgap | bool | `false` | Forces ONLY a dbgap sync if "true", IGNORING user.yaml | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | @@ -114,3 +114,5 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/requestor/templates/netpolicy.yaml b/helm/requestor/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/requestor/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/requestor/values.yaml b/helm/requestor/values.yaml index 3453063a..af8d89bf 100644 --- a/helm/requestor/values.yaml +++ b/helm/requestor/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -63,8 +62,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -153,20 +153,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - requestor - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - requestor + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 85531fe6..016cf70d 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.17 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 430e223e..9c862929 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -38,7 +38,7 @@ A Helm chart for gen3 revproxy | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -67,6 +67,9 @@ A Helm chart for gen3 revproxy | ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | +| netPolicy | map | `{"egressApps":["portal","sowerjob"],"ingressApps":["portal","sowerjob"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["portal","sowerjob"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["portal","sowerjob"]` | List of app labels that require ingress to this service | | nodeSelector | map | `{}` | Node selector labels. | | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod. | @@ -104,3 +107,5 @@ A Helm chart for gen3 revproxy | tolerations | list | `[]` | Tolerations to use for the deployment. | | userhelperEnabled | bool | `false` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/revproxy/templates/netpolicy.yaml b/helm/revproxy/templates/netpolicy.yaml new file mode 100644 index 00000000..1c7bd36c --- /dev/null +++ b/helm/revproxy/templates/netpolicy.yaml @@ -0,0 +1,61 @@ +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} + +--- + +{{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: revproxy-netpolicy +spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: + - revproxy + - ambassador-gen3 + - auspice + - ohdsi-atlas + - ohdsi-webapi + - superset + - superset-worker + - superset-redis-master + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 80 + - port: 4000 + - port: 8080 + - port: 81 + - port: 82 + - port: 443 + - port: 8088 + - port: 9090 + egress: + - to: + - namespaceSelector: + matchLabels: + app: prometheus + - to: + - namespaceSelector: + matchLabels: + app: grafana + - to: + - namespaceSelector: + matchLabels: + app: argo + - to: + - namespaceSelector: + matchLabels: + app: argocd + policyTypes: + - Ingress + - Egress +{{- end }} \ No newline at end of file diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index f2748347..49c045fd 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: tls: @@ -60,8 +59,9 @@ global: tierAccessLevel: libre # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. tierAccessLimit: "1000" - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -124,11 +124,13 @@ serviceAccount: podAnnotations: {} # -- (map) Pod-level security context. -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Container-level security context. -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -143,6 +145,18 @@ service: # -- (int) The port number that the service exposes. port: 80 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - portal + - sowerjob + + # -- (array) List of apps that this app requires egress to + egressApps: + - portal + - sowerjob + # -- (map) Configuration for revproxy ingress. ingress: # -- (bool) Whether to create the ingress @@ -150,7 +164,8 @@ ingress: # -- (string) The ingress class name. className: "" # -- (map) Annotations to add to the ingress. - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # -- (list) Where to route the traffic. diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index fbaa346b..8c5464f3 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,10 +24,10 @@ version: 0.1.15 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index f785ceaa..2dc31247 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -52,7 +52,7 @@ A Helm chart for gen3 Sheepdog Service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -107,3 +107,5 @@ A Helm chart for gen3 Sheepdog Service | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index 296595db..e7d11c17 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -23,12 +23,12 @@ spec: template: metadata: labels: + # gen3 networkpolicy labels + public: "yes" + netnolimit: "yes" + s3: "yes" {{- include "sheepdog.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} - # gen3 networkpolicy labels - netnolimit: 'yes' - public: 'yes' - s3: 'yes' annotations: {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} diff --git a/helm/sheepdog/templates/netpolicy.yaml b/helm/sheepdog/templates/netpolicy.yaml new file mode 100644 index 00000000..70a5c3b5 --- /dev/null +++ b/helm/sheepdog/templates/netpolicy.yaml @@ -0,0 +1 @@ +{{ include "common.db_netpolicy" . }} \ No newline at end of file diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 268b1223..efcfe9e0 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -141,20 +141,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - sheepdog - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - sheepdog + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (bool) Automount the default service account token automountServiceAccountToken: false diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 5e6090aa..510eab8c 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.13 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index ff634448..060fadbc 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -50,7 +50,7 @@ A Helm chart for gen3 sower | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | | global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | @@ -69,6 +69,9 @@ A Helm chart for gen3 sower | imagePullSecrets | list | `[]` | Docker image pull secrets. | | metricsEnabled | bool | `false` | Whether Metrics are enabled. | | nameOverride | string | `""` | Override the name of the chart. | +| netPolicy | map | `{"egressApps":["pidgin"],"ingressApps":["pidgin"]}` | Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true | +| netPolicy.egressApps | array | `["pidgin"]` | List of apps that this app requires egress to | +| netPolicy.ingressApps | array | `["pidgin"]` | List of app labels that require ingress to this service | | nodeSelector | map | `{}` | Node Selector for the pods | | partOf | string | `"Core-Service"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podSecurityContext | map | `{"fsGroup":1000,"runAsUser":1000}` | Security context to apply to the pod | @@ -181,3 +184,5 @@ A Helm chart for gen3 sower | volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/sower/templates/deployment.yaml b/helm/sower/templates/deployment.yaml index e051994d..456c6cca 100644 --- a/helm/sower/templates/deployment.yaml +++ b/helm/sower/templates/deployment.yaml @@ -16,10 +16,10 @@ spec: template: metadata: labels: - {{- include "sower.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} - public: "yes" netnolimit: "yes" + public: "yes" + {{- include "sower.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} annotations: {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} diff --git a/helm/sower/templates/netpolicy.yaml b/helm/sower/templates/netpolicy.yaml new file mode 100644 index 00000000..227f111c --- /dev/null +++ b/helm/sower/templates/netpolicy.yaml @@ -0,0 +1,22 @@ +{{ include "common.ingress_netpolicy" . }} + +--- + +{{ include "common.egress_netpolicy" . }} + +--- + +{{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: sowerjob-netpolicy +spec: + podSelector: + matchLabels: + app: sowerjob + egress: + - {} + policyTypes: + - Egress +{{- end }} diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index b4d1d955..8725100a 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (map) External Secrets settings. @@ -99,7 +99,8 @@ nameOverride: "" fullnameOverride: "" # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -114,6 +115,16 @@ service: # -- (int) The port number that the service exposes. port: 80 +# -- (map) Configuration for network policies created by this chart. Only relevant if "global.netPolicy.enabled" is set to true +netPolicy: + # -- (array) List of app labels that require ingress to this service + ingressApps: + - pidgin + + # -- (array) List of apps that this app requires egress to + egressApps: + - pidgin + # -- (map) Configuration for autoscaling the number of replicas autoscaling: # -- (bool) Whether autoscaling is enabled @@ -144,20 +155,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - sower - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - sower + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Volumes to attach to the container. volumes: @@ -214,54 +225,54 @@ sowerConfig: image: quay.io/cdis/pelican-export:GPE-1252 pull_policy: Always env: - - name: DICTIONARY_URL - valueFrom: - configMapKeyRef: - name: manifest-global - key: dictionary_url - - name: GEN3_HOSTNAME - valueFrom: - configMapKeyRef: - name: manifest-global - key: hostname - - name: ROOT_NODE - value: subject - - name: DB_HOST - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: database - - name: DB_USER - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: username - - name: DB_PASS - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: password - - name: SHEEPDOG - valueFrom: - secretKeyRef: - name: indexd-service-creds - key: sheepdog + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: subject + - name: DB_HOST + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: host + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: username + - name: DB_PASS + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: password + - name: SHEEPDOG + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: sheepdog volumeMounts: - - name: pelican-creds-volume - readOnly: true - mountPath: "/pelican-creds.json" - subPath: config.json - cpu-limit: '1' + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + cpu-limit: "1" memory-limit: 12Gi volumes: - - name: pelican-creds-volume - secret: - secretName: pelicanservice-g3auto + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto restart_policy: Never - name: pelican-export-files action: export-files @@ -270,63 +281,62 @@ sowerConfig: image: quay.io/cdis/pelican-export:GPE-1252 pull_policy: Always env: - - name: DICTIONARY_URL - valueFrom: - configMapKeyRef: - name: manifest-global - key: dictionary_url - - name: GEN3_HOSTNAME - valueFrom: - configMapKeyRef: - name: manifest-global - key: hostname - - name: ROOT_NODE - value: file - - name: EXTRA_NODES - value: '' - - name: DB_HOST - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: host - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: database - - name: DB_USER - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: username - - name: DB_PASS - valueFrom: - secretKeyRef: - name: peregrine-dbcreds - key: password - - name: SHEEPDOG - valueFrom: - secretKeyRef: - name: indexd-service-creds - key: sheepdog + - name: DICTIONARY_URL + valueFrom: + configMapKeyRef: + name: manifest-global + key: dictionary_url + - name: GEN3_HOSTNAME + valueFrom: + configMapKeyRef: + name: manifest-global + key: hostname + - name: ROOT_NODE + value: file + - name: EXTRA_NODES + value: "" + - name: DB_HOST + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: host + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: database + - name: DB_USER + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: username + - name: DB_PASS + valueFrom: + secretKeyRef: + name: peregrine-dbcreds + key: password + - name: SHEEPDOG + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: sheepdog volumeMounts: - - name: pelican-creds-volume - readOnly: true - mountPath: "/pelican-creds.json" - subPath: config.json - - name: peregrine-creds-volume - readOnly: true - mountPath: "/peregrine-creds.json" - subPath: creds.json - cpu-limit: '1' + - name: pelican-creds-volume + readOnly: true + mountPath: "/pelican-creds.json" + subPath: config.json + - name: peregrine-creds-volume + readOnly: true + mountPath: "/peregrine-creds.json" + subPath: creds.json + cpu-limit: "1" memory-limit: 12Gi volumes: - - name: pelican-creds-volume - secret: - secretName: pelicanservice-g3auto + - name: pelican-creds-volume + secret: + secretName: pelicanservice-g3auto restart_policy: Never - # -- (map) Service account to use or create. serviceAccount: # -- (bool) Specifies whether a service account should be created. diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 2e96e49d..61b00d9a 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.11 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common + - name: common + version: 0.1.15 + repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 2e476daf..97195985 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | ## Values @@ -46,7 +46,7 @@ A Helm chart for gen3 ssjdispatcher | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -109,3 +109,5 @@ A Helm chart for gen3 ssjdispatcher | volumeMounts | list | `[{"mountPath":"/credentials.json","name":"ssjdispatcher-creds-volume","readOnly":true,"subPath":"credentials.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/ssjdispatcher/templates/deployment.yaml b/helm/ssjdispatcher/templates/deployment.yaml index f54e3029..7d03f7fa 100644 --- a/helm/ssjdispatcher/templates/deployment.yaml +++ b/helm/ssjdispatcher/templates/deployment.yaml @@ -14,10 +14,10 @@ spec: template: metadata: labels: - {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} netnolimit: "yes" public: "yes" + {{- include "ssjdispatcher.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} annotations: {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} diff --git a/helm/ssjdispatcher/templates/netpolicy.yaml b/helm/ssjdispatcher/templates/netpolicy.yaml new file mode 100644 index 00000000..2e8a29a0 --- /dev/null +++ b/helm/ssjdispatcher/templates/netpolicy.yaml @@ -0,0 +1,14 @@ +{{- if .Values.global.netPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: ssjdispatcherjob-netpolicy +spec: + podSelector: + matchLabels: + app: ssjdispatcherjob + egress: + - {} + policyTypes: + - Egress +{{- end }} \ No newline at end of file diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index f7d75a06..5eadacff 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -83,7 +83,8 @@ nameOverride: "" fullnameOverride: "" # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -128,20 +129,20 @@ affinity: podAntiAffinity: # -- (map) Option for scheduling to be required or preferred. preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - ssjdispatcher - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" + # -- (int) Weight value for preferred scheduling. + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + # -- (list) Label key for match expression. + - key: app + # -- (string) Operation type for the match expression. + operator: In + # -- (list) Value for the match expression key. + values: + - ssjdispatcher + # -- (string) Value for topology key label. + topologyKey: "kubernetes.io/hostname" # -- (list) Volumes to attach to the container. volumes: diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 08dd4ab3..fa6eb945 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,10 +24,10 @@ version: 0.1.15 appVersion: "master" dependencies: -- name: common - version: 0.1.14 - repository: file://../common -- name: postgresql - version: 11.9.13 - repository: "https://charts.bitnami.com/bitnami" - condition: postgres.separate + - name: common + version: 0.1.15 + repository: file://../common + - name: postgresql + version: 11.9.13 + repository: "https://charts.bitnami.com/bitnami" + condition: postgres.separate diff --git a/helm/wts/README.md b/helm/wts/README.md index 10cb3ff0..dedc4f0b 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.14 | +| file://../common | common | 0.1.15 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values @@ -41,7 +41,7 @@ A Helm chart for gen3 workspace token service | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | | global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | bool | `true` | Whether network policies are enabled. | +| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | | global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | | global.portalApp | string | `"gitops"` | Portal application name. | | global.postgres.dbCreate | bool | `true` | Whether the database should be created. | @@ -102,3 +102,5 @@ A Helm chart for gen3 workspace token service | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index a3d9e6ac..0b424f47 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -30,11 +30,11 @@ spec: {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} labels: - {{- include "wts.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} - public: "yes" netnolimit: "yes" + public: "yes" userhelper: "yes" + {{- include "wts.selectorLabels" . | nindent 8 }} + {{- include "common.extraLabels" . | nindent 8 }} spec: affinity: podAntiAffinity: diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml index e00aa2fe..9386691f 100644 --- a/helm/wts/values.yaml +++ b/helm/wts/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - # Global configuration global: # -- (map) AWS configuration @@ -49,8 +48,9 @@ global: publicDataSets: true # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` tierAccessLevel: libre - # -- (bool) Whether network policies are enabled. - netPolicy: true + # -- (map) Controls network policy settings + netPolicy: + enabled: false # -- (int) Number of dispatcher jobs. dispatcherJobNum: "10" # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. @@ -140,11 +140,13 @@ serviceAccount: podAnnotations: {} # -- (map) Security context for the pod -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- (map) Security context for the containers in the pod -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL diff --git a/wip/gen3-network-policies/.helmignore b/wip/gen3-network-policies/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/wip/gen3-network-policies/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/wip/gen3-network-policies/Chart.yaml b/wip/gen3-network-policies/Chart.yaml new file mode 100644 index 00000000..7bc53bc1 --- /dev/null +++ b/wip/gen3-network-policies/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: gen3-network-policies +description: A Helm chart that holds network policies needed to run Gen3 + +type: application + +version: 0.1.1 + +appVersion: "0.1.1" diff --git a/wip/gen3-network-policies/templates/_helpers.tpl b/wip/gen3-network-policies/templates/_helpers.tpl new file mode 100644 index 00000000..344fd593 --- /dev/null +++ b/wip/gen3-network-policies/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gen3-network-policies.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gen3-network-policies.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gen3-network-policies.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gen3-network-policies.labels" -}} +helm.sh/chart: {{ include "gen3-network-policies.chart" . }} +{{ include "gen3-network-policies.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gen3-network-policies.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gen3-network-policies.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gen3-network-policies.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gen3-network-policies.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml b/wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml new file mode 100644 index 00000000..387cac04 --- /dev/null +++ b/wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml @@ -0,0 +1,11 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-nothing-netpolicy +spec: + policyTypes: + - Ingress + - Egress + podSelector: {} + ingress: [] + egress: [] diff --git a/wip/gen3-network-policies/templates/allowdns_netpolicy.yaml b/wip/gen3-network-policies/templates/allowdns_netpolicy.yaml new file mode 100644 index 00000000..5fd50016 --- /dev/null +++ b/wip/gen3-network-policies/templates/allowdns_netpolicy.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allowdns-netpolicy +spec: + podSelector: + matchLabels: {} + egress: + - to: + - namespaceSelector: + {} + ports: + - protocol: TCP + port: 53 + - protocol: UDP + port: 53 + + policyTypes: + - Egress diff --git a/wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml b/wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml new file mode 100644 index 00000000..1760ddb7 --- /dev/null +++ b/wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml @@ -0,0 +1,35 @@ +{{- if index .Values "argo-workflows" "enabled" }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argo-workflows-netpolicy +spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: + - revproxy + - cohort-middleware + - wts + - indexd + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 80 + - port: 4000 + - port: 8080 + - port: 81 + - port: 82 + - port: 443 + egress: + - to: + - namespaceSelector: + matchLabels: + app: argo + policyTypes: + - Ingress + - Egress +{{- end }} \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/argocd_netpolicy.yaml b/wip/gen3-network-policies/templates/argocd_netpolicy.yaml new file mode 100644 index 00000000..a3861e5e --- /dev/null +++ b/wip/gen3-network-policies/templates/argocd_netpolicy.yaml @@ -0,0 +1,34 @@ +{{- if .Values.argocd.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-netpolicy +spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: + - revproxy + - cohort-middleware + - wts + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - port: 80 + - port: 4000 + - port: 8080 + - port: 81 + - port: 82 + - port: 443 + egress: + - to: + - namespaceSelector: + matchLabels: + app: argocd + policyTypes: + - Ingress + - Egress +{{- end }} \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/auth_netpolicy.yaml b/wip/gen3-network-policies/templates/auth_netpolicy.yaml new file mode 100644 index 00000000..28f96a83 --- /dev/null +++ b/wip/gen3-network-policies/templates/auth_netpolicy.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: auth-egress-netpolicy +spec: + egress: + - to: + - podSelector: + matchLabels: + authprovider: "yes" + podSelector: {} + policyTypes: + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: auth-ingress-netpolicy +spec: + ingress: + - from: + - podSelector: {} + podSelector: + matchLabels: + authprovider: "yes" + policyTypes: + - Ingress \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml b/wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml new file mode 100644 index 00000000..0b544b8e --- /dev/null +++ b/wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml @@ -0,0 +1,29 @@ +{{- if .Values.global.dev }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: dev-elasticsearch-ingress-netpolicy +spec: + podSelector: + matchLabels: + app: gen3-elasticsearch-master + policyTypes: + - Ingress + ingress: + - from: + - podSelector: {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: dev-elasticsearch-egress-netpolicy +spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - podSelector: + matchLabels: + app: gen3-elasticsearch-master +{{- end }} \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml b/wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml new file mode 100644 index 00000000..85c13912 --- /dev/null +++ b/wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml @@ -0,0 +1,18 @@ +# This one needs some explanation. As far as we can tell, on AWS, other network policies allow traffic to reach the +# Kubernetes API. If you're running in another env (such as a local deployment), you'll need this policy to allow access +# to the API server, without knowing ahead of time what the IP address is (since selectors won't work) + +{{- if .Values.global.dev }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: dev-allow-ambassador-egress-netpolicy +spec: + podSelector: + matchLabels: + app: ambassador + policyTypes: + - Egress + egress: + - {} +{{- end }} \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml b/wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml new file mode 100644 index 00000000..3ea5de58 --- /dev/null +++ b/wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml @@ -0,0 +1,29 @@ +{{- if .Values.global.dev }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: dev-postgres-ingress-netpolicy +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: postgresql + policyTypes: + - Ingress + ingress: + - from: + - podSelector: {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: dev-postgres-egress-netpolicy +spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - podSelector: + matchLabels: + app.kubernetes.io/name: postgresql +{{- end }} \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/external_egress_netpolicy.yaml b/wip/gen3-network-policies/templates/external_egress_netpolicy.yaml new file mode 100644 index 00000000..5d17ce5a --- /dev/null +++ b/wip/gen3-network-policies/templates/external_egress_netpolicy.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: external-egress-netpolicy +spec: + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.0.0/16 + - 172.16.0.0/12 + - 10.0.0.0/8 + # - to: + # - ipBlock: + # # TODO this looks like squid, do we need it? + # cidr: 172.26.225.72/32 + podSelector: + matchLabels: + internet: "yes" + policyTypes: + - Egress \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/gen3job_netpolicy.yaml b/wip/gen3-network-policies/templates/gen3job_netpolicy.yaml new file mode 100644 index 00000000..f4d7317d --- /dev/null +++ b/wip/gen3-network-policies/templates/gen3job_netpolicy.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: gen3job-netpolicy +spec: + podSelector: + matchLabels: + app: gen3job + egress: + - {} + policyTypes: + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: gen3job-in-netpolicy +spec: + podSelector: {} + ingress: + - from: + - podSelector: + matchLabels: + app: gen3job + policyTypes: + - Ingress diff --git a/wip/gen3-network-policies/templates/jh_netpolicy.yaml b/wip/gen3-network-policies/templates/jh_netpolicy.yaml new file mode 100644 index 00000000..82c02509 --- /dev/null +++ b/wip/gen3-network-policies/templates/jh_netpolicy.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: jupyter-hub-netpolicy +spec: + podSelector: + matchLabels: + app: jupyter-hub + ingress: + - from: + - podSelector: + matchLabels: + app: revproxy + ports: + - port: 3838 + egress: + - {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: jupyter-hub-nb-netpolicy +spec: + podSelector: + matchLabels: + app: jupyterhub + ingress: + - from: + - podSelector: + matchLabels: + app: jupyter-hub + ports: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/wip/gen3-network-policies/templates/linklocal_netpolicy.yaml b/wip/gen3-network-policies/templates/linklocal_netpolicy.yaml new file mode 100644 index 00000000..aacb0e72 --- /dev/null +++ b/wip/gen3-network-policies/templates/linklocal_netpolicy.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: linklocal-netpolicy +spec: + egress: + - to: + - ipBlock: + cidr: 169.254.0.0/16 + podSelector: + matchLabels: + linklocal: "yes" + policyTypes: + - Egress \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/nolimit_netpolicy.yaml b/wip/gen3-network-policies/templates/nolimit_netpolicy.yaml new file mode 100644 index 00000000..b0ab7f61 --- /dev/null +++ b/wip/gen3-network-policies/templates/nolimit_netpolicy.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: nolimit-netpolicy +spec: + egress: + - {} + podSelector: + matchLabels: + netnolimit: "yes" + policyTypes: + - Egress \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/public_netpolicy.yaml b/wip/gen3-network-policies/templates/public_netpolicy.yaml new file mode 100644 index 00000000..a6364e7c --- /dev/null +++ b/wip/gen3-network-policies/templates/public_netpolicy.yaml @@ -0,0 +1,38 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: public-ingress-to-netpolicy +spec: + podSelector: + matchLabels: + public: "yes" + ingress: + - from: + - podSelector: + matchLabels: + app: revproxy + - podSelector: + matchLabels: + app: ambassador-gen3 + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: public-egress-to-netpolicy +spec: + podSelector: + matchExpressions: + - key: app + operator: In + values: + - revproxy + - ambassador-gen3 + egress: + - to: + - podSelector: + matchLabels: + public: "yes" + policyTypes: + - Egress diff --git a/wip/gen3-network-policies/templates/s3_netpolicy.yaml b/wip/gen3-network-policies/templates/s3_netpolicy.yaml new file mode 100644 index 00000000..b7ed1303 --- /dev/null +++ b/wip/gen3-network-policies/templates/s3_netpolicy.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: s3-netpolicy +spec: + egress: + - to: {{ toYaml .Values.s3CidrRanges | nindent 4}} + podSelector: + matchLabels: + s3: "yes" + policyTypes: + - Egress \ No newline at end of file diff --git a/wip/gen3-network-policies/templates/vpc_netpolicy.yaml b/wip/gen3-network-policies/templates/vpc_netpolicy.yaml new file mode 100644 index 00000000..9d214618 --- /dev/null +++ b/wip/gen3-network-policies/templates/vpc_netpolicy.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: vpc-netpolicy +spec: + egress: + - to: + - ipBlock: + cidr: 172.0.0.0/8 + podSelector: + matchLabels: + netvpc: "yes" + policyTypes: + - Egress \ No newline at end of file diff --git a/wip/gen3-network-policies/values.yaml b/wip/gen3-network-policies/values.yaml new file mode 100644 index 00000000..2d97161f --- /dev/null +++ b/wip/gen3-network-policies/values.yaml @@ -0,0 +1,29 @@ +argo-workflows: + enabled: true + +argocd: + enabled: true + +# This is a list of CIDR ranges that may be used by AWS. This is needed +# to allow egress to S3 for services that need it +s3CidrRanges: + - ipBlock: + cidr: 18.34.0.0/19 + - ipBlock: + cidr: 16.15.192.0/18 + - ipBlock: + cidr: 54.231.0.0/16 + - ipBlock: + cidr: 52.216.0.0/15 + - ipBlock: + cidr: 18.34.232.0/21 + - ipBlock: + cidr: 16.15.176.0/20 + - ipBlock: + cidr: 16.182.0.0/16 + - ipBlock: + cidr: 3.5.0.0/19 + - ipBlock: + cidr: 44.192.134.240/28 + - ipBlock: + cidr: 44.192.140.64/28 From 48ed8a6748b159b9351a5ade7c41a7e53141f945 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 14 Nov 2024 10:45:18 -0700 Subject: [PATCH 253/279] Making various updates to ensure helm works with the new AL based images --- helm/gen3/Chart.yaml | 10 +++++----- helm/gen3/README.md | 12 +++++------- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 4 +--- helm/indexd/templates/pre-install.yaml | 15 +++++++++++---- helm/observability/Chart.yaml | 2 +- helm/observability/README.md | 4 +--- helm/observability/SETUP.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 6 ++---- helm/peregrine/values.yaml | 4 ++++ helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 4 +--- helm/requestor/templates/deployment.yaml | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 6 ++---- helm/sheepdog/templates/deployment.yaml | 17 ++++++++++++----- helm/sheepdog/values.yaml | 4 ++++ helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 4 +--- helm/wts/templates/deployment.yaml | 2 +- 21 files changed, 58 insertions(+), 50 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 3705e149..fc5475c7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -48,7 +48,7 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.16 + version: 0.1.17 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice @@ -60,7 +60,7 @@ dependencies: repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.15 + version: 0.1.16 repository: "file://../peregrine" condition: peregrine.enabled - name: pidgin @@ -80,7 +80,7 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.17 + version: 0.1.18 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher @@ -92,7 +92,7 @@ dependencies: condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.16 + version: 0.1.17 repository: "file://../wts" condition: wts.enabled - name: gen3-network-policies @@ -132,7 +132,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.47 +version: 0.1.48 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index cf0df847..dd4d5b62 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.47](https://img.shields.io/badge/Version-0.1.47-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.48](https://img.shields.io/badge/Version-0.1.48-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -30,19 +30,19 @@ Helm chart to deploy Gen3 Data Commons | file://../frontend-framework | frontend-framework | 0.1.4 | | file://../guppy | guppy | 0.1.15 | | file://../hatchery | hatchery | 0.1.11 | -| file://../indexd | indexd | 0.1.16 | +| file://../indexd | indexd | 0.1.17 | | file://../manifestservice | manifestservice | 0.1.16 | | file://../metadata | metadata | 0.1.15 | | file://../neuvector | neuvector | 0.1.1 | -| file://../peregrine | peregrine | 0.1.15 | +| file://../peregrine | peregrine | 0.1.16 | | file://../pidgin | pidgin | 0.1.12 | | file://../portal | portal | 0.1.20 | | file://../requestor | requestor | 0.1.14 | | file://../revproxy | revproxy | 0.1.18 | -| file://../sheepdog | sheepdog | 0.1.17 | +| file://../sheepdog | sheepdog | 0.1.18 | | file://../sower | sower | 0.1.14 | | file://../ssjdispatcher | ssjdispatcher | 0.1.12 | -| file://../wts | wts | 0.1.16 | +| file://../wts | wts | 0.1.17 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | @@ -181,5 +181,3 @@ Helm chart to deploy Gen3 Data Commons | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index dec59592..17a74482 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 369ad988..44314604 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd @@ -107,5 +107,3 @@ A Helm chart for gen3 indexd | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/indexd/templates/pre-install.yaml b/helm/indexd/templates/pre-install.yaml index a6f6cd9f..f6c2e358 100644 --- a/helm/indexd/templates/pre-install.yaml +++ b/helm/indexd/templates/pre-install.yaml @@ -82,8 +82,15 @@ spec: # Script always succeeds if it runs (echo exits with 0) # indexd image does not include jq, so use python - | - echo 'python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}' - python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}" - echo 'python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}' - python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}" + if command -v python &> /dev/null; then + echo 'python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}' + python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}" + echo 'python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}' + python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}" + else + echo 'poetry run python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}' + poetry run python /indexd/bin/index_admin.py create --username "fence" --password "${FENCE_PASS}" + echo 'poetry run python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}' + poetry run python /indexd/bin/index_admin.py create --username "sheepdog" --password "${SHEEPDOG_PASS}" + fi restartPolicy: Never \ No newline at end of file diff --git a/helm/observability/Chart.yaml b/helm/observability/Chart.yaml index ba80df7a..d1700130 100644 --- a/helm/observability/Chart.yaml +++ b/helm/observability/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/observability/README.md b/helm/observability/README.md index f9e9ef36..9012a25b 100644 --- a/helm/observability/README.md +++ b/helm/observability/README.md @@ -1,6 +1,6 @@ # lgtma-chart -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) A Helm chart for deploying the LGTM stack with additional resources @@ -307,5 +307,3 @@ A Helm chart for deploying the LGTM stack with additional resources | lgtm.role.arn | string | `nil` | The arn of the aws role to associate with the service account that will be used for Loki and Mimir. Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | | lgtm.tempo.enabled | bool | `false` | Enable or disable tempo. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/observability/SETUP.md b/helm/observability/SETUP.md index 43b84a86..d9c84977 100644 --- a/helm/observability/SETUP.md +++ b/helm/observability/SETUP.md @@ -117,7 +117,7 @@ This Helm chart comes equipped with built-in Gen3 alerts, defined in the 'alerti ### Built-in Gen3 Dashboards -We'll soon be releasing Gen3 dashboards, providing users with Gen3-specific visualizations. Please check back here to see if they have been released. +You can utilize Gen3-specific visualizations by visiting our [grafana-dashboards repo](https://github.com/uc-cdis/grafana-dashboards). ## Configuring Mimir diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 58ea23bf..480b01e0 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 8b5ca77a..c9213529 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service @@ -99,8 +99,6 @@ A Helm chart for gen3 Peregrine service | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account | | tolerations | list | `[]` | Tolerations for the pods | -| volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"},{"mountPath":"peregrine/bin/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml index e8f97995..c06c1c92 100644 --- a/helm/peregrine/values.yaml +++ b/helm/peregrine/values.yaml @@ -222,6 +222,10 @@ volumeMounts: readOnly: true mountPath: "/var/www/peregrine/settings.py" subPath: "settings.py" + - name: "config-volume" + readOnly: true + mountPath: "peregrine/bin/settings.py" + subPath: "settings.py" # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 23d832fc..1de8d915 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index a93ea478..de50f354 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service @@ -114,5 +114,3 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/requestor/templates/deployment.yaml b/helm/requestor/templates/deployment.yaml index 61510d29..34ced42f 100644 --- a/helm/requestor/templates/deployment.yaml +++ b/helm/requestor/templates/deployment.yaml @@ -152,4 +152,4 @@ spec: args: - "-c" - | - /env/bin/alembic upgrade head \ No newline at end of file + poetry run alembic upgrade head || /env/bin/alembic upgrade head \ No newline at end of file diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 8c5464f3..8d5715df 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 2dc31247..0fefa6d0 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -105,7 +105,5 @@ A Helm chart for gen3 Sheepdog Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | -| volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | +| volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"},{"mountPath":"sheepdog/bin/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/sheepdog/templates/deployment.yaml b/helm/sheepdog/templates/deployment.yaml index e7d11c17..ac6c4722 100644 --- a/helm/sheepdog/templates/deployment.yaml +++ b/helm/sheepdog/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: initContainers: - name: sheepdog-init image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: DICTIONARY_URL value: {{ .Values.dictionaryUrl }} @@ -93,11 +94,17 @@ spec: # sheepdog sets up core data model now, # but suffers from a race condition doing it ... # - echo datamodel_postgres_admin create-all -U "${PGUSER}" -P XXXXXXX -H "${PGHOST}" -D "${PGDB}" - datamodel_postgres_admin create-all -U "${PGUSER}" -P "${PGPASSWORD}" -H "${PGHOST}" -D "${PGDB}" - - echo python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password XXXXX --host "${PGHOST}" --database "${PGDB}" - python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password "${PGPASSWORD}" --host "${PGHOST}" --database "${PGDB}" + if command -v python &> /dev/null; then + echo datamodel_postgres_admin create-all -U "${PGUSER}" -P XXXXXXX -H "${PGHOST}" -D "${PGDB}" + datamodel_postgres_admin create-all -U "${PGUSER}" -P "${PGPASSWORD}" -H "${PGHOST}" -D "${PGDB}" + echo python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password XXXXX --host "${PGHOST}" --database "${PGDB}" + python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password "${PGPASSWORD}" --host "${PGHOST}" --database "${PGDB}" + else + echo poetry run datamodel_postgres_admin create-all -U "${PGUSER}" -P XXXXXXX -H "${PGHOST}" -D "${PGDB}" + poetry run datamodel_postgres_admin create-all -U "${PGUSER}" -P "${PGPASSWORD}" -H "${PGHOST}" -D "${PGDB}" + echo poetry run python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password XXXXX --host "${PGHOST}" --database "${PGDB}" + poetry run python /sheepdog/bin/setup_transactionlogs.py --user "${PGUSER}" --password "${PGPASSWORD}" --host "${PGHOST}" --database "${PGDB}" + fi containers: - name: sheepdog image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index efcfe9e0..7b7b09df 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -188,6 +188,10 @@ volumeMounts: readOnly: true mountPath: "/var/www/sheepdog/settings.py" subPath: "settings.py" + - name: "config-volume" + readOnly: true + mountPath: "sheepdog/bin/settings.py" + subPath: "settings.py" # -- (map) Resource requests and limits for the containers in the pod resources: diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index fa6eb945..f08093bc 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index dedc4f0b..5baa6341 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service @@ -102,5 +102,3 @@ A Helm chart for gen3 workspace token service | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/wts/templates/deployment.yaml b/helm/wts/templates/deployment.yaml index 0b424f47..1e109964 100644 --- a/helm/wts/templates/deployment.yaml +++ b/helm/wts/templates/deployment.yaml @@ -182,7 +182,7 @@ spec: args: - "-c" - | - if hash alembic 2>/dev/null; then + if hash alembic 2>/dev/null || poetry run alembic --version >/dev/null 2>&1; then echo "Running DB migration" cd /wts # Managing virtual environments via poetry instead of python since the AL base image update, but retaining backwards compatibility From ff334192e094af2a296b0c54f1c23094cb2d4d1e Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 14 Nov 2024 10:47:47 -0700 Subject: [PATCH 254/279] disabling pidgin --- helm/gen3/README.md | 2 +- helm/gen3/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/README.md b/helm/gen3/README.md index dd4d5b62..70a2b878 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -167,7 +167,7 @@ Helm chart to deploy Gen3 Data Commons | neuvector.policies.include | bool | `false` | | | neuvector.policies.policyMode | string | `"Monitor"` | | | peregrine.enabled | bool | `true` | Whether to deploy the peregrine subchart. | -| pidgin.enabled | bool | `true` | Whether to deploy the pidgin subchart. | +| pidgin.enabled | bool | `false` | Whether to deploy the pidgin subchart. | | portal.enabled | bool | `true` | Whether to deploy the portal subchart. | | postgresql | map | `{"primary":{"persistence":{"enabled":false}}}` | To configure postgresql subchart Disable persistence by default so we can spin up and down ephemeral environments | | postgresql.primary.persistence.enabled | bool | `false` | Option to persist the dbs data. | diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 2be04097..4caa59a8 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -238,7 +238,7 @@ peregrine: pidgin: # -- (bool) Whether to deploy the pidgin subchart. - enabled: true + enabled: false portal: # -- (bool) Whether to deploy the portal subchart. From e2c9cfcf8dc50876f07aedf75a51089f6b15f6f0 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Thu, 14 Nov 2024 10:50:39 -0700 Subject: [PATCH 255/279] updating requestor version --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index fc5475c7..c45c4043 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -72,7 +72,7 @@ dependencies: repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.14 + version: 0.1.15 repository: "file://../requestor" condition: requestor.enabled - name: revproxy diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 70a2b878..038bd971 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../peregrine | peregrine | 0.1.16 | | file://../pidgin | pidgin | 0.1.12 | | file://../portal | portal | 0.1.20 | -| file://../requestor | requestor | 0.1.14 | +| file://../requestor | requestor | 0.1.15 | | file://../revproxy | revproxy | 0.1.18 | | file://../sheepdog | sheepdog | 0.1.18 | | file://../sower | sower | 0.1.14 | From 2ac67de1a9b21a31abbf3eafb600980a6673e88b Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 15:02:10 -0600 Subject: [PATCH 256/279] Add support for workspaces in single-node clusters --- .pre-commit-config.yaml | 19 ++++++++++------- .secrets.baseline | 21 +++++++++++++------ helm/alloy/README.md | 3 --- helm/ambassador/README.md | 3 --- helm/arborist/README.md | 3 --- helm/argo-wrapper/README.md | 3 --- helm/audit/README.md | 3 --- helm/aws-es-proxy/README.md | 3 --- helm/common/README.md | 3 --- helm/dicom-server/README.md | 3 --- helm/dicom-viewer/README.md | 3 --- helm/etl/README.md | 3 --- helm/faro-collector/README.md | 3 --- helm/fence/README.md | 3 --- helm/frontend-framework/README.md | 3 --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 5 ++--- helm/guppy/README.md | 3 --- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 9 ++++---- .../hatchery/templates/hatchery-manifest.yaml | 3 ++- helm/hatchery/values.yaml | 5 +++++ helm/indexd/README.md | 1 - helm/manifestservice/README.md | 3 --- helm/metadata/README.md | 3 --- helm/neuvector/README.md | 3 --- helm/observability/README.md | 1 - helm/peregrine/README.md | 1 - helm/pidgin/README.md | 3 --- helm/portal/README.md | 3 --- helm/requestor/README.md | 1 - helm/revproxy/README.md | 3 --- helm/sheepdog/README.md | 1 - helm/sower/README.md | 3 --- helm/ssjdispatcher/README.md | 3 --- helm/wts/README.md | 1 - 36 files changed, 42 insertions(+), 98 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a993cb61..c0cac5fe 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,6 +4,8 @@ repos: hooks: - id: detect-secrets args: ["--baseline", ".secrets.baseline"] + additional_dependencies: ["gibberish-detector"] + - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.5.0 hooks: @@ -15,15 +17,16 @@ repos: # hooks: # - id: helmlint - - repo: local + - repo: https://github.com/norwoodj/helm-docs + rev: "v1.14.2" hooks: - - id: helm-docs - args: ["-c", "helm"] - description: Uses 'helm-docs' to create documentation from the Helm chart's 'values.yaml' file, and inserts the result into a corresponding 'README.md' file. - entry: git-hook/helm-docs.sh - language: script - name: Helm Docs - require_serial: true + # Use a pinned version of helm-docs in a container to generate consistent documentation. + - name: helm-docs + id: helm-docs-container + entry: jnorwood/helm-docs:v1.14.2 + args: + - "--chart-search-root=helm" + - "--skip-version-footer" - repo: local hooks: diff --git a/.secrets.baseline b/.secrets.baseline index c48bf693..f5178a3f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -90,6 +90,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -133,14 +137,16 @@ "filename": "helm/portal/README.md", "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 34 + "line_number": 34, + "is_secret": false }, { "type": "Base64 High Entropy String", "filename": "helm/portal/README.md", "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 39 + "line_number": 39, + "is_secret": false } ], "helm/portal/values.yaml": [ @@ -149,14 +155,16 @@ "filename": "helm/portal/values.yaml", "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 473 + "line_number": 473, + "is_secret": false }, { "type": "Base64 High Entropy String", "filename": "helm/portal/values.yaml", "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 475 + "line_number": 475, + "is_secret": false } ], "helm/revproxy/nginx/helpers.js": [ @@ -165,9 +173,10 @@ "filename": "helm/revproxy/nginx/helpers.js", "hashed_secret": "1d278d3c888d1a2fa7eed622bfc02927ce4049af", "is_verified": false, - "line_number": 10 + "line_number": 10, + "is_secret": false } ] }, - "generated_at": "2024-11-11T22:26:01Z" + "generated_at": "2024-11-18T20:39:22Z" } diff --git a/helm/alloy/README.md b/helm/alloy/README.md index 7b910464..0cec9808 100644 --- a/helm/alloy/README.md +++ b/helm/alloy/README.md @@ -27,6 +27,3 @@ A Helm chart for deploying Grafana Alloy | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | | | alloy.controller.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"us-east-1a"` | | | alloy.controller.type | string | `"deployment"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index 864fc6f4..c46603b8 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -56,6 +56,3 @@ A Helm chart for deploying ambassador for gen3 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | tolerations | list | `[]` | Tolerations to use for the deployment. | | userNamespace | string | `"jupyter-pods"` | Namespace to use for user resources. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/arborist/README.md b/helm/arborist/README.md index 35052045..b96f3571 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -101,6 +101,3 @@ A Helm chart for gen3 arborist | tolerations | list | `[]` | Tolerations to apply to the pod | | volumeMounts | list | `[]` | Volume mounts to attach to the container | | volumes | list | `[]` | Volumes to attach to the pod | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 0e128b22..6d0f2394 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -66,6 +66,3 @@ A Helm chart for gen3 Argo Wrapper Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `[{"mountPath":"/argo.json","name":"argo-config","readOnly":true,"subPath":"argo.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"configMap":{"items":[{"key":"argo.json","path":"argo.json"}],"name":"manifest-argo"},"name":"argo-config"}]` | Volumes to attach to the pod. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/audit/README.md b/helm/audit/README.md index faa4cd6e..f7135913 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -122,6 +122,3 @@ A Helm chart for Kubernetes | tolerations | list | `[]` | Tolerations for the pods | | volumeMounts | list | `[]` | Volumes to mount to the container. | | volumes | list | `[]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 3166311f..dd69e540 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -67,6 +67,3 @@ A Helm chart for AWS ES Proxy Service for gen3 | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `[{"mountPath":"/root/.aws","name":"credentials","readOnly":true}]` | Volumes to mount to the pod. | | volumes | list | `nil` | Volumes to attach to the pod | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/common/README.md b/helm/common/README.md index 5fc9d467..2fbcb920 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -32,6 +32,3 @@ A Helm chart for provisioning databases in gen3 | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index 78e0b4b4..b921bc73 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -50,6 +50,3 @@ A Helm chart for gen3 Dicom Server | service.targetport | int | `8042` | The port on the host machine that traffic is directed to. | | volumeMounts | list | `[{"mountPath":"/etc/orthanc/orthanc_config_overwrites.json","name":"config-volume-g3auto","readOnly":true,"subPath":"orthanc_config_overwrites.json"}]` | Volumes to mount to the pod. | | volumes | list | `[{"name":"config-volume-g3auto","secret":{"secretName":"orthanc-g3auto"}}]` | Volumes to attach to the pod. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 3983a6e4..86707c8c 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -36,6 +36,3 @@ A Helm chart for gen3 Dicom Viewer | service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. | | service.port | int | `80` | The port number that the service exposes. | | service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/etl/README.md b/helm/etl/README.md index 3d82c6e1..fec43f48 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -107,6 +107,3 @@ A Helm chart for gen3 etl | resources.tube.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/faro-collector/README.md b/helm/faro-collector/README.md index 97a65cde..f3c6095b 100644 --- a/helm/faro-collector/README.md +++ b/helm/faro-collector/README.md @@ -29,6 +29,3 @@ A Helm chart for deploying Grafana Alloy | alloy.ingress.ingressClassName | string | `"alb"` | | | alloy.ingress.labels | object | `{}` | | | alloy.ingress.path | string | `"/"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/fence/README.md b/helm/fence/README.md index f9158f7e..3dcb3f0d 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -196,6 +196,3 @@ A Helm chart for gen3 Fence | usersync.usersync | bool | `false` | Whether to run Fence usersync or not. | | volumeMounts | list | `[{"mountPath":"/var/www/fence/local_settings.py","name":"old-config-volume","readOnly":true,"subPath":"local_settings.py"},{"mountPath":"/var/www/fence/fence_credentials.json","name":"json-secret-volume","readOnly":true,"subPath":"fence_credentials.json"},{"mountPath":"/var/www/fence/creds.json","name":"creds-volume","readOnly":true,"subPath":"creds.json"},{"mountPath":"/var/www/fence/config_helper.py","name":"config-helper","readOnly":true,"subPath":"config_helper.py"},{"mountPath":"/fence/fence/static/img/logo.svg","name":"logo-volume","readOnly":true,"subPath":"logo.svg"},{"mountPath":"/fence/fence/static/privacy_policy.md","name":"privacy-policy","readOnly":true,"subPath":"privacy_policy.md"},{"mountPath":"/var/www/fence/fence-config-secret.yaml","name":"config-volume","readOnly":true,"subPath":"fence-config.yaml"},{"mountPath":"/var/www/fence/yaml_merge.py","name":"yaml-merge","readOnly":true,"subPath":"yaml_merge.py"},{"mountPath":"/var/www/fence/fence_google_app_creds_secret.json","name":"fence-google-app-creds-secret-volume","readOnly":true,"subPath":"fence_google_app_creds_secret.json"},{"mountPath":"/var/www/fence/fence_google_storage_creds_secret.json","name":"fence-google-storage-creds-secret-volume","readOnly":true,"subPath":"fence_google_storage_creds_secret.json"},{"mountPath":"/fence/keys/key/jwt_private_key.pem","name":"fence-jwt-keys","readOnly":true,"subPath":"jwt_private_key.pem"},{"mountPath":"/var/www/fence/fence-config-public.yaml","name":"config-volume-public","readOnly":true,"subPath":"fence-config-public.yaml"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"old-config-volume","secret":{"secretName":"fence-secret"}},{"name":"json-secret-volume","secret":{"optional":true,"secretName":"fence-json-secret"}},{"name":"creds-volume","secret":{"secretName":"fence-creds"}},{"configMap":{"name":"config-helper","optional":true},"name":"config-helper"},{"configMap":{"name":"logo-config"},"name":"logo-volume"},{"name":"config-volume","secret":{"secretName":"fence-config"}},{"name":"fence-google-app-creds-secret-volume","secret":{"secretName":"fence-google-app-creds-secret"}},{"name":"fence-google-storage-creds-secret-volume","secret":{"secretName":"fence-google-storage-creds-secret"}},{"name":"fence-jwt-keys","secret":{"secretName":"fence-jwt-keys"}},{"configMap":{"name":"privacy-policy"},"name":"privacy-policy"},{"configMap":{"name":"fence-yaml-merge","optional":false},"name":"yaml-merge"},{"configMap":{"name":"manifest-fence","optional":true},"name":"config-volume-public"}]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 3cc82305..6100ec00 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -90,6 +90,3 @@ A Helm chart for the gen3 frontend framework | strategy.rollingUpdate.maxSurge | int | `2` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index c45c4043..128ee4a1 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -44,7 +44,7 @@ dependencies: repository: "file://../guppy" condition: guppy.enabled - name: hatchery - version: 0.1.11 + version: 0.1.12 repository: "file://../hatchery" condition: hatchery.enabled - name: indexd @@ -132,7 +132,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.48 +version: 0.1.49 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 038bd971..04bb57f8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.48](https://img.shields.io/badge/Version-0.1.48-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -29,7 +29,7 @@ Helm chart to deploy Gen3 Data Commons | file://../fence | fence | 0.1.25 | | file://../frontend-framework | frontend-framework | 0.1.4 | | file://../guppy | guppy | 0.1.15 | -| file://../hatchery | hatchery | 0.1.11 | +| file://../hatchery | hatchery | 0.1.12 | | file://../indexd | indexd | 0.1.17 | | file://../manifestservice | manifestservice | 0.1.16 | | file://../metadata | metadata | 0.1.15 | @@ -180,4 +180,3 @@ Helm chart to deploy Gen3 Data Commons | sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | - diff --git a/helm/guppy/README.md b/helm/guppy/README.md index 9d08e3ea..a3fd4731 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -92,6 +92,3 @@ A Helm chart for gen3 Guppy Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `[{"mountPath":"/guppy/guppy_config.json","name":"guppy-config","readOnly":true,"subPath":"guppy_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"guppy_config.json","path":"guppy_config.json"}],"name":"manifest-guppy"},"name":"guppy-config"}]` | Volumes to attach to the pod. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 5a86a60c..1172f69b 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index dc3e8e00..409ce94d 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -1,6 +1,6 @@ # hatchery -![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Hatchery @@ -49,7 +49,7 @@ A Helm chart for gen3 Hatchery | global.publicDataSets | bool | `true` | Whether public datasets are enabled. | | global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | | global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"}}` | Hatchery sidcar container configuration. | +| hatchery | map | `{"containers":[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}],"sidecarContainer":{"args":[],"command":["/bin/bash","./sidecar.sh"],"cpu-limit":"0.1","env":{"HOSTNAME":"{{ .Values.global.hostname }}","NAMESPACE":"{{ .Release.Namespace }}"},"image":"quay.io/cdis/ecs-ws-sidecar:master","lifecycle-pre-stop":["su","-c","echo test","-s","/bin/sh","root"],"memory-limit":"256Mi"},"skipNodeSelector":false,"useInternalServicesUrl":false}` | Hatchery sidcar container configuration. | | hatchery.containers | list | `[{"args":["--NotebookApp.base_url=/lw-workspace/proxy/","--NotebookApp.default_url=/lab","--NotebookApp.password=''","--NotebookApp.token=''","--NotebookApp.shutdown_no_activity_timeout=5400","--NotebookApp.quit_button=False"],"command":["start-notebook.sh"],"cpu-limit":"1.0","env":{"FRAME_ANCESTORS":"https://{{ .Values.global.hostname }}"},"fs-gid":100,"gen3-volume-location":"/home/jovyan/.gen3","image":"quay.io/cdis/heal-notebooks:combined_tutorials__latest","lifecycle-post-start":["/bin/sh","-c","export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found; ln -s /data /home/$IAM/pd/; true"],"memory-limit":"2Gi","name":"(Tutorials) Example Analysis Jupyter Lab Notebooks","path-rewrite":"/lw-workspace/proxy/","ready-probe":"/lw-workspace/proxy/","target-port":8888,"use-tls":"false","user-uid":1000,"user-volume-location":"/home/jovyan/pd"}]` | Notebook configuration. | | hatchery.sidecarContainer.args | list | `[]` | Arguments to pass to the sidecare container. | | hatchery.sidecarContainer.command | list | `["/bin/bash","./sidecar.sh"]` | Commands to run for the sidecar container. | @@ -58,6 +58,8 @@ A Helm chart for gen3 Hatchery | hatchery.sidecarContainer.image | string | `"quay.io/cdis/ecs-ws-sidecar:master"` | The sidecar image. | | hatchery.sidecarContainer.lifecycle-pre-stop | list | `["su","-c","echo test","-s","/bin/sh","root"]` | Commands that are run before the container is stopped. | | hatchery.sidecarContainer.memory-limit | string | `"256Mi"` | The maximum amount of memory the sidecar container can use | +| hatchery.skipNodeSelector | bool | `false` | Whether to skip node selector for . Defaults to `global.dev`. | +| hatchery.useInternalServicesUrl | bool | `false` | Whether to use internal services url. Defaults to `global.dev`. | | image | map | `{"pullPolicy":"IfNotPresent","repository":"quay.io/cdis/hatchery","tag":""}` | Docker image information. | | image.pullPolicy | string | `"IfNotPresent"` | Docker pull policy. | | image.repository | string | `"quay.io/cdis/hatchery"` | Docker repository. | @@ -83,6 +85,3 @@ A Helm chart for gen3 Hatchery | tolerations | list | `[]` | Tolerations to use for the deployment. | | volumeMounts | list | `[{"mountPath":"/hatchery.json","name":"hatchery-config","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"manifest-hatchery"},"name":"hatchery-config"}]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/hatchery/templates/hatchery-manifest.yaml b/helm/hatchery/templates/hatchery-manifest.yaml index 777e6922..3d643a84 100644 --- a/helm/hatchery/templates/hatchery-manifest.yaml +++ b/helm/hatchery/templates/hatchery-manifest.yaml @@ -6,7 +6,8 @@ data: json: | { "user-namespace": "jupyter-pods-{{ .Release.Name }}", - "localdev": {{ .Values.global.dev }}, + "skip-node-selector": {{ or .Values.global.dev .Values.hatchery.skipNodeSelector }}, + "use-internal-services-url": {{ or .Values.global.dev .Values.hatchery.useInternalServicesUrl }}, "sub-dir": "/lw-workspace", "user-volume-size": "10Gi", "sidecar": {{ tpl (.Values.hatchery.sidecarContainer | toJson) . }}, diff --git a/helm/hatchery/values.yaml b/helm/hatchery/values.yaml index 7ee911ca..db9d8241 100644 --- a/helm/hatchery/values.yaml +++ b/helm/hatchery/values.yaml @@ -206,6 +206,11 @@ hatchery: user-volume-location: "/home/jovyan/pd" gen3-volume-location: "/home/jovyan/.gen3" + # -- (bool) Whether to skip node selector for . Defaults to `global.dev`. + skipNodeSelector: false + # -- (bool) Whether to use internal services url. Defaults to `global.dev`. + useInternalServicesUrl: false + # Values to determine the labels that are used for the deployment, pod, etc. # -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". release: "production" diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 44314604..8d10b1ca 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -106,4 +106,3 @@ A Helm chart for gen3 indexd | uwsgi | map | `{"listen":1024}` | Values for overriding uwsgi settings | | volumeMounts | list | `[{"mountPath":"/var/www/indexd/local_settings.py","name":"config-volume","readOnly":true,"subPath":"local_settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"name":"indexd-uwsgi"},"name":"uwsgi-config"},{"name":"config-volume","secret":{"secretName":"indexd-settings"}}]` | Volumes to attach to the pod | - diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 06f23829..4bacee39 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -81,6 +81,3 @@ A Helm chart for Kubernetes | terminationGracePeriodSeconds | int | `50` | Grace period that applies to the total time it takes for both the PreStop hook to execute and for the Container to stop normally. | | volumeMounts | list | `[{"mountPath":"/var/gen3/config/","name":"config-volume","readOnly":true}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"config-volume","secret":{"secretName":"manifestservice-g3auto"}}]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 578ac30d..303d10b3 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -120,6 +120,3 @@ A Helm chart for gen3 Metadata Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/mds/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/neuvector/README.md b/helm/neuvector/README.md index d075b808..5dd4c19c 100644 --- a/helm/neuvector/README.md +++ b/helm/neuvector/README.md @@ -18,6 +18,3 @@ NeuVector Kubernetes Security Policy templates to protect Gen3 | nameOverride | string | `""` | | | policies.include | bool | `true` | | | policies.policyMode | string | `"Monitor"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/observability/README.md b/helm/observability/README.md index 9012a25b..cbbd1413 100644 --- a/helm/observability/README.md +++ b/helm/observability/README.md @@ -306,4 +306,3 @@ A Helm chart for deploying the LGTM stack with additional resources | lgtm.mimir.store_gateway.zoneAwareReplication.topologyKey | string | `"kubernetes.io/hostname"` | Topology key used for zone-aware replication. | | lgtm.role.arn | string | `nil` | The arn of the aws role to associate with the service account that will be used for Loki and Mimir. Documentation on IRSA setup https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html | | lgtm.tempo.enabled | bool | `false` | Enable or disable tempo. | - diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c9213529..07cd4377 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -101,4 +101,3 @@ A Helm chart for gen3 Peregrine service | tolerations | list | `[]` | Tolerations for the pods | | volumeMounts | list | `[{"mountPath":"/var/www/peregrine/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"},{"mountPath":"peregrine/bin/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | | volumes | list | `[{"emptyDir":{},"name":"shared-data"},{"name":"config-volume","secret":{"secretName":"peregrine-secret"}}]` | Volumes to attach to the container. | - diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 552d0d20..50279561 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -81,6 +81,3 @@ A Helm chart for gen3 Pidgin Service | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/portal/README.md b/helm/portal/README.md index 7d425ee9..eb124e15 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -97,6 +97,3 @@ A Helm chart for gen3 data-portal | strategy.rollingUpdate.maxSurge | int | `2` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `"25%"` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to apply to the pod | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/requestor/README.md b/helm/requestor/README.md index de50f354..cd99f424 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -113,4 +113,3 @@ A Helm chart for gen3 Requestor Service | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | volumeMounts | list | `nil` | Volumes to mount to the container. | - diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 9c862929..29938970 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -106,6 +106,3 @@ A Helm chart for gen3 revproxy | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | tolerations | list | `[]` | Tolerations to use for the deployment. | | userhelperEnabled | bool | `false` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 0fefa6d0..3f9d4d3a 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -106,4 +106,3 @@ A Helm chart for gen3 Sheepdog Service | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | | terminationGracePeriodSeconds | int | `50` | sheepdog transactions take forever - try to let the complete before termination | | volumeMounts | list | `[{"mountPath":"/var/www/sheepdog/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"},{"mountPath":"sheepdog/bin/settings.py","name":"config-volume","readOnly":true,"subPath":"settings.py"}]` | Volumes to mount to the container. | - diff --git a/helm/sower/README.md b/helm/sower/README.md index 060fadbc..d980270b 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -183,6 +183,3 @@ A Helm chart for gen3 sower | tolerations | list | `[]` | Tolerations for the pods | | volumeMounts | list | `[{"mountPath":"/sower_config.json","name":"sower-config","readOnly":true,"subPath":"sower_config.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"configMap":{"items":[{"key":"json","path":"sower_config.json"}],"name":"manifest-sower"},"name":"sower-config"}]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 97195985..0025e6d4 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -108,6 +108,3 @@ A Helm chart for gen3 ssjdispatcher | tolerations | list | `[]` | Tolerations for the pods | | volumeMounts | list | `[{"mountPath":"/credentials.json","name":"ssjdispatcher-creds-volume","readOnly":true,"subPath":"credentials.json"}]` | Volumes to mount to the container. | | volumes | list | `[{"name":"ssjdispatcher-creds-volume","secret":{"secretName":"ssjdispatcher-creds"}}]` | Volumes to attach to the container. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/wts/README.md b/helm/wts/README.md index 5baa6341..55458ba7 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -101,4 +101,3 @@ A Helm chart for gen3 workspace token service | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | Tolerations for the pods | - From e756007769eec973088fba96749fc21b58840493 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 15:16:51 -0600 Subject: [PATCH 257/279] Bump charts to remove "helm-docs" autogenerated version footer --- helm/alloy/Chart.yaml | 2 +- helm/alloy/README.md | 2 +- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/common/Chart.yaml | 2 +- helm/common/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 2 +- helm/faro-collector/Chart.yaml | 2 +- helm/faro-collector/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- helm/gen3/Chart.yaml | 50 ++++++++++++++---------------- helm/gen3/README.md | 47 ++++++++++++++-------------- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/neuvector/Chart.yaml | 2 +- helm/neuvector/README.md | 2 +- helm/observability/Chart.yaml | 2 +- helm/observability/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 58 files changed, 102 insertions(+), 107 deletions(-) diff --git a/helm/alloy/Chart.yaml b/helm/alloy/Chart.yaml index 32399d2d..ac429f84 100644 --- a/helm/alloy/Chart.yaml +++ b/helm/alloy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/alloy/README.md b/helm/alloy/README.md index 0cec9808..97a37142 100644 --- a/helm/alloy/README.md +++ b/helm/alloy/README.md @@ -1,6 +1,6 @@ # alloy -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for deploying Grafana Alloy diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 41fcca74..7cbb3fe7 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index c46603b8..fedbd57f 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -1,6 +1,6 @@ # ambassador -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square) A Helm chart for deploying ambassador for gen3 diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 89ce9343..25269169 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/arborist/README.md b/helm/arborist/README.md index b96f3571..dc6ae817 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -1,6 +1,6 @@ # arborist -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 arborist diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index 9adfd19c..c189e656 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 6d0f2394..115e2459 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -1,6 +1,6 @@ # argo-wrapper -![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Argo Wrapper Service diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 8a9fe516..62884a9e 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/audit/README.md b/helm/audit/README.md index f7135913..164ede9f 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -1,6 +1,6 @@ # audit -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index a14f6b98..a2986601 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index dd69e540..36a86713 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -1,6 +1,6 @@ # aws-es-proxy -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for AWS ES Proxy Service for gen3 diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml index 1e8308c6..66e881bd 100644 --- a/helm/common/Chart.yaml +++ b/helm/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/common/README.md b/helm/common/README.md index 2fbcb920..8ef44573 100644 --- a/helm/common/README.md +++ b/helm/common/README.md @@ -1,6 +1,6 @@ # common -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for provisioning databases in gen3 diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index f525ad97..a2230ca9 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index b921bc73..bf3f854d 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -1,6 +1,6 @@ # dicom-server -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Server diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 4123f9f1..6a1c3da5 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 86707c8c..9f2a2f98 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -1,6 +1,6 @@ # dicom-viewer -![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.11](https://img.shields.io/badge/Version-0.1.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Dicom Viewer diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 7e5bcc3d..f2a606bd 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index fec43f48..58c187f0 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/faro-collector/Chart.yaml b/helm/faro-collector/Chart.yaml index 32399d2d..ac429f84 100644 --- a/helm/faro-collector/Chart.yaml +++ b/helm/faro-collector/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/faro-collector/README.md b/helm/faro-collector/README.md index f3c6095b..fd1f86db 100644 --- a/helm/faro-collector/README.md +++ b/helm/faro-collector/README.md @@ -1,6 +1,6 @@ # alloy -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for deploying Grafana Alloy diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index b57cb952..3b53fdcf 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.25 +version: 0.1.26 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 3dcb3f0d..f0f7bf56 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.25](https://img.shields.io/badge/Version-0.1.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 1a48668b..7c92b97a 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 6100ec00..9b77c0ac 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 128ee4a1..28919966 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -5,42 +5,42 @@ description: Helm chart to deploy Gen3 Data Commons # Dependencies dependencies: - name: ambassador - version: 0.1.15 + version: 0.1.16 repository: "file://../ambassador" condition: ambassador.enabled - name: arborist - version: 0.1.13 + version: 0.1.14 repository: "file://../arborist" condition: arborist.enabled - name: argo-wrapper - version: 0.1.9 + version: 0.1.10 repository: "file://../argo-wrapper" condition: argo-wrapper.enabled - name: audit - version: 0.1.15 + version: 0.1.16 repository: "file://../audit" condition: audit.enabled - name: aws-es-proxy - version: 0.1.12 + version: 0.1.13 repository: "file://../aws-es-proxy" condition: aws-es-proxy.enabled - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: etl - version: 0.1.4 + version: 0.1.5 repository: file://../etl condition: etl.enabled - name: frontend-framework - version: 0.1.4 + version: 0.1.5 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.25 + version: 0.1.26 repository: "file://../fence" condition: fence.enabled - name: guppy - version: 0.1.15 + version: 0.1.16 repository: "file://../guppy" condition: guppy.enabled - name: hatchery @@ -48,55 +48,51 @@ dependencies: repository: "file://../hatchery" condition: hatchery.enabled - name: indexd - version: 0.1.17 + version: 0.1.18 repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.16 + version: 0.1.17 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.15 + version: 0.1.16 repository: "file://../metadata" condition: metadata.enabled - name: peregrine - version: 0.1.16 + version: 0.1.17 repository: "file://../peregrine" condition: peregrine.enabled - - name: pidgin - version: 0.1.12 - repository: "file://../pidgin" - condition: pidgin.enabled - name: portal - version: 0.1.20 + version: 0.1.21 repository: "file://../portal" condition: portal.enabled - name: requestor - version: 0.1.15 + version: 0.1.16 repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.18 + version: 0.1.19 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.18 + version: 0.1.19 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.12 + version: 0.1.13 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.14 + version: 0.1.15 condition: sower.enabled repository: "file://../sower" - name: wts - version: 0.1.17 + version: 0.1.18 repository: "file://../wts" condition: wts.enabled - name: gen3-network-policies - version: 0.1.1 + version: 0.1.2 repository: "file://../../wip/gen3-network-policies" condition: global.netPolicy.enabled @@ -115,7 +111,7 @@ dependencies: # Reference: https://github.com/neuvector/neuvector-helm # For more information, please use the Gen3 community Slack. - name: neuvector - version: "0.1.1" + version: "0.1.2" repository: "file://../neuvector" condition: neuvector.enabled diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 04bb57f8..d6a754f3 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,31 +18,30 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../../wip/gen3-network-policies | gen3-network-policies | 0.1.1 | -| file://../ambassador | ambassador | 0.1.15 | -| file://../arborist | arborist | 0.1.13 | -| file://../argo-wrapper | argo-wrapper | 0.1.9 | -| file://../audit | audit | 0.1.15 | -| file://../aws-es-proxy | aws-es-proxy | 0.1.12 | -| file://../common | common | 0.1.15 | -| file://../etl | etl | 0.1.4 | -| file://../fence | fence | 0.1.25 | -| file://../frontend-framework | frontend-framework | 0.1.4 | -| file://../guppy | guppy | 0.1.15 | +| file://../../wip/gen3-network-policies | gen3-network-policies | 0.1.2 | +| file://../ambassador | ambassador | 0.1.16 | +| file://../arborist | arborist | 0.1.14 | +| file://../argo-wrapper | argo-wrapper | 0.1.10 | +| file://../audit | audit | 0.1.16 | +| file://../aws-es-proxy | aws-es-proxy | 0.1.13 | +| file://../common | common | 0.1.16 | +| file://../etl | etl | 0.1.5 | +| file://../fence | fence | 0.1.26 | +| file://../frontend-framework | frontend-framework | 0.1.5 | +| file://../guppy | guppy | 0.1.16 | | file://../hatchery | hatchery | 0.1.12 | -| file://../indexd | indexd | 0.1.17 | -| file://../manifestservice | manifestservice | 0.1.16 | -| file://../metadata | metadata | 0.1.15 | -| file://../neuvector | neuvector | 0.1.1 | -| file://../peregrine | peregrine | 0.1.16 | -| file://../pidgin | pidgin | 0.1.12 | -| file://../portal | portal | 0.1.20 | -| file://../requestor | requestor | 0.1.15 | -| file://../revproxy | revproxy | 0.1.18 | -| file://../sheepdog | sheepdog | 0.1.18 | -| file://../sower | sower | 0.1.14 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.12 | -| file://../wts | wts | 0.1.17 | +| file://../indexd | indexd | 0.1.18 | +| file://../manifestservice | manifestservice | 0.1.17 | +| file://../metadata | metadata | 0.1.16 | +| file://../neuvector | neuvector | 0.1.2 | +| file://../peregrine | peregrine | 0.1.17 | +| file://../portal | portal | 0.1.21 | +| file://../requestor | requestor | 0.1.16 | +| file://../revproxy | revproxy | 0.1.19 | +| file://../sheepdog | sheepdog | 0.1.19 | +| file://../sower | sower | 0.1.15 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.13 | +| file://../wts | wts | 0.1.18 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index e625d113..d4a57084 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/guppy/README.md b/helm/guppy/README.md index a3fd4731..f200e5e3 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -1,6 +1,6 @@ # guppy -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Guppy Service diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index 17a74482..a21d6f6d 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 8d10b1ca..66d1f7ac 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -1,6 +1,6 @@ # indexd -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 indexd diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 4e5ad932..63975317 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 4bacee39..6cd7e7e2 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 5def4e33..2e290f8e 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index 303d10b3..c4897f38 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service diff --git a/helm/neuvector/Chart.yaml b/helm/neuvector/Chart.yaml index 1a064380..845c1797 100644 --- a/helm/neuvector/Chart.yaml +++ b/helm/neuvector/Chart.yaml @@ -19,7 +19,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/neuvector/README.md b/helm/neuvector/README.md index 5dd4c19c..928cd747 100644 --- a/helm/neuvector/README.md +++ b/helm/neuvector/README.md @@ -1,6 +1,6 @@ # neuvector -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) NeuVector Kubernetes Security Policy templates to protect Gen3 diff --git a/helm/observability/Chart.yaml b/helm/observability/Chart.yaml index d1700130..0d0317ef 100644 --- a/helm/observability/Chart.yaml +++ b/helm/observability/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/observability/README.md b/helm/observability/README.md index cbbd1413..72b9951d 100644 --- a/helm/observability/README.md +++ b/helm/observability/README.md @@ -1,6 +1,6 @@ # lgtma-chart -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) A Helm chart for deploying the LGTM stack with additional resources diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index 480b01e0..d1357d18 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index 07cd4377..c4bc7d45 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -1,6 +1,6 @@ # peregrine -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Peregrine service diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index a0086a5e..3fbadadb 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 50279561..41a984d9 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -1,6 +1,6 @@ # pidgin -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Pidgin Service diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 55943894..07a6bda4 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.20 +version: 0.1.21 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index eb124e15..6ccee4c5 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 1de8d915..064e6223 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/requestor/README.md b/helm/requestor/README.md index cd99f424..14643a89 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -1,6 +1,6 @@ # requestor -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Requestor Service diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 016cf70d..e0ca4d8b 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 29938970..fee43036 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 8d5715df..4587c8d6 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 3f9d4d3a..0dedf26d 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 510eab8c..528737c6 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index d980270b..5d4c77cb 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 61b00d9a..edf18b2b 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 0025e6d4..872299b1 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index f08093bc..3ca40f48 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/wts/README.md b/helm/wts/README.md index 55458ba7..4d73520d 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -1,6 +1,6 @@ # wts -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 workspace token service From 3912587a9ec4e9e32e52e58499af66400991ca42 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 15:34:05 -0600 Subject: [PATCH 258/279] Move gen3-networkpolicies out of WIP folder and bump common chart --- helm/ambassador/Chart.yaml | 2 +- helm/ambassador/README.md | 2 +- helm/arborist/Chart.yaml | 2 +- helm/arborist/README.md | 2 +- helm/argo-wrapper/Chart.yaml | 2 +- helm/argo-wrapper/README.md | 2 +- helm/audit/Chart.yaml | 2 +- helm/audit/README.md | 2 +- helm/aws-es-proxy/Chart.yaml | 2 +- helm/aws-es-proxy/README.md | 2 +- helm/dicom-server/Chart.yaml | 2 +- helm/dicom-server/README.md | 2 +- helm/dicom-viewer/Chart.yaml | 2 +- helm/dicom-viewer/README.md | 2 +- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 2 +- .../gen3-network-policies/.helmignore | 0 .../gen3-network-policies/Chart.yaml | 4 ++-- helm/gen3-network-policies/README.md | 22 +++++++++++++++++++ .../templates/_helpers.tpl | 0 .../templates/allow_nothing_netpolicy.yaml | 0 .../templates/allowdns_netpolicy.yaml | 0 .../templates/argo_workflows_netpolicy.yaml | 0 .../templates/argocd_netpolicy.yaml | 0 .../templates/auth_netpolicy.yaml | 0 .../dev_elasticsearch_netpolicy.yaml | 0 .../templates/dev_kube_api_netpolicy.yaml | 0 .../templates/dev_postgres_netpolicy.yaml | 0 .../templates/external_egress_netpolicy.yaml | 0 .../templates/gen3job_netpolicy.yaml | 0 .../templates/jh_netpolicy.yaml | 0 .../templates/linklocal_netpolicy.yaml | 0 .../templates/nolimit_netpolicy.yaml | 0 .../templates/public_netpolicy.yaml | 0 .../templates/s3_netpolicy.yaml | 0 .../templates/vpc_netpolicy.yaml | 0 .../gen3-network-policies/values.yaml | 0 helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/guppy/Chart.yaml | 2 +- helm/guppy/README.md | 2 +- helm/hatchery/Chart.yaml | 2 +- helm/hatchery/README.md | 2 +- helm/indexd/Chart.yaml | 2 +- helm/indexd/README.md | 2 +- helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 2 +- helm/peregrine/Chart.yaml | 2 +- helm/peregrine/README.md | 2 +- helm/pidgin/Chart.yaml | 2 +- helm/pidgin/README.md | 2 +- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 2 +- helm/requestor/Chart.yaml | 2 +- helm/requestor/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- helm/wts/Chart.yaml | 2 +- helm/wts/README.md | 2 +- 69 files changed, 72 insertions(+), 50 deletions(-) rename {wip => helm}/gen3-network-policies/.helmignore (100%) rename {wip => helm}/gen3-network-policies/Chart.yaml (79%) create mode 100644 helm/gen3-network-policies/README.md rename {wip => helm}/gen3-network-policies/templates/_helpers.tpl (100%) rename {wip => helm}/gen3-network-policies/templates/allow_nothing_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/allowdns_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/argo_workflows_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/argocd_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/auth_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/dev_postgres_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/external_egress_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/gen3job_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/jh_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/linklocal_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/nolimit_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/public_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/s3_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/templates/vpc_netpolicy.yaml (100%) rename {wip => helm}/gen3-network-policies/values.yaml (100%) diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml index 7cbb3fe7..d356536b 100644 --- a/helm/ambassador/Chart.yaml +++ b/helm/ambassador/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "1.4.2" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md index fedbd57f..98cc6e06 100644 --- a/helm/ambassador/README.md +++ b/helm/ambassador/README.md @@ -8,7 +8,7 @@ A Helm chart for deploying ambassador for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml index 25269169..1c13ff60 100644 --- a/helm/arborist/Chart.yaml +++ b/helm/arborist/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/arborist/README.md b/helm/arborist/README.md index dc6ae817..68301926 100644 --- a/helm/arborist/README.md +++ b/helm/arborist/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 arborist | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/argo-wrapper/Chart.yaml b/helm/argo-wrapper/Chart.yaml index c189e656..6c3db9d2 100644 --- a/helm/argo-wrapper/Chart.yaml +++ b/helm/argo-wrapper/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/argo-wrapper/README.md b/helm/argo-wrapper/README.md index 115e2459..75f3d778 100644 --- a/helm/argo-wrapper/README.md +++ b/helm/argo-wrapper/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Argo Wrapper Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml index 62884a9e..7099e8b3 100644 --- a/helm/audit/Chart.yaml +++ b/helm/audit/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/audit/README.md b/helm/audit/README.md index 164ede9f..c2882cb8 100644 --- a/helm/audit/README.md +++ b/helm/audit/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/aws-es-proxy/Chart.yaml b/helm/aws-es-proxy/Chart.yaml index a2986601..a2c7bf35 100644 --- a/helm/aws-es-proxy/Chart.yaml +++ b/helm/aws-es-proxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/aws-es-proxy/README.md b/helm/aws-es-proxy/README.md index 36a86713..f0a3fb8c 100644 --- a/helm/aws-es-proxy/README.md +++ b/helm/aws-es-proxy/README.md @@ -8,7 +8,7 @@ A Helm chart for AWS ES Proxy Service for gen3 | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/dicom-server/Chart.yaml b/helm/dicom-server/Chart.yaml index a2230ca9..caaed1d9 100644 --- a/helm/dicom-server/Chart.yaml +++ b/helm/dicom-server/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/dicom-server/README.md b/helm/dicom-server/README.md index bf3f854d..58c6394c 100644 --- a/helm/dicom-server/README.md +++ b/helm/dicom-server/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Server | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/dicom-viewer/Chart.yaml b/helm/dicom-viewer/Chart.yaml index 6a1c3da5..30f65737 100644 --- a/helm/dicom-viewer/Chart.yaml +++ b/helm/dicom-viewer/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/dicom-viewer/README.md b/helm/dicom-viewer/README.md index 9f2a2f98..fc6fab1f 100644 --- a/helm/dicom-viewer/README.md +++ b/helm/dicom-viewer/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Dicom Viewer | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 3b53fdcf..02930bbf 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/fence/README.md b/helm/fence/README.md index f0f7bf56..690caa00 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Fence | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 7c92b97a..56609579 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "develop" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 9b77c0ac..27c8d8c2 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -8,7 +8,7 @@ A Helm chart for the gen3 frontend framework | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/wip/gen3-network-policies/.helmignore b/helm/gen3-network-policies/.helmignore similarity index 100% rename from wip/gen3-network-policies/.helmignore rename to helm/gen3-network-policies/.helmignore diff --git a/wip/gen3-network-policies/Chart.yaml b/helm/gen3-network-policies/Chart.yaml similarity index 79% rename from wip/gen3-network-policies/Chart.yaml rename to helm/gen3-network-policies/Chart.yaml index 7bc53bc1..c1a81dfc 100644 --- a/wip/gen3-network-policies/Chart.yaml +++ b/helm/gen3-network-policies/Chart.yaml @@ -4,6 +4,6 @@ description: A Helm chart that holds network policies needed to run Gen3 type: application -version: 0.1.1 +version: 0.1.2 -appVersion: "0.1.1" +appVersion: "0.1.2" diff --git a/helm/gen3-network-policies/README.md b/helm/gen3-network-policies/README.md new file mode 100644 index 00000000..d5090889 --- /dev/null +++ b/helm/gen3-network-policies/README.md @@ -0,0 +1,22 @@ +# gen3-network-policies + +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.2](https://img.shields.io/badge/AppVersion-0.1.2-informational?style=flat-square) + +A Helm chart that holds network policies needed to run Gen3 + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| argo-workflows.enabled | bool | `true` | | +| argocd.enabled | bool | `true` | | +| s3CidrRanges[0].ipBlock.cidr | string | `"18.34.0.0/19"` | | +| s3CidrRanges[1].ipBlock.cidr | string | `"16.15.192.0/18"` | | +| s3CidrRanges[2].ipBlock.cidr | string | `"54.231.0.0/16"` | | +| s3CidrRanges[3].ipBlock.cidr | string | `"52.216.0.0/15"` | | +| s3CidrRanges[4].ipBlock.cidr | string | `"18.34.232.0/21"` | | +| s3CidrRanges[5].ipBlock.cidr | string | `"16.15.176.0/20"` | | +| s3CidrRanges[6].ipBlock.cidr | string | `"16.182.0.0/16"` | | +| s3CidrRanges[7].ipBlock.cidr | string | `"3.5.0.0/19"` | | +| s3CidrRanges[8].ipBlock.cidr | string | `"44.192.134.240/28"` | | +| s3CidrRanges[9].ipBlock.cidr | string | `"44.192.140.64/28"` | | diff --git a/wip/gen3-network-policies/templates/_helpers.tpl b/helm/gen3-network-policies/templates/_helpers.tpl similarity index 100% rename from wip/gen3-network-policies/templates/_helpers.tpl rename to helm/gen3-network-policies/templates/_helpers.tpl diff --git a/wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml b/helm/gen3-network-policies/templates/allow_nothing_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/allow_nothing_netpolicy.yaml rename to helm/gen3-network-policies/templates/allow_nothing_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/allowdns_netpolicy.yaml b/helm/gen3-network-policies/templates/allowdns_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/allowdns_netpolicy.yaml rename to helm/gen3-network-policies/templates/allowdns_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml b/helm/gen3-network-policies/templates/argo_workflows_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/argo_workflows_netpolicy.yaml rename to helm/gen3-network-policies/templates/argo_workflows_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/argocd_netpolicy.yaml b/helm/gen3-network-policies/templates/argocd_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/argocd_netpolicy.yaml rename to helm/gen3-network-policies/templates/argocd_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/auth_netpolicy.yaml b/helm/gen3-network-policies/templates/auth_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/auth_netpolicy.yaml rename to helm/gen3-network-policies/templates/auth_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml b/helm/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml rename to helm/gen3-network-policies/templates/dev_elasticsearch_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml b/helm/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml rename to helm/gen3-network-policies/templates/dev_kube_api_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml b/helm/gen3-network-policies/templates/dev_postgres_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/dev_postgres_netpolicy.yaml rename to helm/gen3-network-policies/templates/dev_postgres_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/external_egress_netpolicy.yaml b/helm/gen3-network-policies/templates/external_egress_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/external_egress_netpolicy.yaml rename to helm/gen3-network-policies/templates/external_egress_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/gen3job_netpolicy.yaml b/helm/gen3-network-policies/templates/gen3job_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/gen3job_netpolicy.yaml rename to helm/gen3-network-policies/templates/gen3job_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/jh_netpolicy.yaml b/helm/gen3-network-policies/templates/jh_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/jh_netpolicy.yaml rename to helm/gen3-network-policies/templates/jh_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/linklocal_netpolicy.yaml b/helm/gen3-network-policies/templates/linklocal_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/linklocal_netpolicy.yaml rename to helm/gen3-network-policies/templates/linklocal_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/nolimit_netpolicy.yaml b/helm/gen3-network-policies/templates/nolimit_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/nolimit_netpolicy.yaml rename to helm/gen3-network-policies/templates/nolimit_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/public_netpolicy.yaml b/helm/gen3-network-policies/templates/public_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/public_netpolicy.yaml rename to helm/gen3-network-policies/templates/public_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/s3_netpolicy.yaml b/helm/gen3-network-policies/templates/s3_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/s3_netpolicy.yaml rename to helm/gen3-network-policies/templates/s3_netpolicy.yaml diff --git a/wip/gen3-network-policies/templates/vpc_netpolicy.yaml b/helm/gen3-network-policies/templates/vpc_netpolicy.yaml similarity index 100% rename from wip/gen3-network-policies/templates/vpc_netpolicy.yaml rename to helm/gen3-network-policies/templates/vpc_netpolicy.yaml diff --git a/wip/gen3-network-policies/values.yaml b/helm/gen3-network-policies/values.yaml similarity index 100% rename from wip/gen3-network-policies/values.yaml rename to helm/gen3-network-policies/values.yaml diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 28919966..d45a3d16 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -93,7 +93,7 @@ dependencies: condition: wts.enabled - name: gen3-network-policies version: 0.1.2 - repository: "file://../../wip/gen3-network-policies" + repository: "file://../gen3-network-policies" condition: global.netPolicy.enabled - name: elasticsearch diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d6a754f3..b30ab5d4 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -18,7 +18,6 @@ Helm chart to deploy Gen3 Data Commons | Repository | Name | Version | |------------|------|---------| -| file://../../wip/gen3-network-policies | gen3-network-policies | 0.1.2 | | file://../ambassador | ambassador | 0.1.16 | | file://../arborist | arborist | 0.1.14 | | file://../argo-wrapper | argo-wrapper | 0.1.10 | @@ -28,6 +27,7 @@ Helm chart to deploy Gen3 Data Commons | file://../etl | etl | 0.1.5 | | file://../fence | fence | 0.1.26 | | file://../frontend-framework | frontend-framework | 0.1.5 | +| file://../gen3-network-policies | gen3-network-policies | 0.1.2 | | file://../guppy | guppy | 0.1.16 | | file://../hatchery | hatchery | 0.1.12 | | file://../indexd | indexd | 0.1.18 | diff --git a/helm/guppy/Chart.yaml b/helm/guppy/Chart.yaml index d4a57084..ff0c3447 100644 --- a/helm/guppy/Chart.yaml +++ b/helm/guppy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/guppy/README.md b/helm/guppy/README.md index f200e5e3..2e94cdf8 100644 --- a/helm/guppy/README.md +++ b/helm/guppy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Guppy Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/hatchery/Chart.yaml b/helm/hatchery/Chart.yaml index 1172f69b..f222c6b2 100644 --- a/helm/hatchery/Chart.yaml +++ b/helm/hatchery/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/hatchery/README.md b/helm/hatchery/README.md index 409ce94d..1c429f03 100644 --- a/helm/hatchery/README.md +++ b/helm/hatchery/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Hatchery | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/indexd/Chart.yaml b/helm/indexd/Chart.yaml index a21d6f6d..99ac703b 100644 --- a/helm/indexd/Chart.yaml +++ b/helm/indexd/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/indexd/README.md b/helm/indexd/README.md index 66d1f7ac..6bc891a9 100644 --- a/helm/indexd/README.md +++ b/helm/indexd/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 indexd | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 63975317..84194a1a 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index 6cd7e7e2..cc328847 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -8,7 +8,7 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index 2e290f8e..ecaa6636 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/metadata/README.md b/helm/metadata/README.md index c4897f38..e577d5fc 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Metadata Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.17.1 | diff --git a/helm/peregrine/Chart.yaml b/helm/peregrine/Chart.yaml index d1357d18..f726f8ca 100644 --- a/helm/peregrine/Chart.yaml +++ b/helm/peregrine/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/peregrine/README.md b/helm/peregrine/README.md index c4bc7d45..d6357512 100644 --- a/helm/peregrine/README.md +++ b/helm/peregrine/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Peregrine service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml index 3fbadadb..6b9f01e8 100644 --- a/helm/pidgin/Chart.yaml +++ b/helm/pidgin/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md index 41a984d9..30dec9b1 100644 --- a/helm/pidgin/README.md +++ b/helm/pidgin/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Pidgin Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index 07a6bda4..c90c264a 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/portal/README.md b/helm/portal/README.md index 6ccee4c5..99537d8d 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 data-portal | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/requestor/Chart.yaml b/helm/requestor/Chart.yaml index 064e6223..becb737c 100644 --- a/helm/requestor/Chart.yaml +++ b/helm/requestor/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/requestor/README.md b/helm/requestor/README.md index 14643a89..dd01b6f4 100644 --- a/helm/requestor/README.md +++ b/helm/requestor/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Requestor Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index e0ca4d8b..e186696b 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index fee43036..057cc4e4 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 4587c8d6..8cb88f98 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 0dedf26d..6081137c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 Sheepdog Service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index 528737c6..b47cda9f 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/sower/README.md b/helm/sower/README.md index 5d4c77cb..4b883c3c 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 sower | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index edf18b2b..20e74dd0 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 872299b1..211b4389 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 ssjdispatcher | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | ## Values diff --git a/helm/wts/Chart.yaml b/helm/wts/Chart.yaml index 3ca40f48..16de2705 100644 --- a/helm/wts/Chart.yaml +++ b/helm/wts/Chart.yaml @@ -25,7 +25,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.15 + version: 0.1.16 repository: file://../common - name: postgresql version: 11.9.13 diff --git a/helm/wts/README.md b/helm/wts/README.md index 4d73520d..0d66cd6a 100644 --- a/helm/wts/README.md +++ b/helm/wts/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 workspace token service | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.15 | +| file://../common | common | 0.1.16 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | ## Values From d4018e9865ba4b6108b15d58372a6fbf254b67a8 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 15:36:03 -0600 Subject: [PATCH 259/279] Delete pidgin chart as that service is deprecated --- helm/pidgin/.helmignore | 23 --- helm/pidgin/Chart.yaml | 29 --- helm/pidgin/README.md | 83 -------- helm/pidgin/templates/NOTES.txt | 1 - helm/pidgin/templates/_helpers.tpl | 68 ------- helm/pidgin/templates/deployment.yaml | 64 ------ helm/pidgin/templates/hpa.yaml | 28 --- helm/pidgin/templates/pdb.yaml | 3 - helm/pidgin/templates/service.yaml | 14 -- .../templates/tests/test-connection.yaml | 15 -- helm/pidgin/values.yaml | 183 ------------------ 11 files changed, 511 deletions(-) delete mode 100644 helm/pidgin/.helmignore delete mode 100644 helm/pidgin/Chart.yaml delete mode 100644 helm/pidgin/README.md delete mode 100644 helm/pidgin/templates/NOTES.txt delete mode 100644 helm/pidgin/templates/_helpers.tpl delete mode 100644 helm/pidgin/templates/deployment.yaml delete mode 100644 helm/pidgin/templates/hpa.yaml delete mode 100644 helm/pidgin/templates/pdb.yaml delete mode 100644 helm/pidgin/templates/service.yaml delete mode 100644 helm/pidgin/templates/tests/test-connection.yaml delete mode 100644 helm/pidgin/values.yaml diff --git a/helm/pidgin/.helmignore b/helm/pidgin/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/helm/pidgin/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/helm/pidgin/Chart.yaml b/helm/pidgin/Chart.yaml deleted file mode 100644 index 6b9f01e8..00000000 --- a/helm/pidgin/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -name: pidgin -description: A Helm chart for gen3 Pidgin Service - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "master" - -dependencies: - - name: common - version: 0.1.16 - repository: file://../common diff --git a/helm/pidgin/README.md b/helm/pidgin/README.md deleted file mode 100644 index 30dec9b1..00000000 --- a/helm/pidgin/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# pidgin - -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) - -A Helm chart for gen3 Pidgin Service - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| file://../common | common | 0.1.16 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | map | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["pidgin"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity to use for the deployment. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | map | `[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["pidgin"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]` | Option for scheduling to be required or preferred. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0] | int | `{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app","operator":"In","values":["pidgin"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}` | Weight value for preferred scheduling. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0] | list | `{"key":"app","operator":"In","values":["pidgin"]}` | Label key for match expression. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].operator | string | `"In"` | Operation type for the match expression. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["pidgin"]` | Value for the match expression key. | -| affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | -| automountServiceAccountToken | bool | `false` | Automount the default service account token | -| autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | -| autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | -| autoscaling.maxReplicas | int | `100` | The maximum number of replicas to scale up to | -| autoscaling.minReplicas | int | `1` | The minimum number of replicas to scale down to | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | The target CPU utilization percentage for autoscaling | -| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | -| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| dataDog | bool | `{"enabled":false,"env":"dev"}` | Whether Datadog is enabled. | -| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. | -| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. | -| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. | -| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | -| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | -| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | -| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | -| global.ddEnabled | bool | `false` | Whether Datadog is enabled. | -| global.dev | bool | `true` | Whether the deployment is for development purposes. | -| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | -| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | -| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | -| global.hostname | string | `"localhost"` | Hostname for the deployment. | -| global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | -| global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | -| global.minAvialable | int | `1` | The minimum amount of pods that are available at all times if the PDB is deployed. | -| global.netPolicy | map | `{"enabled":false}` | Controls network policy settings | -| global.pdb | bool | `false` | If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. | -| global.portalApp | string | `"gitops"` | Portal application name. | -| global.postgres.dbCreate | bool | `true` | Whether the database should be created. | -| global.postgres.externalSecret | string | `""` | Name of external secret. Disabled if empty | -| global.postgres.master | map | `{"host":null,"password":null,"port":"5432","username":"postgres"}` | Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres | -| global.postgres.master.host | string | `nil` | hostname of postgres server | -| global.postgres.master.password | string | `nil` | password for superuser in postgres. This is used to create or restore databases | -| global.postgres.master.port | string | `"5432"` | Port for Postgres. | -| global.postgres.master.username | string | `"postgres"` | username of superuser in postgres. This is used to create or restore databases | -| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | -| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | -| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | -| image.pullPolicy | string | `"Always"` | When to pull the image. | -| image.repository | string | `"quay.io/cdis/pidgin"` | The Docker image repository for the fence service | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| partOf | string | `"Peregrine"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | -| postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you | -| postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to - | -| postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate | -| postgres.host | string | `nil` | Hostname for postgres server. This is a service override, defaults to global.postgres.host | -| postgres.password | string | `nil` | Password for Postgres. Will be autogenerated if left empty. | -| postgres.port | string | `"5432"` | Port for Postgres. | -| postgres.username | string | `nil` | Username for postgres. This is a service override, defaults to - | -| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | -| replicaCount | int | `1` | Number of desired replicas | -| resources | map | `nil` | Resource requests and limits for the containers in the pod | -| revisionHistoryLimit | int | `2` | Number of old revisions to retain | -| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl | -| service | map | `{"port":[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}],"type":"ClusterIP"}` | Kubernetes service information. | -| service.port | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` | The port numbers that the service exposes. | -| service.type | string | `"ClusterIP"` | Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". | -| strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | -| strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | -| strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | diff --git a/helm/pidgin/templates/NOTES.txt b/helm/pidgin/templates/NOTES.txt deleted file mode 100644 index c1e7e1ae..00000000 --- a/helm/pidgin/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -{{ .Chart.Name }} has been deployed successfully. diff --git a/helm/pidgin/templates/_helpers.tpl b/helm/pidgin/templates/_helpers.tpl deleted file mode 100644 index 9a3571d9..00000000 --- a/helm/pidgin/templates/_helpers.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "pidgin.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "pidgin.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pidgin.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "pidgin.labels" -}} -{{- if .Values.commonLabels }} - {{- with .Values.commonLabels }} - {{- toYaml . }} - {{- end }} -{{- else }} - {{- (include "common.commonLabels" .)}} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pidgin.selectorLabels" -}} -{{- if .Values.selectorLabels }} - {{- with .Values.selectorLabels }} - {{- toYaml . }} - {{- end }} -{{- else }} - {{- (include "common.selectorLabels" .)}} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pidgin.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pidgin.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/pidgin/templates/deployment.yaml b/helm/pidgin/templates/deployment.yaml deleted file mode 100644 index d58bed77..00000000 --- a/helm/pidgin/templates/deployment.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: pidgin-deployment - labels: - {{- include "pidgin.labels" . | nindent 4 }} - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "pidgin.selectorLabels" . | nindent 6 }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - {{- include "pidgin.selectorLabels" . | nindent 8 }} - {{- include "common.extraLabels" . | nindent 8 }} - # gen3 networkpolicy labels - netnolimit: 'yes' - public: 'yes' - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogLabels" . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - env: - {{- if .Values.global.ddEnabled }} - {{- include "common.datadogEnvVar" . | nindent 12 }} - {{- end }} - - name: GEN3_DEBUG - value: "False" - livenessProbe: - httpGet: - path: /_status - port: 80 - initialDelaySeconds: 30 - periodSeconds: 60 - timeoutSeconds: 30 - readinessProbe: - httpGet: - path: /_status - port: 80 - ports: - - containerPort: 80 - - containerPort: 443 - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} \ No newline at end of file diff --git a/helm/pidgin/templates/hpa.yaml b/helm/pidgin/templates/hpa.yaml deleted file mode 100644 index d16ecf05..00000000 --- a/helm/pidgin/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "pidgin.fullname" . }} - labels: - {{- include "pidgin.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "pidgin.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/helm/pidgin/templates/pdb.yaml b/helm/pidgin/templates/pdb.yaml deleted file mode 100644 index 2ef2de13..00000000 --- a/helm/pidgin/templates/pdb.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if and .Values.global.pdb (gt (int .Values.replicaCount) 1) }} -{{ include "common.pod_disruption_budget" . }} -{{- end }} \ No newline at end of file diff --git a/helm/pidgin/templates/service.yaml b/helm/pidgin/templates/service.yaml deleted file mode 100644 index 42f6936b..00000000 --- a/helm/pidgin/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: "pidgin-service" - labels: - {{- include "pidgin.labels" . | nindent 4 }} -spec: - selector: - {{- include "pidgin.selectorLabels" . | nindent 4 }} - {{- with .Values.service.port }} - ports: - {{- toYaml . | nindent 8 }} - {{- end }} - type: {{ .Values.service.type }} \ No newline at end of file diff --git a/helm/pidgin/templates/tests/test-connection.yaml b/helm/pidgin/templates/tests/test-connection.yaml deleted file mode 100644 index 0fc4b8f4..00000000 --- a/helm/pidgin/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "pidgin-test-connection" - labels: - {{- include "pidgin.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['pidgin-service:80/_status'] - restartPolicy: Never diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml deleted file mode 100644 index 4ac6b14f..00000000 --- a/helm/pidgin/values.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# Default values for pidgin. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Global configuration -global: - # -- (map) AWS configuration - aws: - # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. - enabled: false - # -- (string) Credentials for AWS stuff. - awsAccessKeyId: - # -- (string) Credentials for AWS stuff. - awsSecretAccessKey: - # -- (bool) Whether the deployment is for development purposes. - dev: true - - postgres: - # -- (bool) Whether the database should be created. - dbCreate: true - # -- (string) Name of external secret. Disabled if empty - externalSecret: "" - # -- (map) Master credentials to postgres. This is going to be the default postgres server being used for each service, unless each service specifies their own postgres - master: - # -- (string) hostname of postgres server - host: - # -- (string) username of superuser in postgres. This is used to create or restore databases - username: postgres - # -- (string) password for superuser in postgres. This is used to create or restore databases - password: - # -- (string) Port for Postgres. - port: "5432" - # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. - environment: default - # -- (string) Hostname for the deployment. - hostname: localhost - # -- (string) ARN of the reverse proxy certificate. - revproxyArn: arn:aws:acm:us-east-1:123456:certificate - # -- (string) URL of the data dictionary. - dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json - # -- (string) Portal application name. - portalApp: gitops - # -- (string) S3 bucket name for Kubernetes manifest files. - kubeBucket: kube-gen3 - # -- (string) S3 bucket name for log files. - logsBucket: logs-gen3 - # -- (bool) Whether public datasets are enabled. - publicDataSets: true - # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` - tierAccessLevel: libre - # -- (map) Controls network policy settings - netPolicy: - enabled: false - # -- (int) Number of dispatcher jobs. - dispatcherJobNum: "10" - # -- (bool) Whether Datadog is enabled. - ddEnabled: false - # -- (bool) If the service will be deployed with a Pod Disruption Budget. Note- you need to have more than 2 replicas for the pdb to be deployed. - pdb: false - # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. - minAvialable: 1 - -# -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you -postgres: - # (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore - dbRestore: false - # -- (bool) Whether the database should be created. Default to global.postgres.dbCreate - dbCreate: - # -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host - host: - # -- (string) Database name for postgres. This is a service override, defaults to - - database: - # -- (string) Username for postgres. This is a service override, defaults to - - username: - # -- (string) Port for Postgres. - port: "5432" - # -- (string) Password for Postgres. Will be autogenerated if left empty. - password: - -# Deployment -# -- (map) Configuration for autoscaling the number of replicas -autoscaling: - # -- (bool) Whether autoscaling is enabled - enabled: false - # -- (int) The minimum number of replicas to scale down to - minReplicas: 1 - # -- (int) The maximum number of replicas to scale up to - maxReplicas: 100 - # -- (int) The target CPU utilization percentage for autoscaling - targetCPUUtilizationPercentage: 80 - -# -- (int) Number of desired replicas -replicaCount: 1 - -# -- (int) Number of old revisions to retain -revisionHistoryLimit: 2 - -# -- (map) Rolling update deployment strategy -strategy: - type: RollingUpdate - rollingUpdate: - # -- (int) Number of additional replicas to add during rollout. - maxSurge: 1 - # -- (int) Maximum amount of pods that can be unavailable during the update. - maxUnavailable: 0 - -# -- (bool) Whether Datadog is enabled. -dataDog: - enabled: false - env: dev - -# -- (map) Affinity to use for the deployment. -affinity: - podAntiAffinity: - # -- (map) Option for scheduling to be required or preferred. - preferredDuringSchedulingIgnoredDuringExecution: - # -- (int) Weight value for preferred scheduling. - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - # -- (list) Label key for match expression. - - key: app - # -- (string) Operation type for the match expression. - operator: In - # -- (list) Value for the match expression key. - values: - - pidgin - # -- (string) Value for topology key label. - topologyKey: "kubernetes.io/hostname" - -# -- (bool) Automount the default service account token -automountServiceAccountToken: false - -image: - # -- (string) The Docker image repository for the fence service - repository: quay.io/cdis/pidgin - # -- (string) When to pull the image. - pullPolicy: Always - # -- (string) Overrides the image tag whose default is the chart appVersion. - tag: "" - -# -- (map) Resource requests and limits for the containers in the pod -resources: - # limits: - # cpu: 1 - # memory: 512Mi - -# Service and Pod -# -- (map) Kubernetes service information. -service: - # -- (string) Type of service. Valid values are "ClusterIP", "NodePort", "LoadBalancer", "ExternalName". - type: ClusterIP - # -- (list) The port numbers that the service exposes. - port: - - protocol: TCP - port: 80 - targetPort: 80 - name: http - - protocol: TCP - port: 443 - targetPort: 443 - name: https - -# Values to determine the labels that are used for the deployment, pod, etc. -# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". -release: "production" -# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false". -criticalService: "false" -# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. -partOf: "Peregrine" -# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl -selectorLabels: -# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl -commonLabels: - -# Values to configure datadog if ddEnabled is set to "true". -# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. -datadogLogsInjection: true -# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. -datadogProfilingEnabled: true -# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. -datadogTraceSampleRate: 1 From a31b271eb89d5ef620c7cc0e55812177b6aab494 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 15:54:55 -0600 Subject: [PATCH 260/279] Add global values to netpolicy helm chart --- helm/gen3-network-policies/README.md | 35 +++++++++++ helm/gen3-network-policies/values.yaml | 80 ++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) diff --git a/helm/gen3-network-policies/README.md b/helm/gen3-network-policies/README.md index d5090889..be9c4d42 100644 --- a/helm/gen3-network-policies/README.md +++ b/helm/gen3-network-policies/README.md @@ -10,6 +10,41 @@ A Helm chart that holds network policies needed to run Gen3 |-----|------|---------|-------------| | argo-workflows.enabled | bool | `true` | | | argocd.enabled | bool | `true` | | +| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false,"region":"us-east-1","secretStoreServiceAccount":{"enabled":false,"name":"secret-store-sa","roleArn":null},"useLocalSecret":{"enabled":false,"localSecretName":null}}` | AWS configuration | +| global.aws.awsAccessKeyId | string | `nil` | Credentials for AWS stuff. | +| global.aws.awsSecretAccessKey | string | `nil` | Credentials for AWS stuff. | +| global.aws.enabled | bool | `false` | Set to true if deploying to AWS. Controls ingress annotations. | +| global.aws.region | string | `"us-east-1"` | AWS region for this deployment | +| global.aws.secretStoreServiceAccount | map | `{"enabled":false,"name":"secret-store-sa","roleArn":null}` | Service account and AWS role for authentication to AWS Secrets Manager | +| global.aws.secretStoreServiceAccount.enabled | bool | `false` | Set true if deploying to AWS and want to use service account and IAM role instead of aws keys. Must provide role-arn. | +| global.aws.secretStoreServiceAccount.name | string | `"secret-store-sa"` | Name of the service account to create | +| global.aws.secretStoreServiceAccount.roleArn | string | `nil` | AWS Role ARN for Secret Store to use | +| global.aws.useLocalSecret | map | `{"enabled":false,"localSecretName":null}` | Local secret setting if using a pre-exising secret. | +| global.aws.useLocalSecret.enabled | bool | `false` | Set to true if you would like to use a secret that is already running on your cluster. | +| global.aws.useLocalSecret.localSecretName | string | `nil` | Name of the local secret. | +| global.dev | bool | `true` | Deploys postgres/elasticsearch for dev | +| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | +| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | +| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces in same cluster. | +| global.externalSecrets | map | `{"dbCreate":false,"deploy":false}` | External Secrets settings. | +| global.externalSecrets.dbCreate | bool | `false` | Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. | +| global.frontendRoot | string | `"portal"` | Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. | +| global.hostname | string | `"localhost"` | Hostname for the deployment. | +| global.manifestGlobalExtraValues | map | `{}` | If you would like to add any extra values to the manifest-global configmap. | +| global.netPolicy | bool | `{"dbSubnet":"","enabled":false}` | Global flags to control and manage network policies for a Gen3 installation NOTE: Network policies are currently a beta feature. Use with caution! | +| global.netPolicy.dbSubnet | array | `""` | A CIDR range representing a database subnet, that services with a database need access to | +| global.netPolicy.enabled | bool | `false` | Whether network policies are enabled | +| global.portalApp | string | `"gitops"` | Portal application name. | +| global.postgres.dbCreate | bool | `true` | Whether the database create job should run. | +| global.postgres.master.host | string | `nil` | global postgres master host | +| global.postgres.master.password | string | `nil` | global postgres master password | +| global.postgres.master.port | string | `"5432"` | global postgres master port | +| global.postgres.master.username | string | `"postgres"` | global postgres master username | +| global.publicDataSets | bool | `true` | Whether public datasets are enabled. | +| global.revproxyArn | string | `"arn:aws:acm:us-east-1:123456:certificate"` | ARN of the reverse proxy certificate. | +| global.tierAccessLevel | string | `"libre"` | Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` | +| global.tierAccessLimit | int | `"1000"` | Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. | | s3CidrRanges[0].ipBlock.cidr | string | `"18.34.0.0/19"` | | | s3CidrRanges[1].ipBlock.cidr | string | `"16.15.192.0/18"` | | | s3CidrRanges[2].ipBlock.cidr | string | `"54.231.0.0/16"` | | diff --git a/helm/gen3-network-policies/values.yaml b/helm/gen3-network-policies/values.yaml index 2d97161f..0492a5be 100644 --- a/helm/gen3-network-policies/values.yaml +++ b/helm/gen3-network-policies/values.yaml @@ -1,3 +1,83 @@ +# Global configuration +global: + # -- (map) AWS configuration + aws: + # -- (string) AWS region for this deployment + region: us-east-1 + # -- (bool) Set to true if deploying to AWS. Controls ingress annotations. + enabled: false + # -- (string) Credentials for AWS stuff. + awsAccessKeyId: + # -- (string) Credentials for AWS stuff. + awsSecretAccessKey: + # -- (map) Service account and AWS role for authentication to AWS Secrets Manager + secretStoreServiceAccount: + # -- (bool) Set true if deploying to AWS and want to use service account and IAM role instead of aws keys. Must provide role-arn. + enabled: false + # -- (string) Name of the service account to create + name: secret-store-sa + # -- (string) AWS Role ARN for Secret Store to use + roleArn: + # -- (map) Local secret setting if using a pre-exising secret. + useLocalSecret: + # -- (bool) Set to true if you would like to use a secret that is already running on your cluster. + enabled: false + # -- (string) Name of the local secret. + localSecretName: + # -- (bool) Deploys postgres/elasticsearch for dev + dev: true + postgres: + # -- (bool) Whether the database create job should run. + dbCreate: true + master: + # -- global postgres master username + username: postgres + # -- global postgres master password + password: + # -- global postgres master host + host: + # -- global postgres master port + port: "5432" + # -- (string) Environment name. + # This should be the same as vpcname if you're doing an AWS deployment. + # Currently this is being used to share ALB's if you have multiple namespaces in same cluster. + environment: default + # -- (string) Hostname for the deployment. + hostname: localhost + # -- (string) ARN of the reverse proxy certificate. + revproxyArn: arn:aws:acm:us-east-1:123456:certificate + # -- (string) URL of the data dictionary. + dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json + # -- (string) Portal application name. + portalApp: gitops + # -- (bool) Whether public datasets are enabled. + publicDataSets: true + # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private` + tierAccessLevel: libre + # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data. + tierAccessLimit: "1000" + # -- (bool) Global flags to control and manage network policies for a Gen3 installation + # NOTE: Network policies are currently a beta feature. Use with caution! + netPolicy: + # -- (bool) Whether network policies are enabled + enabled: false + + # -- (array) A CIDR range representing a database subnet, that services with a database need access to + dbSubnet: "" + # -- (int) Number of dispatcher jobs. + dispatcherJobNum: "10" + # -- (map) If you would like to add any extra values to the manifest-global configmap. + manifestGlobalExtraValues: {} + # -- (string) Which app will be served on /. Needs be set to portal for portal, or "gen3ff" for frontendframework. + frontendRoot: "portal" + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed. + deploy: false + # -- (bool) Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets. + dbCreate: false + + argo-workflows: enabled: true From 9bf6dd48af2766fac0b5c7dd4064ad989fb653fd Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Mon, 18 Nov 2024 16:53:28 -0600 Subject: [PATCH 261/279] Add checksum of configs to deployments to auto-restart on changes --- helm/argo-wrapper/templates/deployment.yaml | 1 + helm/audit/templates/deployment.yaml | 1 + helm/fence/templates/fence-deployment.yaml | 6 ++++-- helm/frontend-framework/templates/deployment.yaml | 2 +- helm/guppy/templates/deployment.yaml | 1 + helm/hatchery/templates/deployment.yaml | 1 + helm/peregrine/templates/deployment.yaml | 6 ++++++ helm/portal/templates/deployment.yaml | 1 + 8 files changed, 16 insertions(+), 3 deletions(-) diff --git a/helm/argo-wrapper/templates/deployment.yaml b/helm/argo-wrapper/templates/deployment.yaml index 7f70f28a..a4d8ba20 100644 --- a/helm/argo-wrapper/templates/deployment.yaml +++ b/helm/argo-wrapper/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: + checksum/config: {{ include (print $.Template.BasePath "/argo-wrapper-config.yaml") . | sha256sum }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/audit/templates/deployment.yaml b/helm/audit/templates/deployment.yaml index bad68a79..7cf86c02 100644 --- a/helm/audit/templates/deployment.yaml +++ b/helm/audit/templates/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/fence/templates/fence-deployment.yaml b/helm/fence/templates/fence-deployment.yaml index 09484c52..1b24c149 100644 --- a/helm/fence/templates/fence-deployment.yaml +++ b/helm/fence/templates/fence-deployment.yaml @@ -14,9 +14,11 @@ spec: template: metadata: annotations: - {{- with .Values.podAnnotations }} + checksum/publicconfig: {{ include (print $.Template.BasePath "/fence-config-public.yaml") . | sha256sum }} + checksum/secretconfig: {{ include (print $.Template.BasePath "/fence-config.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index f1da90dd..c9df947a 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} ports: - - containerPort: 80 + - containerPort: 3000 name: http protocol: TCP envFrom: diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml index 788b1760..f23baf53 100644 --- a/helm/guppy/templates/deployment.yaml +++ b/helm/guppy/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: netnolimit: 'yes' public: 'yes' annotations: + checksum/config: {{ include (print $.Template.BasePath "/guppy_config.yaml") . | sha256sum }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/hatchery/templates/deployment.yaml b/helm/hatchery/templates/deployment.yaml index 81ae84aa..04c7ca21 100644 --- a/helm/hatchery/templates/deployment.yaml +++ b/helm/hatchery/templates/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/hatchery-manifest.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/peregrine/templates/deployment.yaml b/helm/peregrine/templates/deployment.yaml index b56eca44..39edbd5d 100644 --- a/helm/peregrine/templates/deployment.yaml +++ b/helm/peregrine/templates/deployment.yaml @@ -76,6 +76,12 @@ spec: optional: false - name: FLASK_SECRET_KEY value: "TODO: FIX THIS!!!" + - name: INDEXD_PASS + valueFrom: + secretKeyRef: + name: indexd-service-creds + key: sheepdog + optional: false - name: PGHOST valueFrom: secretKeyRef: diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 2445821f..cb420c98 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -17,6 +17,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} From 00f42c44dd0b368f263f6da849a8d766dae4ae97 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Tue, 19 Nov 2024 09:45:49 -0600 Subject: [PATCH 262/279] Restart deployments on config changes --- helm/fence/templates/presigned-url-fence.yaml | 2 ++ helm/frontend-framework/templates/deployment.yaml | 4 ++-- helm/manifestservice/templates/deployment.yaml | 1 + helm/metadata/templates/deployment.yaml | 1 + helm/portal/templates/deployment.yaml | 4 ++-- helm/revproxy/templates/deployment.yaml | 1 + 6 files changed, 9 insertions(+), 4 deletions(-) diff --git a/helm/fence/templates/presigned-url-fence.yaml b/helm/fence/templates/presigned-url-fence.yaml index 3bb3d568..0fc5342c 100644 --- a/helm/fence/templates/presigned-url-fence.yaml +++ b/helm/fence/templates/presigned-url-fence.yaml @@ -14,6 +14,8 @@ spec: template: metadata: annotations: + checksum/publicconfig: {{ include (print $.Template.BasePath "/fence-config-public.yaml") . | sha256sum }} + checksum/secretconfig: {{ include (print $.Template.BasePath "/fence-config.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index c9df947a..89cecec2 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -51,8 +51,8 @@ spec: path: / {{- end }} port: 3000 - initialDelaySeconds: 30 - periodSeconds: 60 + initialDelaySeconds: 3 + periodSeconds: 10 timeoutSeconds: 30 resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/helm/manifestservice/templates/deployment.yaml b/helm/manifestservice/templates/deployment.yaml index 9c362f6a..c13f4f0a 100644 --- a/helm/manifestservice/templates/deployment.yaml +++ b/helm/manifestservice/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: {{- include "manifestservice.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/manifestservice-creds.yaml") . | sha256sum }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index 58e06603..e4c6ee87 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -25,6 +25,7 @@ spec: {{- include "metadata.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/metadata.yaml") . | sha256sum }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index cb420c98..894dd831 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -94,8 +94,8 @@ spec: path: / {{- end }} port: 80 - initialDelaySeconds: 30 - periodSeconds: 60 + initialDelaySeconds: 5 + periodSeconds: 10 timeoutSeconds: 30 resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/helm/revproxy/templates/deployment.yaml b/helm/revproxy/templates/deployment.yaml index b2fcf788..996acd78 100644 --- a/helm/revproxy/templates/deployment.yaml +++ b/helm/revproxy/templates/deployment.yaml @@ -21,6 +21,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/configMaps.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} From d4ca2d8daaf8aac4360f26ef608506601655ff60 Mon Sep 17 00:00:00 2001 From: Ed Date: Wed, 20 Nov 2024 14:42:03 -0500 Subject: [PATCH 263/279] fix(etl): added legacy support and added options --- helm/etl/Chart.yaml | 4 +- helm/etl/README.md | 13 ++-- helm/etl/templates/etl-job.yaml | 36 +++++----- helm/etl/templates/etl-secret.yaml | 104 +++++++++++++++++++++++++++++ helm/etl/values.yaml | 18 ++--- 5 files changed, 137 insertions(+), 38 deletions(-) create mode 100644 helm/etl/templates/etl-secret.yaml diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index f2a606bd..2e07c889 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,11 +15,11 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. appVersion: "master" -dependencies: [] +dependencies: [] \ No newline at end of file diff --git a/helm/etl/README.md b/helm/etl/README.md index 58c187f0..f6d5e8a8 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl @@ -93,17 +93,14 @@ A Helm chart for gen3 etl | image.tube.repository | string | `"quay.io/cdis/tube"` | The Docker image repository for the fence service | | image.tube.tag | string | `"master"` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Docker image pull secrets. | +| legacySupport | bool | `false` | | | podAnnotations | map | `{}` | Annotations to add to the pod | -| resources | map | `{"spark":{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}},"tube":{"limits":{"cpu":1,"memory":"2Gi"},"requests":{"cpu":0.3,"memory":"128Mi"}}}` | Resource requests and limits for the containers in the pod | -| resources.spark.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | -| resources.spark.limits.cpu | string | `1` | The maximum amount of CPU the container can use | -| resources.spark.limits.memory | string | `"2Gi"` | The maximum amount of memory the container can use | +| resources | map | `{"spark":{"requests":{"cpu":0.3,"memory":"128Mi"}},"tube":{"requests":{"cpu":0.3,"memory":"128Mi"}}}` | Resource requests and limits for the containers in the pod | | resources.spark.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | | resources.spark.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.spark.requests.memory | string | `"128Mi"` | The amount of memory requested | -| resources.tube.limits | map | `{"cpu":1,"memory":"2Gi"}` | The maximum amount of resources that the container is allowed to use | -| resources.tube.limits.cpu | string | `1` | The maximum amount of CPU the container can use | -| resources.tube.limits.memory | string | `"2Gi"` | The maximum amount of memory the container can use | | resources.tube.requests | map | `{"cpu":0.3,"memory":"128Mi"}` | The amount of resources that the container requests | | resources.tube.requests.cpu | string | `0.3` | The amount of CPU requested | | resources.tube.requests.memory | string | `"128Mi"` | The amount of memory requested | +| schedule | string | `"*/30 * * * *"` | | +| suspendCronjob | bool | `true` | | diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml index 0b306d07..8cb1d9e2 100644 --- a/helm/etl/templates/etl-job.yaml +++ b/helm/etl/templates/etl-job.yaml @@ -3,7 +3,8 @@ kind: CronJob metadata: name: etl-cronjob spec: - schedule: "0 0 1 1 */5" + suspend: {{ .Values.suspendCronjob }} + schedule: {{ .Values.schedule }} jobTemplate: spec: backoffLimit: 0 @@ -35,6 +36,12 @@ spec: values: - ONDEMAND volumes: + {{- if .Values.legacySupport }} + - name: config-volume + secret: + defaultMode: 420 + secretName: etl-secret + {{- end }} - name: signal-volume emptyDir: {} - name: creds-volume @@ -80,9 +87,6 @@ spec: requests: cpu: {{ .Values.resources.spark.requests.cpu }} memory: {{ .Values.resources.spark.requests.memory }} - # limits: - # cpu: {{ .Values.resources.spark.limits.cpu }} - # memory: {{ .Values.resources.spark.limits.memory }} command: ["/bin/bash" ] args: - "-c" @@ -105,7 +109,6 @@ spec: while true; do sleep 5; done - name: tube imagePullPolicy: IfNotPresent - # image: quay.io/cdis/tube:feat_helm_test image: {{ .Values.image.tube.repository }}:{{ .Values.image.tube.tag }} ports: - containerPort: 80 @@ -166,11 +169,11 @@ spec: key: slack_webhook optional: true volumeMounts: - # - name: "creds-volume" - # readOnly: true - # mountPath: "/gen3/tube/creds.json" - # subPath: creds.json - # Volume to signal when to kill spark + {{- if .Values.legacySupport }} + - mountPath: /tube/tube/settings.py + name: config-volume + subPath: settings.py + {{- end }} - mountPath: /usr/share/pod name: signal-volume - name: "etl-mapping" @@ -185,9 +188,6 @@ spec: requests: cpu: {{ .Values.resources.tube.requests.cpu }} memory: {{ .Values.resources.tube.requests.memory }} - # limits: - # cpu: {{ .Values.resources.tube.limits.cpu }} - # memory: {{ .Values.resources.tube.limits.memory }} command: ["/bin/bash"] args: - "-c" @@ -199,9 +199,13 @@ spec: # Port 9000 is open, continue with the rest of the script echo "Port 9000 is now open. Continuing with the script..." - - echo "python run_config.py && python run_etl.py" - python run_config.py && python run_etl.py + if [[ $ETL_FORCED != "false" ]]; then + echo "python run_config.py && python run_etl.py --force" + python run_config.py && python run_etl.py --force + else + echo "python run_config.py && python run_etl.py" + python run_config.py && python run_etl.py + fi exitcode=$? # Kill sidecar and all processes diff --git a/helm/etl/templates/etl-secret.yaml b/helm/etl/templates/etl-secret.yaml new file mode 100644 index 00000000..21a2b117 --- /dev/null +++ b/helm/etl/templates/etl-secret.yaml @@ -0,0 +1,104 @@ +{{ if .Values.legacySupport }} +kind: Secret +apiVersion: v1 +metadata: + name: etl-secret +stringData: + settings.py: |- + import os + import tube.enums as enums + + from cdislogging import get_logger + from tube.config_helper import find_paths, load_json + from .utils.general import get_resource_paths_from_yaml + + + logger = get_logger("__name__", log_level="warn") + + LIST_TABLES_FILES = "tables.txt" + + # + # Load db credentials from a creds.json file. + # See config_helper.py for paths searched for creds.json + # ex: export XDG_DATA_HOME="$HOME/.local/share" + # and setup $XDG_DATA_HOME/.local/share/gen3/tube/creds.json + # + conf_data = load_json("creds.json", "tube") + DB_HOST = os.getenv("DB_HOST") or conf_data.get("db_host", "localhost") + DB_PORT = os.getenv("DB_PORT") or conf_data.get("db_port", "5432") + DB_DATABASE = os.getenv("DB_DATABASE") or conf_data.get("db_database", "sheepdog") + DB_USERNAME = os.getenv("DB_USERNAME") or conf_data.get("db_username", "peregrine") + DB_PASSWORD = os.getenv("DB_PASSWORD") or conf_data.get("db_password", "unknown") + + DB_USE_SSL = os.getenv("DB_USE_SSL") or conf_data.get( + "db_use_ssl", False + ) # optional property to db_use_ssl + JDBC = ( + "jdbc:postgresql://{}:{}/{}".format(DB_HOST, DB_PORT, DB_DATABASE) + if DB_USE_SSL is False + else "jdbc:postgresql://{}:{}/{}?sslmode=require".format( + DB_HOST, DB_PORT, DB_DATABASE + ) + ) + PYDBC = "postgresql://{}:{}@{}:{}/{}".format( + DB_USERNAME, DB_PASSWORD, DB_HOST, DB_PORT, DB_DATABASE + ) + DICTIONARY_URL = os.getenv( + "DICTIONARY_URL", + "https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json", + ) + ES_URL = os.getenv("ES_URL", "esproxy-service") + + HDFS_DIR = "/result" + # Three modes: Test, Dev, Prod + RUNNING_MODE = os.getenv("RUNNING_MODE", enums.RUNNING_MODE_DEV) # 'Prod' or 'Dev' + + PARALLEL_JOBS = 1 + LOG_LEVEL = os.getenv("LOG_LEVEL", "INFO") + + ES = { + "es.nodes": ES_URL, + "es.port": "9200", + "es.input.json": "yes", + "es.nodes.client.only": "false", + "es.nodes.discovery": "false", + "es.nodes.data.only": "false", + "es.nodes.wan.only": "true", + } + + HADOOP_HOME = os.getenv("HADOOP_HOME", "/usr/local/Cellar/hadoop/3.1.0/libexec/") + JAVA_HOME = os.getenv( + "JAVA_HOME", "/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home" + ) + HADOOP_URL = os.getenv("HADOOP_URL", "http://spark-service:9000") + ES_HADOOP_VERSION = os.getenv("ES_HADOOP_VERSION", "") + ES_HADOOP_HOME_BIN = "{}/elasticsearch-hadoop-{}".format( + os.getenv("ES_HADOOP_HOME", ""), os.getenv("ES_HADOOP_VERSION", "") + ) + HADOOP_HOST = os.getenv("HADOOP_HOST", "spark-service") + # Searches same folders as load_json above + + try: + MAPPING_FILE = find_paths("etlMapping.yaml", "tube")[0] + except: + MAPPING_FILE = None + + try: + USERYAML_FILE = find_paths("user.yaml", "tube")[0] + except IndexError: + USERYAML_FILE = None + PROJECT_TO_RESOURCE_PATH = get_resource_paths_from_yaml(USERYAML_FILE) + + SPARK_MASTER = os.getenv("SPARK_MASTER", "local[1]") # 'spark-service' + SPARK_EXECUTOR_MEMORY = os.getenv("SPARK_EXECUTOR_MEMORY", "2g") + SPARK_DRIVER_MEMORY = os.getenv("SPARK_DRIVER_MEMORY", "512m") + APP_NAME = "Gen3 ETL" + + os.environ[ + "PYSPARK_SUBMIT_ARGS" + ] = "--jars {}/dist/elasticsearch-spark-20_2.11-{}.jar pyspark-shell".format( + ES_HADOOP_HOME_BIN, ES_HADOOP_VERSION + ) + os.environ["HADOOP_CLIENT_OPTS"] = os.getenv("HADOOP_CLIENT_OPTS", "") + +{{- end }} \ No newline at end of file diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index 718310b5..916a544b 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -33,12 +33,6 @@ resources: cpu: 0.3 # -- (string) The amount of memory requested memory: 128Mi - # -- (map) The maximum amount of resources that the container is allowed to use - limits: - # -- (string) The maximum amount of CPU the container can use - cpu: 1.0 - # -- (string) The maximum amount of memory the container can use - memory: 2Gi spark: # -- (map) The amount of resources that the container requests requests: @@ -46,12 +40,6 @@ resources: cpu: 0.3 # -- (string) The amount of memory requested memory: 128Mi - # -- (map) The maximum amount of resources that the container is allowed to use - limits: - # -- (string) The maximum amount of CPU the container can use - cpu: 1.0 - # -- (string) The maximum amount of memory the container can use - memory: 2Gi esEndpoint: gen3-elasticsearch-master @@ -154,3 +142,9 @@ esGarbageCollect: custom_image: # -- (string) Slack webhook endpoint to use for cronjob. slack_webhook: None + +schedule: "*/30 * * * *" + +suspendCronjob: true + +legacySupport: false \ No newline at end of file From 766891356d93660b4ec6eb7f4f551143b2a270a5 Mon Sep 17 00:00:00 2001 From: Ed Date: Wed, 20 Nov 2024 14:43:04 -0500 Subject: [PATCH 264/279] fix(etl): added legacy support and added options --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d45a3d16..ea58260a 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: 0.1.16 repository: file://../common - name: etl - version: 0.1.5 + version: 0.1.6 repository: file://../etl condition: etl.enabled - name: frontend-framework @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.49 +version: 0.1.50 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index b30ab5d4..7671aa5c 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.50](https://img.shields.io/badge/Version-0.1.50-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -24,7 +24,7 @@ Helm chart to deploy Gen3 Data Commons | file://../audit | audit | 0.1.16 | | file://../aws-es-proxy | aws-es-proxy | 0.1.13 | | file://../common | common | 0.1.16 | -| file://../etl | etl | 0.1.5 | +| file://../etl | etl | 0.1.6 | | file://../fence | fence | 0.1.26 | | file://../frontend-framework | frontend-framework | 0.1.5 | | file://../gen3-network-policies | gen3-network-policies | 0.1.2 | From b8ca2701a1695bcacf2c1f6ea6b87b7b3e36c773 Mon Sep 17 00:00:00 2001 From: Ed Date: Wed, 20 Nov 2024 14:48:22 -0500 Subject: [PATCH 265/279] fix(etl): added legacy support and added options --- helm/etl/README.md | 1 + helm/etl/templates/etl-job.yaml | 2 +- helm/etl/values.yaml | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/helm/etl/README.md b/helm/etl/README.md index f6d5e8a8..4c1c5995 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -14,6 +14,7 @@ A Helm chart for gen3 etl | esGarbageCollect.enabled | bool | `false` | Whether to create es garbage collect cronjob. | | esGarbageCollect.schedule | string | `"0 0 * * *"` | The cron schedule expression to use in the es garbage collect cronjob. Runs once a day by default. | | esGarbageCollect.slack_webhook | string | `"None"` | Slack webhook endpoint to use for cronjob. | +| etlForced | string | `"TRUE"` | | | etlMapping.mappings[0].aggregated_props[0].fn | string | `"count"` | | | etlMapping.mappings[0].aggregated_props[0].name | string | `"_samples_count"` | | | etlMapping.mappings[0].aggregated_props[0].path | string | `"samples"` | | diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml index 8cb1d9e2..4167f5df 100644 --- a/helm/etl/templates/etl-job.yaml +++ b/helm/etl/templates/etl-job.yaml @@ -156,7 +156,7 @@ spec: - name: SPARK_DRIVER_MEMORY value: 6g - name: ETL_FORCED - value: "TRUE" + value: {{ .Values.etlForced }} - name: gen3Env valueFrom: configMapKeyRef: diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index 916a544b..b24f9b3f 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -147,4 +147,6 @@ schedule: "*/30 * * * *" suspendCronjob: true -legacySupport: false \ No newline at end of file +legacySupport: false + +etlForced: "TRUE" \ No newline at end of file From c89806fbb23ad02893b08798f01f42d90b49fe06 Mon Sep 17 00:00:00 2001 From: Ed Date: Thu, 21 Nov 2024 08:56:45 -0500 Subject: [PATCH 266/279] fix(ssjdispatcher): Updated ssjdispatcher to include service account, rolebinding and external secrets to work correctly/privately in gitops --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 4 +++- helm/ssjdispatcher/templates/_helpers.tpl | 7 +++++++ .../templates/external-secret.yaml | 19 +++++++++++++++++++ .../ssjdispatcher/templates/role-binding.yaml | 12 ++++++++++++ .../ssjdispatcher/templates/secret-store.yaml | 3 +++ .../templates/serviceaccount.yaml | 7 +++++++ helm/ssjdispatcher/values.yaml | 6 ++++++ 10 files changed, 62 insertions(+), 6 deletions(-) create mode 100644 helm/ssjdispatcher/templates/external-secret.yaml create mode 100644 helm/ssjdispatcher/templates/role-binding.yaml create mode 100644 helm/ssjdispatcher/templates/secret-store.yaml diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d45a3d16..d8ff9676 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -80,7 +80,7 @@ dependencies: repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.13 + version: 0.1.14 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.49 +version: 0.1.50 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index b30ab5d4..621111b9 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.50](https://img.shields.io/badge/Version-0.1.50-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -40,7 +40,7 @@ Helm chart to deploy Gen3 Data Commons | file://../revproxy | revproxy | 0.1.19 | | file://../sheepdog | sheepdog | 0.1.19 | | file://../sower | sower | 0.1.15 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.13 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.14 | | file://../wts | wts | 0.1.18 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 20e74dd0..336e01a5 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 211b4389..54bea67c 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher @@ -32,6 +32,8 @@ A Helm chart for gen3 ssjdispatcher | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | dispatcherJobNum | string | `"10"` | Ssjdispater job number. | +| externalSecrets | map | `{"credsFile":null}` | External secrets configuration | +| externalSecrets.credsFile | string | `nil` | Will override the name of the aws secrets manager secret. Default is "credentials.json" | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | diff --git a/helm/ssjdispatcher/templates/_helpers.tpl b/helm/ssjdispatcher/templates/_helpers.tpl index c7ffa9d8..aee3241b 100644 --- a/helm/ssjdispatcher/templates/_helpers.tpl +++ b/helm/ssjdispatcher/templates/_helpers.tpl @@ -66,3 +66,10 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* + ssjdispatcher credentials.json Secrets Manager Name +*/}} +{{- define "creds-file" -}} +{{- default "credentials.json" .Values.externalSecrets.credsFile }} +{{- end }} diff --git a/helm/ssjdispatcher/templates/external-secret.yaml b/helm/ssjdispatcher/templates/external-secret.yaml new file mode 100644 index 00000000..70fe6bc3 --- /dev/null +++ b/helm/ssjdispatcher/templates/external-secret.yaml @@ -0,0 +1,19 @@ +{{ if .Values.global.externalSecrets.deploy }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ssjdispatcher-creds +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "common.SecretStore" .}} + kind: SecretStore + target: + name: ssjdispatcher-creds + creationPolicy: Owner + data: + - secretKey: credentials.json + remoteRef: + #name of secret in secrets manager + key: {{include "credsFile" .}} +{{- end }} \ No newline at end of file diff --git a/helm/ssjdispatcher/templates/role-binding.yaml b/helm/ssjdispatcher/templates/role-binding.yaml new file mode 100644 index 00000000..d6f2ff02 --- /dev/null +++ b/helm/ssjdispatcher/templates/role-binding.yaml @@ -0,0 +1,12 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ssjdispatcher-binding +subjects: +- kind: ServiceAccount + name: {{ include "ssjdispatcher.serviceAccountName" . }} + apiGroup: "" +roleRef: + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/helm/ssjdispatcher/templates/secret-store.yaml b/helm/ssjdispatcher/templates/secret-store.yaml new file mode 100644 index 00000000..771c7760 --- /dev/null +++ b/helm/ssjdispatcher/templates/secret-store.yaml @@ -0,0 +1,3 @@ +{{ if .Values.global.externalSecrets.separateSecretStore }} +{{ include "common.secretstore" . }} +{{- end }} \ No newline at end of file diff --git a/helm/ssjdispatcher/templates/serviceaccount.yaml b/helm/ssjdispatcher/templates/serviceaccount.yaml index ac52270f..f8a93321 100644 --- a/helm/ssjdispatcher/templates/serviceaccount.yaml +++ b/helm/ssjdispatcher/templates/serviceaccount.yaml @@ -10,3 +10,10 @@ metadata: eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.global.aws.account }}:role/{{ .Values.global.aws.hatchery_role }} {{- end }} {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ssjdispatcher-job-sa + labels: + {{- include "ssjdispatcher.labels" . | nindent 4 }} \ No newline at end of file diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index 5eadacff..17ff7b88 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -240,3 +240,9 @@ partOf: "Workspace-Tab" selectorLabels: # -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl commonLabels: + + +# -- (map) External secrets configuration +externalSecrets: + # -- (string) Will override the name of the aws secrets manager secret. Default is "credentials.json" + credsFile: \ No newline at end of file From 31f0a07ddea8ac5ad971ef356660f4550ab8aec1 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Thu, 21 Nov 2024 09:00:32 -0500 Subject: [PATCH 267/279] Update Chart.yaml --- helm/etl/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index 2e07c889..d55e0945 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -22,4 +22,4 @@ version: 0.1.6 # follow Semantic Versioning. They should reflect the version the application is using. appVersion: "master" -dependencies: [] \ No newline at end of file +dependencies: [] From aa1e9b32d59739fd193c75400a0eaef9c9af00d4 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:02:23 -0600 Subject: [PATCH 268/279] Update values.yaml --- helm/etl/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index b24f9b3f..ebf11925 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -149,4 +149,4 @@ suspendCronjob: true legacySupport: false -etlForced: "TRUE" \ No newline at end of file +etlForced: "TRUE" From 011a204cfc1344c57d81960a25901db1b3ea9634 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:03:21 -0600 Subject: [PATCH 269/279] Update values.yaml --- helm/ssjdispatcher/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index 17ff7b88..c06c667b 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -245,4 +245,4 @@ commonLabels: # -- (map) External secrets configuration externalSecrets: # -- (string) Will override the name of the aws secrets manager secret. Default is "credentials.json" - credsFile: \ No newline at end of file + credsFile: From e01235977d113fc7fc43fe4675be601cefa3a417 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:07:27 -0600 Subject: [PATCH 270/279] Update values.yaml --- helm/ssjdispatcher/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/helm/ssjdispatcher/values.yaml b/helm/ssjdispatcher/values.yaml index c06c667b..5272d2e3 100644 --- a/helm/ssjdispatcher/values.yaml +++ b/helm/ssjdispatcher/values.yaml @@ -57,6 +57,12 @@ global: pdb: false # -- (int) The minimum amount of pods that are available at all times if the PDB is deployed. minAvialable: 1 + # -- (map) External Secrets settings. + externalSecrets: + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. + deploy: false + # -- (string) Will deploy a separate External Secret Store for this service. + separateSecretStore: false # -- (bool) Whether Metrics are enabled. metricsEnabled: false From 835a5a38cb749c77f98e17abf9468ad643505230 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:11:41 -0600 Subject: [PATCH 271/279] Update values.yaml --- helm/etl/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index ebf11925..5d7e2cdb 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -145,7 +145,7 @@ esGarbageCollect: schedule: "*/30 * * * *" -suspendCronjob: true +suspendCronjob: "true" legacySupport: false From 5129d775a37768cf255f61128f0872807de0177f Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:13:48 -0600 Subject: [PATCH 272/279] Update etl-job.yaml --- helm/etl/templates/etl-job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml index 4167f5df..76e34190 100644 --- a/helm/etl/templates/etl-job.yaml +++ b/helm/etl/templates/etl-job.yaml @@ -4,7 +4,7 @@ metadata: name: etl-cronjob spec: suspend: {{ .Values.suspendCronjob }} - schedule: {{ .Values.schedule }} + schedule: "{{ .Values.schedule }}" jobTemplate: spec: backoffLimit: 0 @@ -212,4 +212,4 @@ spec: echo "Exit code: $exitcode" pkill -u root && exit $exitcode exit "$exitcode" & - restartPolicy: Never \ No newline at end of file + restartPolicy: Never From ee417abf0eb273a185a718007d2760f09f1574be Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:14:01 -0600 Subject: [PATCH 273/279] Update values.yaml --- helm/etl/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml index 5d7e2cdb..ebf11925 100644 --- a/helm/etl/values.yaml +++ b/helm/etl/values.yaml @@ -145,7 +145,7 @@ esGarbageCollect: schedule: "*/30 * * * *" -suspendCronjob: "true" +suspendCronjob: true legacySupport: false From c24545bf907278248423c4db8b18cda0fac14235 Mon Sep 17 00:00:00 2001 From: emalinowski Date: Mon, 25 Nov 2024 09:30:32 -0600 Subject: [PATCH 274/279] Update etl-job.yaml --- helm/etl/templates/etl-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml index 76e34190..9272940c 100644 --- a/helm/etl/templates/etl-job.yaml +++ b/helm/etl/templates/etl-job.yaml @@ -4,7 +4,7 @@ metadata: name: etl-cronjob spec: suspend: {{ .Values.suspendCronjob }} - schedule: "{{ .Values.schedule }}" + schedule: {{ .Values.schedule | quote }} jobTemplate: spec: backoffLimit: 0 From 04f987aded5f3fcde74ff213c786c3903c1ef15e Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 5 Dec 2024 14:38:12 -0600 Subject: [PATCH 275/279] Add ability to control gen3bundle for portal, and port for gen3ff --- .secrets.baseline | 6 +-- helm/frontend-framework/Chart.yaml | 2 +- helm/frontend-framework/README.md | 3 +- .../templates/deployment.yaml | 48 ++++++------------- .../frontend-framework/templates/service.yaml | 4 +- helm/frontend-framework/values.yaml | 2 + helm/gen3/Chart.yaml | 6 +-- helm/gen3/README.md | 6 +-- helm/portal/Chart.yaml | 2 +- helm/portal/README.md | 4 +- helm/portal/templates/deployment.yaml | 3 +- helm/portal/values.yaml | 2 + 12 files changed, 37 insertions(+), 51 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index f5178a3f..370b6e54 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -155,7 +155,7 @@ "filename": "helm/portal/values.yaml", "hashed_secret": "08eeb737b239bdb7362a875b90e22c10b8826b20", "is_verified": false, - "line_number": 473, + "line_number": 475, "is_secret": false }, { @@ -163,7 +163,7 @@ "filename": "helm/portal/values.yaml", "hashed_secret": "eb9739c6625f06b4ab73035223366dda6262ae77", "is_verified": false, - "line_number": 475, + "line_number": 477, "is_secret": false } ], @@ -178,5 +178,5 @@ } ] }, - "generated_at": "2024-11-18T20:39:22Z" + "generated_at": "2024-12-05T20:32:52Z" } diff --git a/helm/frontend-framework/Chart.yaml b/helm/frontend-framework/Chart.yaml index 56609579..b885da7f 100644 --- a/helm/frontend-framework/Chart.yaml +++ b/helm/frontend-framework/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/frontend-framework/README.md b/helm/frontend-framework/README.md index 27c8d8c2..e33ae46f 100644 --- a/helm/frontend-framework/README.md +++ b/helm/frontend-framework/README.md @@ -1,6 +1,6 @@ # frontend-framework -![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: develop](https://img.shields.io/badge/AppVersion-develop-informational?style=flat-square) A Helm chart for the gen3 frontend framework @@ -68,6 +68,7 @@ A Helm chart for the gen3 frontend framework | partOf | string | `"Front-End"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. | | podAnnotations | map | `{}` | Annotations to add to the pod | | podSecurityContext | map | `{}` | Security context to apply to the pod | +| port | int | `3000` | | | release | string | `"dev"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". | | replicaCount | int | `1` | Number of replicas for the deployment. | | resources | map | `{"limits":{"cpu":0.6,"memory":"4096Mi"},"requests":{"cpu":0.6,"memory":"512Mi"}}` | Resource requests and limits for the containers in the pod | diff --git a/helm/frontend-framework/templates/deployment.yaml b/helm/frontend-framework/templates/deployment.yaml index 89cecec2..f8a65135 100644 --- a/helm/frontend-framework/templates/deployment.yaml +++ b/helm/frontend-framework/templates/deployment.yaml @@ -35,14 +35,17 @@ spec: - name: frontend-framework image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - # livenessProbe: - # httpGet: - # path: /ff - # port: 80 - # initialDelaySeconds: 60 - # periodSeconds: 30 - # timeoutSeconds: 30 - # failureThreshold: 30 + livenessProbe: + httpGet: + {{- if eq "portal" .Values.global.frontendRoot }} + path: /ff + {{- else }} + path: / + {{- end }} + port: {{ .Values.port }} + initialDelaySeconds: 3 + periodSeconds: 10 + timeoutSeconds: 30 readinessProbe: httpGet: {{- if eq "portal" .Values.global.frontendRoot }} @@ -50,14 +53,14 @@ spec: {{- else }} path: / {{- end }} - port: 3000 + port: {{ .Values.port }} initialDelaySeconds: 3 periodSeconds: 10 timeoutSeconds: 30 resources: {{- toYaml .Values.resources | nindent 12 }} ports: - - containerPort: 3000 + - containerPort: {{ .Values.port }} name: http protocol: TCP envFrom: @@ -65,6 +68,8 @@ spec: name: {{ include "frontend-framework.fullname" . }}-configmap optional: true env: + - name: PORT + value: {{ .Values.port | quote }} - name: HOSTNAME value: revproxy-service {{- if eq "portal" .Values.global.frontendRoot }} @@ -74,27 +79,4 @@ spec: - name: NEXT_PUBLIC_PORTAL_BASENAME value: /portal {{- end }} - # disable npm 7's brand new update notifier to prevent Portal from stuck at starting up - # see https://github.com/npm/cli/issues/3163 - - name: NPM_CONFIG_UPDATE_NOTIFIER - value: "false" -#needed to be adjusted to use the gen3 umbrella chart or local var ^ -#adding a var in helpers.tpl for later- Elise - {{- with .Values.datadogApplicationId }} - - name: DATADOG_APPLICATION_ID - # Optional client token for Datadog - value: {{ . }} - {{- end }} - {{- with .Values.datadogClientToken }} - - name: DATADOG_CLIENT_TOKEN - # Optional client token for Datadog - value: {{ . }} - {{- end }} - {{- with .Values.dataUploadBucket }} - - name: DATA_UPLOAD_BUCKET - value: {{ . }} - {{- end }} - # S3 bucket name for data upload, for setting up CSP - #GEN3_DATA_UPLOAD_BUCKET|-value: ""-| - # - name: BASENAME diff --git a/helm/frontend-framework/templates/service.yaml b/helm/frontend-framework/templates/service.yaml index c8742312..4d20da96 100644 --- a/helm/frontend-framework/templates/service.yaml +++ b/helm/frontend-framework/templates/service.yaml @@ -8,11 +8,11 @@ spec: ports: - protocol: TCP port: 80 - targetPort: 3000 + targetPort: {{ .Values.port }} name: http - protocol: TCP port: 443 - targetPort: 3000 + targetPort: {{ .Values.port }} name: https type: ClusterIP selector: diff --git a/helm/frontend-framework/values.yaml b/helm/frontend-framework/values.yaml index 88df372c..3f7fb150 100644 --- a/helm/frontend-framework/values.yaml +++ b/helm/frontend-framework/values.yaml @@ -126,6 +126,8 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +port: 3000 + # -- (list) List of environment variables to add to the deployment. env: [] diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index d45a3d16..7b195584 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -32,7 +32,7 @@ dependencies: repository: file://../etl condition: etl.enabled - name: frontend-framework - version: 0.1.5 + version: 0.1.6 repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence @@ -64,7 +64,7 @@ dependencies: repository: "file://../peregrine" condition: peregrine.enabled - name: portal - version: 0.1.21 + version: 0.1.22 repository: "file://../portal" condition: portal.enabled - name: requestor @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.49 +version: 0.1.50 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index b30ab5d4..a4a81281 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.50](https://img.shields.io/badge/Version-0.1.50-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -26,7 +26,7 @@ Helm chart to deploy Gen3 Data Commons | file://../common | common | 0.1.16 | | file://../etl | etl | 0.1.5 | | file://../fence | fence | 0.1.26 | -| file://../frontend-framework | frontend-framework | 0.1.5 | +| file://../frontend-framework | frontend-framework | 0.1.6 | | file://../gen3-network-policies | gen3-network-policies | 0.1.2 | | file://../guppy | guppy | 0.1.16 | | file://../hatchery | hatchery | 0.1.12 | @@ -35,7 +35,7 @@ Helm chart to deploy Gen3 Data Commons | file://../metadata | metadata | 0.1.16 | | file://../neuvector | neuvector | 0.1.2 | | file://../peregrine | peregrine | 0.1.17 | -| file://../portal | portal | 0.1.21 | +| file://../portal | portal | 0.1.22 | | file://../requestor | requestor | 0.1.16 | | file://../revproxy | revproxy | 0.1.19 | | file://../sheepdog | sheepdog | 0.1.19 | diff --git a/helm/portal/Chart.yaml b/helm/portal/Chart.yaml index c90c264a..f8da7e14 100644 --- a/helm/portal/Chart.yaml +++ b/helm/portal/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.21 +version: 0.1.22 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/portal/README.md b/helm/portal/README.md index 99537d8d..fc33d44a 100644 --- a/helm/portal/README.md +++ b/helm/portal/README.md @@ -1,6 +1,6 @@ # portal -![Version: 0.1.21](https://img.shields.io/badge/Version-0.1.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.22](https://img.shields.io/badge/Version-0.1.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 data-portal @@ -31,7 +31,7 @@ A Helm chart for gen3 data-portal | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | | extraImages | map | `nil` | Extra images to be mounted in the deployment. | | fullnameOverride | string | `""` | Override the full name of the deployment. | -| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@gen3.org\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | +| gitops | map | `{"createdby":"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg==","css":"/* gitops default css */\n","favicon":"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//","gen3Bundle":"","json":"{\n \"graphql\": {\n \"boardCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\",\n \"plural\": \"Cases\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\",\n \"plural\": \"Experiments\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\",\n \"plural\": \"Aliquots\"\n }\n ],\n \"chartCounts\": [\n {\n \"graphql\": \"_case_count\",\n \"name\": \"Case\"\n },\n {\n \"graphql\": \"_experiment_count\",\n \"name\": \"Experiment\"\n },\n {\n \"graphql\": \"_aliquot_count\",\n \"name\": \"Aliquot\"\n }\n ],\n \"projectDetails\": \"boardCounts\"\n },\n \"components\": {\n \"appName\": \"Generic Data Commons Portal\",\n \"index\": {\n \"introduction\": {\n \"heading\": \"Data Commons\",\n \"text\": \"The Generic Data Commons supports the management, analysis and sharing of data for the research community.\",\n \"link\": \"/submission\"\n },\n \"buttons\": [\n {\n \"name\": \"Define Data Field\",\n \"icon\": \"data-field-define\",\n \"body\": \"The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.\",\n \"link\": \"/DD\",\n \"label\": \"Learn more\"\n },\n {\n \"name\": \"Explore Data\",\n \"icon\": \"data-explore\",\n \"body\": \"The Exploration Page gives you insights and a clear overview under selected factors.\",\n \"link\": \"/explorer\",\n \"label\": \"Explore data\"\n },\n {\n \"name\": \"Access Data\",\n \"icon\": \"data-access\",\n \"body\": \"Use our selected tool to filter out the data you need.\",\n \"link\": \"/query\",\n \"label\": \"Query data\"\n },\n {\n \"name\": \"Submit Data\",\n \"icon\": \"data-submit\",\n \"body\": \"Submit Data based on the dictionary.\",\n \"link\": \"/submission\",\n \"label\": \"Submit data\"\n }\n ]\n },\n \"navigation\": {\n \"title\": \"Generic Data Commons\",\n \"items\": [\n {\n \"icon\": \"dictionary\",\n \"link\": \"/DD\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Dictionary\"\n },\n {\n \"icon\": \"exploration\",\n \"link\": \"/explorer\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Exploration\"\n },\n {\n \"icon\": \"query\",\n \"link\": \"/query\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Query\"\n },\n {\n \"icon\": \"workspace\",\n \"link\": \"/workspace\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Workspace\"\n },\n {\n \"icon\": \"profile\",\n \"link\": \"/identity\",\n \"color\": \"#a2a2a2\",\n \"name\": \"Profile\"\n }\n ]\n },\n \"topBar\": {\n \"items\": [\n {\n \"icon\": \"upload\",\n \"link\": \"/submission\",\n \"name\": \"Submit Data\"\n },\n {\n \"link\": \"https://gen3.org/resources/user\",\n \"name\": \"Documentation\"\n }\n ]\n },\n \"login\": {\n \"title\": \"Generic Data Commons\",\n \"subTitle\": \"Explore, Analyze, and Share Data\",\n \"text\": \"This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.\",\n \"contact\": \"If you have any questions about access or the registration process, please contact \",\n \"email\": \"support@gen3.org\"\n },\n \"certs\": {},\n \"footerLogos\": [\n {\n \"src\": \"/src/img/gen3.png\",\n \"href\": \"https://ctds.uchicago.edu/gen3\",\n \"alt\": \"Gen3 Data Commons\"\n },\n {\n \"src\": \"/src/img/createdby.png\",\n \"href\": \"https://ctds.uchicago.edu/\",\n \"alt\": \"Center for Translational Data Science at the University of Chicago\"\n }\n ]\n },\n \"requiredCerts\": [],\n \"featureFlags\": {\n \"explorer\": true,\n \"noIndex\": true,\n \"analysis\": false,\n \"discovery\": false,\n \"discoveryUseAggMDS\": false,\n \"studyRegistration\": false\n },\n \"dataExplorerConfig\": {\n \"charts\": {\n \"project_id\": {\n \"chartType\": \"count\",\n \"title\": \"Projects\"\n },\n \"_case_id\": {\n \"chartType\": \"count\",\n \"title\": \"Cases\"\n },\n \"gender\": {\n \"chartType\": \"pie\",\n \"title\": \"Gender\"\n },\n \"race\": {\n \"chartType\": \"bar\",\n \"title\": \"Race\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"Case\",\n \"fields\":[\n \"project_id\",\n \"gender\",\n \"race\",\n \"ethnicity\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": false\n },\n \"dropdowns\": {},\n \"buttons\": [],\n \"guppyConfig\": {\n \"dataType\": \"case\",\n \"nodeCountTitle\": \"Cases\",\n \"fieldMapping\": [\n { \"field\": \"disease_type\", \"name\": \"Disease type\" },\n { \"field\": \"primary_site\", \"name\": \"Site where samples were collected\"}\n ],\n \"manifestMapping\": {\n \"resourceIndexType\": \"file\",\n \"resourceIdField\": \"object_id\",\n \"referenceIdFieldInResourceIndex\": \"_case_id\",\n \"referenceIdFieldInDataIndex\": \"node_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\"\n }\n },\n \"fileExplorerConfig\": {\n \"charts\": {\n \"data_type\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Type\"\n },\n \"data_format\": {\n \"chartType\": \"stackedBar\",\n \"title\": \"File Format\"\n }\n },\n \"filters\": {\n \"tabs\": [\n {\n \"title\": \"File\",\n \"fields\": [\n \"project_id\",\n \"data_type\",\n \"data_format\"\n ]\n }\n ]\n },\n \"table\": {\n \"enabled\": true,\n \"fields\": [\n \"project_id\",\n \"file_name\",\n \"file_size\",\n \"object_id\"\n ]\n },\n \"dropdowns\": {},\n \"guppyConfig\": {\n \"dataType\": \"file\",\n \"fieldMapping\": [\n { \"field\": \"object_id\", \"name\": \"GUID\" }\n ],\n \"nodeCountTitle\": \"Files\",\n \"manifestMapping\": {\n \"resourceIndexType\": \"case\",\n \"resourceIdField\": \"_case_id\",\n \"referenceIdFieldInResourceIndex\": \"object_id\",\n \"referenceIdFieldInDataIndex\": \"object_id\"\n },\n \"accessibleFieldCheckList\": [\"_case_id\"],\n \"accessibleValidationField\": \"_case_id\",\n \"downloadAccessor\": \"object_id\"\n }\n }\n}\n","logo":"iVBORw0KGgoAAAANSUhEUgAAA88AAAG9CAYAAAAr/kQgAAAACXBIWXMAAEnRAABJ0QEF/KuVAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAA50RVh0VGl0bGUAR3JvdXAgMzNOIjJzAAAgAElEQVR4nOzdeXxU9fX/8fe5d7KwCIJWxK3u9uuGJCEJaFtpbf2KSoCWgYBLbau4kSB1hYRxTECtViFoLdZqixJw/AqEtli1FX9VIYEkqLW2VlttbesKCoqQZe75/QG1LixJ5s6cOzPv5+PB41GRzOelDZiTM/deUVVQ8o0aVZGX09c5FCE9zPH0MHWc/aG6D6D7QmQ/KPZRoK8AvQDk7/iw/gAcAHEAm3f83DYFtgrwoUDeVXjvAPIuRDaI570J6GtxB69+kPfha6vuu2+bxT8rERERUbobcuvzfdyPPvqKODISkBMgejQUAwDsDUCs+4hojz4SYCOAdxX4A4AmOHiqZUbJ8z19QeHw7K/Ro6f0dvfKO97znCEOvBM9yAkCHAVgMFL/B+0bAF5RyAsi3nNQ+YN+lP+HhoabP0hxBxEREVFaGDp7zQhHnYsBjAPQx7qHiHymeBGOLMoR/VnjjJK3uvOhHJ4TNG7i5UerOCMA+bICIwAcje3b4qBSQP8KyBqIPuMh9HThMf3/FIlEPOswIiIiIitDa9YNE/F+KMCp1i1ElBJbVDE/3/NuWR0ZvrErH8DhuZvODk8/0A3Fz4DidABfBjDIuskH7ynwDFQedeA9smxJ3V+tg4iIiIhSYcTta3q1fSQ/hMqlCPYChIiS412BXNhcVbx8T7+Qw/MeiIiUTawYLsBZqjgDgiHI8OtcBHhZIY+Ier/er3/bqgULFnRYNxERERH5bWht01EO8DCAE6xbiMiY4O62zr2mvhA5tn2Xv4TD886NnjT9OFfj4xU4B8AR1j2G3gPwK4g+NGivtt9wkCYi6p5weHqvNrfjOPFkbwBQSDwUiv/t4UV3/N26jdLXmeHL9nednIMd9forJA5XNmwL5fz10YW3bLFuSxeFNU2FEKwEsJ91CxEFxhNt8a1lL0RO/XBnf5PD8yd8a/LlX+z03O8BmCzA4dY9wSNvC7yYKO5ZuqTuOesaIqIgGjWqIi93L+dUOHo2gK9j+00j3Z380s1QPK3Q+jwv3hCL3bnT/1ATAdtvSCp9e40T1XEAvgJgn538MgX0RRF5FOLcv2zR7c+mODNtFM1pLFBPVgHoZ91CRIHz+37xraevipz6uScXZf3wHI1GnfUvbviauHKRKsYCCFk3pYkWAe7OiXfW8wu+zHf6eVf1yWtvP80RfBXAcQAOAdAbwF62ZWRkE6BbBPIKgGdF5LdDjhmwOttvPDhlypSctzfnX6BABMAB3fzwDwX40fv5m2/iYwbpkz7xeRUFsH+3PljwWxHnKg7RnzY02niouNIomXHfGiJKBsG9LTNLvve5n87W4Tkcnj6w3YlfAsElAA607kljmwW6EIq5vNFY5jk7PP1A1/GqIToZQF/rHgq0fwAyt32T9+OVK+varGNSrWzStBNF9SFsf+JCAvQVcdzxHHYIAEZPrCh1BPcDcmQCLxOHYkH7Zp2ejb83P+v46Iu5ue4HTwlQbN1CREGnF7VUlf70kz+TdcPz2PIrDlXoxQAuBrS/dU8G8RRYKcCNyxfPW20dQ4k5/byr+vTuaJ+pQCW2b5iJuupVQK5bvnjug9YhqTJ2UkW5qtwD/36vbBGR85fVz33Yp9ejNLTj8+peAPk+veRqFRnXUD+3W880zTQFtU03CFBt3UFEaWGTxENHNkcK3/3PT2TN8Dxu4hX/4zneLCjGY+fXnpF/nlKRmob6uY9bh1D3lZVPPUDgNgBaZN1C6UuBu/fvt+3yTL/J4NhJ076lqg/C//+uxEW9s5ctmf+Iz69LaWBMeeVlAObD/6d7/F3hjWhYPP/fPr9uWjjpxrVHu3E8D2iedQsRpQnRO1pmlk79719m+PC84yZgMwT4Lng9c6qt9sSrXlE//wnrEOqacRMrhngiK9H96zWJPkcgT7S53tiVD9Rttm5JhjHllSMA/A7+bQY/QzYh7o1YHqt7MTmvT0E0etLUrznqPIokfc0iwLqcuPvVWOy2rcl4/SArqm2qV6DcuoOI0kqHF9ej10dKXwMy+EHwZeVTDygrr1wQ99yXBbgIHJwtjHDU+d2Y8spHy8qncosZcGWTpg3yBL8EB2fyiUK/ltuJWDgczrh3+4TD03sJ8HMkbXAGAO0PV34qIn5vHymgvnVOxUGOOg8iiV+zKDCszY3fnazXD6qi2tVHKBC27iCitJPjuDLtP3+RccNzOBzNLZtYWSlw/rRjaM6xbiJ8U+CsHTupMjY6PO0Q6xj6vClTpuRA9UFADrZuoQwjcnq7O/gm6wy/tbudVbr9EVTJNmL0hKljU3AOBUBnXK4HsG+yzxHgnLIJ076S7HMCRd3vgJftEVHPfG9o9Nm9gQwbnsdMqji7zd34JxHMBZ/bFzSiivGOqy+OLa+8fuQFFyRxW0Pd9eamvGkCfNW6gzLWlWUTKkdaR/hl7AVX7A1IZarOE0fmZOL2nj6tLDztGAHOT9V54ugtWfWuBsFk6wQiSlt9JdR2NpAhw/PYiRVHjJlU+ThUVghwuHUP7VYfBSL9tvX7Y9mkad+wjiEgHJ7SX0Suse6gzCYObsqYL9Tb9HsA+qTsPMUxbaEDeJ1mhhNHr0RqLzErHj1x6qgUnmfmpBvXHq3AYdYdRJS+RHEmkObDczQadcaWV16kIs9CcZp1D3WdAIeL6mNjJ1XGRk+6MulvUaNda3PzpwHYx7qDMl7xmPLKcdYRfvBUz031maJaze1z5opGow4EZ6f6XEckZZtuS6FOL7veok5EyfBNASRth+dxEyuPX//njasVWACgr3UP9Ywqxjva+ccxE6edZ92SrQSYZN1A2UGhF1s3JCocnj5QgBMMjj6a2+fM1fKnDcUABqX6XFX55siR0Yy/oaoKjrVuIKK0N6BwTsv+aTc8i4iUTays9ATNAEqse8gPuh9EfzG2fNrD4fD0gdY12eTsyZVHATjauoOyhGJkuv8e3+bEvwyjd21x+5y5HLG654T2HzBow3E2Z6eSHGFdQETpz1PvqLQanssmTRs0emLlr3fcEIwPuM8wCh3X7nY+O7b8ilOtW7KF6+kZ1g2UVdyOkKb12ycd0S8aHn90hzuY7xTJQApJxZ3bd362I8dYnZ1Ce1sHEFH6czw9KG2G57GTrhgjqi8I+MV+ZpODFd7vxkyqvHHKlCl8zFjyHW8dQNnF03haf84JnC9Ynq/QWdnwNttsI6pm951QhenndIr0tg4govTnOeoGfngOh8PumPJpN6l6S5GCZx9SIDhQXPvW5l6rysqnHmAdk9kc/vullBIgrZ/1rqr9bQvkyP6D3uP2OfP0sjpYJIV3jrez1TqAiDKAJ8G+Ydi48y/fpz00+DeAXgMgMx5xQt2gJwPOs5n0fNjg8bLhiyYKEIWT1jd4FFH7/xaJV83tM/lFNQCf00mnm6wLiCj9qaObAjs8l5VXDPXa3WY+giq7CfAFcfDYmPIKPoc4KYQ3H6KUEtFt1g3pj9tnou5Qlb9ZNxBR+guJ+9dADs9jyiu+LZDVAA61bqFACAFy05iJlT/ltoUo3cm71gUZgdtnoi4TkRetG4go7XntubmvBm54LptYWQnIgwDyrVsoYATf7z944yPh8BTjaw6JqKdE8ZJ1Q2bg9pmoq9TVp6wbiCjttT535YlbAjM8b78xWOUdOx5DFZguChjFae1u/tOjw9PS+qZDRNkqLvFnrBsyBrfPRF2y/rqSPwH4l3UHEaUx1ceAgAypIy+4IL/dGbwMwGXWLZQWjndcXT160vTjrEOIqFv+uqJ+/p+tIzKHHNlv8MbJ1hVEQaeAAqi37iCi9CXACiAAw/Po0VN6772t3woIzrZuobRyoKPxp8ZOrii2DiGiLlJdaJ2QaUTB7TNRl+h92D5EExF1V0tzdWkTYDw8h8OX9XX65v9KgW9YdlDaGqCe81jZhKknW4cQ0R69l+uF7rCOyEBHcPtMtGctVaV/AtBg3UFE6UdV6v7zv82G57MmXzqgww09AQWf4UsJ0P7iOL8ZPWnq16xLiGjXVBGNxW7baN2Ribh9JuoaVbkeQKd1BxGlE32hv/fRx5d9mPzHdtQ5Ff3yvJxHFRhmcX4AKIA3ALwGwatQvCGCdzzVd1Vlg6O6BQA8cTa5rnqAutqJftt/TvqI6D6OyL6q+IIC+wvkMEAPAzAYgNj9Y5np66jzyzHlFf+7fHEd76hJFDSKZ/O8gXdZZ2SwI/bef8M5AH5uHUIUZK3Vxc8V1jTdAcE06xYiSg/iScWqyKkff9Mt5cPz6NFTeuf2yf9VFg3O2wCsE0Grp/q848hzOR3ui7HYbVv9PmjUqIq8nP44FiInwtMTxJECKIoB9PH7rADqDcivxk6u+MayRXVrrWOI6GPvep43LhaLtFuHZDKFVI0cGX1g1aoIt2pEuyFeaKa6HacBcrx1CxEFnODnzbNKVn3yp1I6PI8aVZGX2z9/GYAvp/LcFGuD4CkBHlfF07nxgc2p+qJx5cq6NgDrd/wAAIwcGQ312//dk6DOyRCcJsBIZO4w3U89eaRs0rSRDfVzn7eOISJ8CKBsRWz+q9YhWYDbZ6IuaI4UflRY2xgGsAZAf+seIgqsl3vldFZ89idTNjyHw2E3t//gxQC+maozU2ijAstU8ct8r/N3sdidH1oH/ceOLUTzjh/zRo2qyMvZ2/mKAz1TFd8GcKBtoe8GiupjZeHppzTEbnvFOoYoi/1THIxZtmhei3VItuD2mahrWqpK/1RQs6ZMxPkNgHzrHiIKnA5RPffpq0/+4LN/I2U3DGt3D7gNwNhUnZcCWxV4QKFn5cYHDm5YPO/7K5bMawjS4LwzK1fWtTXUz318Wf28aUO/NPAQQL8C4E4AmXQjn0GOG1857vzL97EOIcpGCnnEyWkv5OCcckf0H7TxXOsIonTQWj38/4mHUQA2W7cQUbCo6LX/eTTVZ6Vk81w2sbJSBJ9be6epPwP6cyfXu2fpL+7YYB2TiEgk4gF4CsBTo0ZV/CCnnzNaHL0Iiq8jzW88psBRXru7fOQFF3xj1X33bbPuIcoKghcdT65ZumTur6xTspZg5siR0fu5fSbas+ZZJasKa5q+BsHDAL5o3UNEAaB4ZH1V6e27+ttJ3zyXlVecKYIfJfuc5JNnIDq6YUndscsX192c7oPzZ61cWdfWsGTuQ8vr530j7uAYQOoA+H5Ts1QS4JS92/otjEajps8zJ8ps+roCP4On3xh6zMATODib4/aZqBtaqktaOkIdQwGJWbcQkbk3O734d3T7k5F2Kqmb53ETK4aIyIMA3GSek0QegEWeuDevqL/tjwCA+rrdf0QG+OWieS8DqDwzfNmNOaFQJRSXA+hr3dUTqhjf+ueNfwYwy7qFPk0hd4nnLbXuoJ5RR993c/XVTPtGYkYQRMLh6CLe4Zyoa56/9pT3AEworF1zHyC38E7cRFnJczyc91xkxNu7+0VJG57PmnzpgJDkPIz0vLOzKvBrV7Vq6ZK656xjrPw6duebAK4bd/7lt3rtoasAnQqgt3VXdwlQVTax4tmGJXUc1ALEEe8vyx6s+611B1EG+mKbu+EcAPdahxClk5aq4b+RKB4rcBvHADIFwGlI4f2BiMiQ6q3rZpU+vqdflpQ/EKLRqBOK5zwA4IhkvH6SrfZUShoWzzs7mwfnT1r6izs2LF8899p43D0awP3YzVsZAkpEnHvPnlx5lHUIEVEqCGRWOBzNte4gSjcagddSVbq0parkdI13HgzguwDuB2Q9gI+M84goCRRYK4Nyqrrya5OyeX72zxtnQTAqGa+dRP9S1WtWPDi/XlXTbThMiV/GbvsXgPPGlE+7E9B5AEqsm7pO+7selp5+3lWljy68ZYt1DRFRknH7TJSg1sjJ/wZw344fAIARt6/ptWWz7pWH3LS8nI3IL52uN1Kg91h3+GBzKO6Wr72osKMrv9j34XnsxIpvqki136+bRKqQn3S43rUrH6jbjCWZf01zopYvntsUjUZHrH/pvYuheiOAftZNXXR8fkf7TwDwZjpElPF2bJ8f4LXPRP5ZfcXwrdh+Q9XdXhdJlMmKoi37CvQG6w5fiF66NlL0t67+cl/ftj160pX7qsjP/X7dZBHgZUC/2rB47qUrH6jjc/66IRKJeMvr5/7YdfU4BdLm7roCnFM2sWKydQcRUQp8scN9j98sJCIi3wgg6nb+DMAB1i0+uK9lZumi7nyAr0Oui44fAxjs52sm0f058c6C5YvrnrIOSWcPP1D3z4bF886GyvkAPrTu6QoR587R4amHWXcQESWbQqt57TMREfmloHbtNACjrTsSJnilV25nZXc/zLfheWx55UWqGO/X6yXRBgDjli+ed14sdmdaDHvpYPmSuQs1LkUAWqxb9kz7O657/8iR0aQ+qo2IKAC4fSYiIl8UzWksAHCjdUfipM3xvPDTV5/8QXc/0pfhuSw8/UgFbvPjtZJsvcApWr543jLrkEzUEJv7UvsmPRnQn1q37Jme3H/QxmusK4iIko3bZyIiStSQW5/vo57UA5pn3ZIogV6zrnr4+p58bMLDs4iIhOJ3IfjPc673tmw7Zdni21+zDslkK1fWtS1fXHfRjrdxb7Xu2S1B9ZhwxbHWGURESfbF9tDG86wjiIgofYW2bb0LwDHWHQlTPNJSVdLjO0QnPDyPmVj5XShOS/R1kkgBvXb54nmTV6xYwOfzpcjyJXMXOuJ8XYF3rFt2Iw+uc3c0Gk2LG9wREfWYoorbZyIi6omCmrXnIQOeVqPAWzkuLlCgx48lTmhoODN82f4KvSWR10iyNkDOWb647mbrkGy0tP72NTmOWwrgz9Ytu6Ynr3/pvYutK4iIkozbZyIi6rbC6JojRXS+dYcPPEDPaZxR8lYiL5LQ8JzjhuYDGJDIaySPbAL0G8sXz623Lslm/7fotr/lxt2TATRat+ya3vStcyoOsq4gIkoqBa99JiKiLiu6uyUHrvMAgH7WLQlTvam1qvS3ib5Mj4fn0ZOmfg3AtxMNSArF+wBO52OogiEWu23j1pzc0yBI+BM2KRR7xePCdycQUaY7pM1973zrCCIiSg/6VucPAZRYdyRO18mgnOv9eKUeDc/hcNh1PHeuHwF+U+AdB3rq8sVzm6xb6L8eXXjLltxOd7RCHrFu2YXyMeWVI6wjiIiSSaC89pmIiPao4IbGMyDo9nOQA2hTJ5wJzRcVdvjxYj0anttDB0yB6Al+BPhLNqk6/7t0Sd1z1iX0ebHYbVvz4gPGBHSAFgB38OZhRJThuH0mIqLdKp3TNAiO3IftXx+nNVG59Lmq4lf9er1uDwpnTb50AFSjfgX4aIsjOGvFkttbrUNo12KxSLtu2fptCH5v3bITQ9f/aSO/qCSijMbtMxER7YpE4XSoLhJgkHVLogT6s+bqYl/vf9Xt4Tnk5V4DYF8/I3zQJnDOWlo/92nrENqzFSsWfJTbuW20AsF7h4CgJhye3ss6g4goiQ7pcDd+xzqCiIiCp9BtmgmVr1t3+ODl/Nz4FX6/aLeG53C44guAXuZ3RIJUgAuXLb79SesQ6rpYbMEmwBsF6OvWLZ9xYLvr8dFVRJTRFJjJ7TMREX1SUU1jiQLV1h2JkzZHvQlPX33yB36/creG5zbHmQGgr98RiRAgsmzxvPutO6j7GhbP/7ejMmr7Y8WCRGeUlV2zl3UFEVEScftMREQfGxp9dm91ZAmAHOuWRCm8q9ZVD1+fjNfu8vB8dnj6gSIaqI2cArHlS+pqrTuo55YumfeCp3o+ALVu+YR9pVdb0N5hQUTkK26fiYjoPxy37SdQHGrdkTDFI+urSu9I1st3eXh23fh1APKTFdJtghfz4p3fU9UgDV3UAyuWzGsA9Ebrjk8RvYrbZyLKcIe0hzZcYB1BRES2imqaLgUwwbrDB/8SL3SeJnEp16XhefSkK/cF8N1kRfTAZu2UcbHYnR9ah5A/cuNvzgLwmHXHJwyU3m3ft44gIkoqlRncPhMRZa+TatYdp4JbrTt84KnnnN8cKXw3mYd0aXgW7bgMQGDuQKwilzXE5r5k3UH+icVi8dy4ngPgTeuW/9LpU6ZMSfvrPoiIdoPbZyKiLDUy+mS+K149AjTn9ZQo5rTOGva7ZJ+zx+F51KiKPAGCc62z4uGG+rkPWGeQ/2KxunfgyXcQnOufD3pzU17YOoKIKKkUM0eNqsizziAiotT6wM2/A8CJ1h2JUmAtBoVuSMVZexyec/o75wHYPwUtXaCvSy+Hb6XNYMsfnPsoFEm7yL+7ROQH1g1ERMklB+f0F26fiYiySEFt07cV8j3rDh+8r3Gd0HxRYUcqDtvj8CzwKlMR0hUKXLLsvtvft+6g5Nqam3sdgFetO3YYOm5SxVetI4iIkkmgM7h9JiLKDkXRlkMEuNu6ww+quGR9pPS1VJ232+F53KRppwByXKpi9qC+YXHdr60jKPkeXXjLFk+87yMgb9/2IBdaNxARJRe3z0RE2WBk9MmQup1LAAywbkmY4O7W6pIlqTxyt8OzBy8oQ8OG3LhOs46g1FlRP/8JiN5v3QEAUHwrHJ4+0DqDiCiZuH0mIsp8m5382QCGW3ckTPGidIauSPWxuxyew+Ep/aHy7VTG7JLIrFis7h3rDEotJ9RxFSCbrDsA5Lc58XOtI4iIkksOzusXqMdSEhGRj4puaBoJkSutOxInbQqZ1Bwp/CjVJ+9yeO4I5Z8HoHcKW3ZO8OKmNwZkxHvyqXuWLrzrbRGdY90BACKYYt1ARJRsKriO22cioswzJLp6P3WwCF18VHGQier01uri5yzO3vW/PEUgNm3i6RWrVkU6rTvIRtv7Og/AX607APzP2MmVhdYRRETJxe0zEVGmEUBCjnsvgMHWLQlT/LqluuQuq+N3Ojx/e/L0wxUoSnXMZwnkiWVL6h6z7iA7K1fWtalqxLoDAFRlgnUDEVGycftMRJRZCmavvQqCM607fPCvUEjOV8ObCu90eO7Q+AQAkuKWz/E8RK0byF7B/+yzGMDz1h1Qb6KImP++ICJKLjk4d28nE579SUSU9YbWrBsG1RrrDh94gJzXdF3xBsuInb9tW2G+YVPIIw0Pzv29dQfZi0QiHhCE3/Ry8NkTppZYVxARJZ3qzJEXXJBvnUFERD13fPTJvo54iwDkWrckTmtaqoqfsK743PA8buLlRwswxCLmk1xBIG4URcHQsGT+wwD+ZN0hcMy/sURElAIH9G/rz2ufiYjSWK6bvwDAUdYdPni6X3xbrXUEsJPh2RN3tEXIJwmwbmn93KetOyg4VFUhuM26Q0TLrBuIiFJCtSocnt7LOoOIiLqvoHbt9wQyybrDB++rxM9ZFTk1EDeQ/tzwLJAzLEI+yVO5xbqBgqf9fb0fwBvGGYeNm3j50cYNRESpMLjdjXP7TESUZobWNh0l0NutO3whenHrzBF/t874j08Nz2Vl1+yl0FOsYnb45+a3BiwzbqAAWrmyrk0A82d+q+OMsm4gIkqRmdw+ExGlj6PmP5LnAjEAe1m3JEohd7XMLH3QuuOTPjU8O33avw7jC8oF+Bmf60y74rh6D4C4ZYN6+F/L84mIUojbZyKiNNJv88DbFDjJuiNhiheduHuldcZnfWp4Vk+th4J4PC73GjdQgD38QN0/oXjUNELkq6NHT+lt2kBElDrcPhMRpYHC2rVnQXGJdYcPtilkUnOk8CPrkM/69DXPjp5qk/Gxx1fE5v7DuIGCTnCPcUE++uaWGjcQEaXK4DbH43OfiYgCbEi06SBAfw5ArFsSpSpXtFYXP2fdsTMfD8+jJ125LxSmN0ISoN7yfEoP7Zt0JSCbLBscT6zvDUBElDIiOoPbZyKiYJIonFAICwHsY93ig6Wt1cU/sY7YlY+HZxfxU2D7nYq2nPi2FYbnU5pYubKuDeI1mEaInGx6PhFRanH7TEQUUEPdpuuhGGndkSgB/hly5SLrjt35eHhW9UyHAQF+E4stMN0mUhoRsb7z3oiRI6Mh4wYiopTh9pmIKHgKZq/7igAzrDt84MHDeU3XFW+wDtmdT17zPMKsAoAqbDeJlFba39PfAfjQMKFvv/03nGB4PhFRqg3uCMW/bx1BRETbnXjT0wNE4/cDcK1bEiWCaPOsklXWHXviAEA4HHZhe0tzVfFs76BMaWXlyro2QJ+wrXCKbM8nIkotVVzH7TMRkT0BJLcj5z5ADrFu8cFThx/9j9nWEV3hAMC20KCjAFg+eufZhsXz/214PqUhhTxieb6ocvNMRNmG22ciogAomN1UqYIy6w4fvKcSPzc2fnzcOqQrHAAQz7UdAsT4ub2UljRu+24FFZxoeT4RkQVun4mIbBXVrDkBihutO/wgkO+2zhzxd+uOrto+PDs6xLRC8JTp+ZSWVsTmvwro61bni2KIiKT9s/SIKF3YPqLvEwa3u50XWkcQEWWjIbc+30fhxADkW7f44M7mquLl1hHdsf2GYZ7pBk1zO9xGw/MpnYk8Y3c29i6bOP0gs/OJKKso9JcK/M26Yzu5lttnIqLUy9m29ccQfMm6I1EC/DGvj3eVdUd3bR+eBcfYJeiLsdhtG+3Op3SmnuHwDABeh+HvHSLKJiLocCBzrDt24PaZiCjFCmc3TlDgPOsOH2xTB5NWXzF8q3VIdznRaNQBYHiXNmed3dmU7kRg+vmjjnOY5flElF3267d1YYC2z7z2mYgoRYpqVx8BlbutO/yhFS0zSp63rugJp/mPmwbD9j3zafkvjoJha07OCwA8q/MF3qFWZxNR9lmwYEGQts/7tznxi6wjiIgyXdHdLTkKdxGAftYtCVM83FJV+lPrjJ5yckKe6ebMk/hzludTent04S1bBPir1fkKbp6JKLWCtH0WAa99JiJKMn2742YAJdYdPng9z/PS+puuThw41DIgFOp8wfJ8ygTyB7OToRyeiSiluH0mIsoeBTc0ngHINOsOH3Q6quWrI8PT+l5XDqAHG2NWElMAACAASURBVJ6/eenCu942PJ8ygKf6iuHxlr9/iChLBW37PHr0lN7WHUREmaZ0TtMgOHIfgLR/NKqKRtdVl9re6NcHjii+YHW4Aq9anU2ZQxyxfLC62e8fIspeQds+u33zuH0mIvKRROF0eHhAgEHWLT74/ZFHv36jdYQfHIjuY3c4XrM6mzKHeHHLb8LkFhVNyTE8n4iyVJC2z6pyDbfPRET+GRpqnAHgNOsOH7wn8dC5sfHj49YhfnCgjtnwDOjrdmdTplDPdPOM/b6Ux5vlEFHKcftMRJSZhs1eUywqs6w7fKCe4ILmSOE/rEP84gBq97ZtxTtWZ1PmcPI73rU8P8dzODwTkQlun4mIMsvQ6LN7e3AeBJD272xUxfz1M0sarDv85AA60Ox0kQ1mZ1PGeO/1/TcCUKvztRN5VmcTUXYL2vbZ6dNrinUEEVE6c9y2u6C2T0Pyh76Q39e71rrCbw4ghlszMd0YUmZYtSrSCeB9q/O9HCdkdTYRUZC2z4Beze0zEVHPFNU2XgJgonWHD7YACK++YvhW6xC/OYCYvSVANL7Z6mzKOJusDhbEXauziYi4fSYiSn8n1aw7TiE/su7wg0IqW6pK/2TdkQwOYPeW07iDNquzKeO0Wx2cpzkcnonIVMC2z7z2mYioG0ZGn8x3xasHkPb30RHg/1qrin9m3ZEsDqC5VoeH4JoNPJRhVMy+EdMOj8MzEZkK2PZ5kPTOv9g6gogoXWwK9Z4P4ETrDh+83h7qyOgnLzgAzIZnFY/DM/lCRLeZnc3hmYgCIEjbZxHw2mcioi4oqG36tqh+37rDB52eeBOfv/aU96xDkskBYPiFv2TEw7LJngrMbkgQ99SzOpuI6D+Ctn12+/a6xDqCiCjIimevOxjAAusOPwgwa/3M4autO5LNsQ4g8oVnd8OwfJfX7hNRMARp+6yq14bDl/W17iAiCqKR0SdDcdUlAtg9Ntg38v8OP+YfP7SuSAUOz5QZRF61OtrpULPHZBERfVLAts/7doRyeOdtIqKd+MDtXQvoCOuOxMk7Gu+YFBs/PiveUczhmTJFk9G5HwFf3mh0NhHR53D7TEQUbMNqG09V6JXWHT5Qhff91sjJ/7YOSRUOz5QRcuPObwB0pvxgxZOxWHZ8p42I0kPQts/tboh33iYi2mFIdPV+HqQepved8oliXmtV6QrrjFTi8EwZIRa7baMCz6T6XIXWp/pMIqI9CdL2GcA13D4TEQECSMh1fgZgsHWLD/7Qz9t6nXVEqnF4pozhCH6c4iNf7diM/0vxmUREe8TtMxFR8BTUrr0SkLOsO3ywRVwvvCpyqtmjYq1weKaMsXxx3UMCbU3VeSK4duXKOt5pm4gCidtnIqLgKJi9tgjQWusOX6he3nzd8D9bZ1jg8EwZQ1XVE+daAJr80+SZ5YvrHkr+OUREPRO07XOb4/K5z0SUlY6PPtnX8XQRgFzrFh881FJd+nPrCCscnimjNNTPfVyBZH9X7w3X9SaqagqGdCKingvS9llErub2mYiyUZ7b+ycqONq6I2GCv0lO6ELrDEscninjFHxp4PVQ/DJJL79V4Y1++IG6fybp9YmIfMPtMxGRrYKapu8COtm6wwed6sk5zdcUbrIOscThmTJOJBLx2jfreAUe8PN1FXhHPfnfhsXzm/18XSKiZAra9rms7Jq9rDuIiFJhaG3TUSKYa93hB4VWtVYXr7HusMbhmTLSypV1bSuW1J0H1QgAL/FXlOaQqwUND879feKvRUSUOkHbPjt9tnH7TEQZ76j5j+S5QAxA2n/DUIEnjzzm9VutO4KAwzNlLFXV5UvqbhBHhwPa0++U/RuCC3Pj/y7lW7WJKF0Fafusiqu4fSaiTNdv08AfKXCSdUfi5B3HCU2KjR8fty4JAg7PlPGWLapbu3xx3Qj18LXtb+WWPV2r4QFYK4KKrTm5Ry+vn3dPLBbjHxhElLa4fSYiSp2iOWvPBHCpdYcPFOJ9r3lG4RvWIUERsg4gSpWGB+etArAqHA6725wDh4ijxwJ6sKj0V2g7FBsceH+JO3nrVtTf+q51LxGRn/brt3Xhm5vzZwhwuHXLju3zXQ0NN39g3UJE5Kch0aaDQi5+AUCsWxKlwG2tM0uTdRPetMThmbLOji1y644fRERZYcGCBR1jy6fNUeg91i0A9pXeWy8FcLN1CBGRXyQKpyCEhVDsY93ig5b2+F4zrCOChm/bJiIiyhJBuvYZEF77TEQZZajTFIFipHWHD7Y4cCe/EDm23TokaDg8ExERZYmAXfu8z47tMxFR2iuYve4rIphp3eEHVbl0XVXRS9YdQcThmYiIKItw+0xE5K8Tb3p6gGj8fgCudUviJNZaXbzQuiKoODwTERFlkcBtn3u1XWYdQUTUUwJIbkfOfYAcYt2SOPlrTlwvtK4IMg7PREREWSZQ22fRK7l9JqJ0VVjbVKGCMusOH3RA9JzGSMlm65Ag4/BMRESUZbh9JiJKXFHNmhMUuMm6ww8imNEys6TRuiPoODwTERFlIW6fiYh6bsitz/dRODEA+dYtPnispbPkNuuIdMDhmYiIKAsFbfuMPtsut44gIuoqd9tHd0LwJesOH7wtTug7GoFnHZIOODwTERFlqSBtn0XxA26fiSgdFNY0hgVyvnWHD1Qc+W7zjMI3rEPSBYdnIiKiLMXtMxFR9xTVrj4CIj+17vDJrc0zin9tHZFOODwTERFlMW6fiYi6pujulhyFuwhAP+sWH7S0xfeqso5INxyeiYiIsljQts/Su22qdQQR0U69Fb8JQIl1hg8+jLsy6YXIse3WIemGwzMREVGWC9L2GdDp3D4TUdAU1q75XxW9wrrDF4pLnr2u+C/WGemIwzMREVGW4/aZiGjXSuc0DQKc+wCIdUuiFPqLluqSB6w70hWHZyIiIgrc9nnUORWZcE0hEaU5icLp8PAAgP2tWxImeCU3LhXWGemMwzMREREFbvuc2yncPhORuQK38ToAp1l3+KBDPD2nMVKy2ToknXF4JiIiIgAB2z4LuH0mIlPDZq8pBiRi3eEPuaa5urTJuiLdcXgmIiIiAIHbPg/k9pmIrAyNPru3B+dBADnWLYmT37RWFc+1rsgEHJ6JiIjoY4HaPgNXjr3gir2tI4go+zhu211QHGrd4YO33bhcoIBah2QCDs9ERET0sUBtnwV7e9vil1tnEFF2KahZezGAidYdPvAcD+esjQx70zokU3B4JiIiok8J0vZZVH7A7TMRpcpJNeuOE9EfWXf4QRU/XDer5HHrjkzC4ZmIiIg+hdtnIspGI6NP5rvi1QPobd2SOF3X7u2VITc7Cw4Oz0RERPQ53D4TUbbZ7PaqA3CidYcPPvQgk1+IHNtuHZJpODwTERHR5wRt+4xtHu+8TURJUzC76VsALrTu8IXoxeurSl62zshEHJ6JiIhop4K0fVbFdG6fiSgZimevOxiKu607fHJfy8zSRdYRmYrDMxEREe0Ut89ElOlGRp8MxVWXCDDQuiVhgld65XZWWmdkMg7PREREtEvcPhNRJtvk9KoBdIR1R+KkzfG88NNXn/yBdUkm4/BMREREuxS07bNujVdYZxBRZhhW23iqCK6y7vCDQK9ZVz18vXVHpuPwTERERLsVpO0zxOH2mYgSVnDjU1/wIPUAXOuWhCkeaakqqbPOyAYcnomIiGi3ArV9hvbn9pmIEiGASDznXgCDrVsSpcBbOS4uUECtW7IBh2ciIiLao6Btn8+afOkA6wwiSk+Fs5t+AMhZ1h0+8AA9p3FGyVvWIdmCwzMRERHtUdC2z66Xw+0zEXVbwey1RaqYbd3hC9WbWqtKf2udkU04PBMREVGXBGn7LJAruH0mou44PvpkX8fTRQByrVsSp+tkUM711hXZJmQdQETZyVP5+pjyijzrDuo+VXiOOBsBfS0uOc+tqL/1XesmSo0FCxZ0jC2fNkeh91i3fGL7HLUuIaL0kOf2/olCj7bu8MGmTjgTnruosMM6JNtweCYiEwKclSHXG2UdEUB33JfE0Q5vTHnlcwDqndz4fUt/cccG2zpKtv36bV345ub8GQIcbt2yY/tc96tFP37PuoWIgq2wtukCAJOtO/ygIpc8N7P4VeuObMS3bRMRUSIcAEMB3OK1u6+NLa+8Phye3ss6ipInaNc+53g5ldYVRBRsQ2ubjgIwz7rDDypyT+vM4sXWHdmKwzMREfmlrwKRdjf+x7LyiqHWMZQ8Qbr2WSHTeO0zEe3KUfMfyXMgDwLYy7rFBy/3zumYbh2RzTg8ExGR3w4TyOox5dMmWYdQcnD7TETpot/mAbcCmgHf0JU2z3HCT1998gfWJdmMwzMRESVDPqAPlE2syIjry+jzuH0moqArmrP2TKhcZt3hC8WV62cMe9Y6I9txeCYiomQREbln9MSKUusQ8h+3z0QUZEOiTQepp78AINYtiVJgZWt18Z3WHcThmYiIkivfEVnKrWBm4vaZiIJIonBCLn4BYB/rFh/8y4mHzlfseMwFmeLwTEREyTY45OXMsI4g/3H7TERBVOA2zgLwNesOH3iAnNccKXzXOoS24/BMRESpUPHtydPNnwtM/gva9jkcnj7QuoOI7BTWrP0yIFXWHX5QYHZLVfET1h30XxyeiYgoFXI7PY9bwQwUtO1ze4ifZ0TZ6sSbnh4A8R4A4Fq3JEqBtc5+oRrrDvo0Ds9ERJQSCi0Ph8Np/wUNfV6Qts9Q5faZKAsJILkdOfcBcoh1iw/e17hOaL6osMM6hD6NwzMREaWEAF9ocwdlwLM26bOCtX1GP26fibJP4ezGqSoos+7wgyouWR8pfc26gz6PwzMREaWMwCmxbqDk4PaZiKwU1aw5QVVusu7wyYLW6pIl1hG0cxyeiYgoZURwlHUDJUfQts9tbnyadQQRJd+QW5/vo3BiAHpZtyRM8aLEQ9OtM2jXODwTEVHKKJTP4c1gQdo+C1DJ7TNR5gu1bb0Dgi9Zd/hgm0ImNUcKP7IOoV3j8ExERKmjErJOoOTh9pmIUqmwpjEMxXesO/wgih+0Vhc/Z91Bu8fhmYiIUkflA+sESi5un4koFYpqVx8BkZ9ad/hC8euW6pK7rDNoz7gBSAPh8JT+HW5+kYoco9D+otLfuinTqOgmgWxC3PtLrrati8UWbLJuIspE6ujfrRsouRYsWNAxtnzaHIXeY90CoF+H610BoNo6hIj8U3R3S47CfQBAP+uWRAnwTzck5yug1i20ZxyeA2rkBRfk99vW/1xAzxM3fzgAF6oQAPy95T9RAFDAEbQjPz6mfFqjQBe+n7954ar77ttm3UeUKQT6gnUDJd9+/bYufHNz/gwBDrduUei00ZOunLei/tZ3rVuIyB/e2503ClBq3eEHFX2pI64nHx998okXIqd+aN1Du8e3bQeMiEjZxGnj+23r90eB3i3AKQBc664s4wJ6sgIL+m/r9/LY8sqLwuEw/z8gSlxc8tynrCMo+QJ27XNfBx289pkoQxTc0HiGAJlzR2qVrwukIc/ttaFwdtMTBbWN1wyds+4kwY6dGQUKh+cAKZs0bdDoiRW/F9FYEL5bTwCAgxRY0O4O/v2Z4cv2t44hSmcCPLHsvtvft+6g1AjStc9QVIbDFV+wziCixJTOaRokjtyLzBwsc6EYKZCbHM9bX1Db9PeCmqZ5BbWNp42MPsl3CwcEh+eAGHPO1BNEtXHHppmCZ0SOG2oZPXHaMOsQonTlKe61bqDUCdr2uT0kldYRRNRzEoXT4eEBANmyzDhYBBUCeXyz2+sfhbOb7hxW23iqRDm/WeK//AAYN7HyeMSdpwEcat1Cu3WAI/rE2MlXnGQdQpR2BC/leW88ZJ1BqcXtMxH5ZajbeBmA06w7jAyG4lIPsqrAbXy1qKap5qQb1x5tHZWNODwbG3f+5ft4osuQAXcLzBJ91fMayiZNG2QdQpRWBNNjsVjcOoNSK3DbZxe89pkoDRXNaRkskFrrjmCQQ1RQ5cb1pcLatc8U1q6dUhpt4hyRIhyejWm7uxiQI607qFsOEfWWiEgmXm9D5DsR3LZ80byV1h1kI1DbZ0gFt89E6Ue9zpvBRdNO6AhAf9Lh4p8FtWt/PGxO8/HWRZmOw7OhMZMqzlbgG9Yd1BNy6ugJU8daVxClgd/kdL5xtXUE2eH2mYgScdLsNQcCmGjdEXB7CfQSz4v/obC2qbmgZu15RXe35FhHZSIOz0bC4bALxY3WHZQAkVvC4WiudQZRgD3W7uoEvl2buH0mop5yPOdyABwEu65QRH+hb3f+o7C28fqim1v6WwdlEg7PRjpCB54NyHHWHdRzAhze5mwcZ91BFEQK3L3pzYFnrnygbrN1C9kL2va5w5UrrCOIaM8EEBGca92RpvYHJOJ1dP6toLbphoIbn+I3DX3A4dmIet451g3kA8Fk6wSigGlRkW82LJ43ZdWqSKd1DAVHkLbPCnD7TJQGCmvWHA/gQOuOdCbAQAGqJZ77WlHt2rqiOS2DrZvSGYdnA+Fw2IXga9YdlDgBRobDYde6g8hYuwCPq0q4YUndsIb6uY9bB1HwBGz73IfbZ6I04DinWydkkN4Knape5yuFNU23FEVb9rUOSkch64BstC006ChHMcC6g3zRZ1vokAEA3rUOSUN/geAf1hHUAyptgG4C9DURp9XbkvfY8oabPwAALJlrHEdBtl+/rQvf3Jw/Q4DDrVt2bJ9vj8Xq3rFuIaKd81SPF/DhJj7rDcGV6nZeUlS79o72UPvNz197ynvWUemCw7OBkOce6YlaZ5BPpHPr3uDw3G0ietey+jpOWkRZZMGCBR1jy6fNUeg91i0A+rSHZDqA66xDiGjnBGL+jbYM1keh14Q6cy4sqm26AfuFftx8UWGHdVTQ8W3bBlSUW+cM4jqhfOsGIqJ0EaRrn6GYOu68S/azziCiXRAcbJ2Q6QQYqMBcfbvzD4WzG8+27gk6Ds8GVIXvP8kgHVBe80xE1EVBu/bZ68zltc9EQaXg11ipcwxUVhTWNj1eVLPmBOuYoOLwbEAc4aNbMggfPEhE1D3cPhMRBdZpKk5rQU3TvFN++Mxe1jFBw+HZgHjxV60byD/qunwnARFRNwRu+9yRN906gog+TwAunGyERFCxtT30x6Gzm8qsY4KEw7OBbZvxZwBbrTvIH53xOO/+RkTUTYHaPkMv5/aZKHgUeNm6Icsd7CiWF9U0LS+KthxiHRMEHJ4NrFxZ1wbBM9Yd5I+QG+fmmYiom7h9JqI9Uv2LdQIBKihTt/MPRTWN3xdk97PDODwbEZUl1g3kl1zrACKitMTtMxHtjufIausG+lg/FflpQW3Tb4pnr8vau6BzeDbyUU7OEgBvWHdQ4oRv2yYi6pGgbZ/j7bk/sI4gov9yO0OPg5c6Bs034+r9obCm6SLrEAscno08uvCWLQJcb91BieMNw4iIei5I22cRXMbtM1FwNEcKP4LiCesO+pz+ECwoqm16aGj02b2tY1KJw7Oh998ceC+gf7TuoMRw80xE1HPcPhPRbqnMt06gnVPg24677blhNY0nW7ekCodnQ6tWRTo17nwLivetW6jnOqwDiIjSHLfPRLQrLbOKHwVkvXUH7Yoc4ok8WVjbeL1EM3+2zPh/wKBriM19SaATAHRat1DP5FgHEBGluaBtn73OvCutI4jovxQalD8faOdCgEQK3KZHiqIt+1rHJBOH5wBYtqTuMRGZCGCLdQt1HzfPRESJC9L2GaqXcvtMFBytVSX/p+BjXtPAN+F2rh9as26YdUiycHgOiGX1cx9WkREA/m7dQt3D5zwTESWO22ci2i2VqwB41hm0ewoc5Ij3/wpmN51r3ZIMHJ4DpKF+7vO58c7jBYiCt+VPGxJ3ecMwIiIfcPtMRLvSWl28BpAbrDuoS3qJYmHh7KYFRXe3ZNQVjhyeAyYWu/PDZYvnXQ+EjgGkDsC71k20e8rNMxGRLwK3fe7Ivco6goj+qzVeXAPFr607qIsUF+nbnSsz6XFWIesA2rnli3/0OoDKcDg8vd09oEhVSx3RIz3Ifo6Aw9pnqOJrAPaxOT3X5lgiogy0X7+tC9/cnD9DgMOtWwBcWjZp2q0N9XPfsg4hIkAj8IqiobC6ncsAfNO6h7rkNMdpe2ZotPHM9ZHS16xjEsXhOeBisVgcQNOOH7QLY8or18BoeO7kc56JiHyzYMGCjrHl0+Yo9B7rFgC9RfVKANxAEwVEc6Two6PmPzK6//sDH1RBmXUPdYHgWMeVNUNr1o1eXz1snXVOIvi2baIE8YZhRET+CtS1z9u3z4OsI4jov16eekZbi1cyTgRXAWi37qEu2d8R78mi2rVjrEMSweGZKEGdvGEYEZGvAnbtc294HjfPRAGjEXjNM0tu9RynBMDT1j3UJb0V+n8FNU3ftQ7pKQ7PRAkKuS43z0REPgvS9llELisrn3qAdQcRfd76GcOebakq+bJ6OgrAGuse2iNXBPcUzG6cbh3SExyeiRLEa56JiPwXsO1zPlTS8gs9omzROqv0kZaqkhEO3C+JolaAZwF0WnfRTomo/KiopqnGOqS7eMMwogRx80xElBxBuvP2ju3zbQ2L5//buoWIdm1dVdFLAKoBVBdFW3qrEy+E4x2iioEC7CNw8lU9gSN7A4Cq5ok6AyHYB9B9AOwLsye4ZBcVVBXObty7dWZphQJpsYzi8EyUIOHmmYgoKQJ25+18R5wfAPiBdQgRdU1zpPAjAE919+PCDz3k/u3Fww/0nPbDHMc9VNU7TCCHKXAsgOMA9PI9NlupXD60dq0rVcWXpcMAzeGZiIiIAitI22dVXFpWPvVH3D4TZbbY+PFxAP/Y8eP/ffLvhR96yH31pcOOVPFOVMUQQEsAlALoa5CaEQR6ScHsxrikwQaawzNRgpSPqiIiShpun4koSHYM1i/t+PEQsGOg/vNBJ8ZFThHIyQBOA9/63T0qlw+tafKkumRakAdo3jCMKGG51gFERBktSHfe3rF95p23iehjsfHj4+uqh69vrSqd31JVMvGIY/4xSFRLAY0CaALgWTemAxFUFNQ03WbdsTscnokSxGueiYiSK2h33hY4V1pHEFFwxcaPjzdXlza1VJVe31JVUpoX976gKucD+ivwDuC7J5hWNLtplnXGrnB4JkqQ8m7bRERJF6TtM4BLuH0moq5aHRm+sbW6eGFLVenZbtw5GMDl4DOpd0kV0aLaxkusO3aGwzNRgvicZyKi5OP2mYgywdrIsDdbqkru/PiZ1JCbAbxt3RU0CrmjcHbjBOuOz+LwTJSgHOsAIqIswe0zEWWSdVVFLzVXFV/bFt/rYKhOUOAZ66YAcaCysKC28TTrkE/i8EyUoA7rACKiLBG07TPUvco6gojS3wuRY9tbqktjrVUlp4ijhQDuB7/EBIBcgSwtnNN0onXIf3B4JkoQN89ERKkTpO2ziF58dnj6gdYdRJQ5mmeUtrZUlZzninMEFHMBbLVuMrYXFA2lc5oGWYcAHJ6JEsYbhhERpU7Qts+O4/HaZyLy3dqZw15vqS65Qt32L+64Ljp7h2jFoR0eflUUbeltncLhmShBvGEYEVFqcftMRNmi9bovv9NcVXytOKEjVFEHoN26yUiRup33CmC6tOLwTJSgkBfn5pmIKIWCtn0OheK89pmIkqp5RuEbrdUllYh7xwFYat1jZMLQ2Y0zLQM4PBMlqNNxuXkmIkqxIG2fVTGF22ciSoWWyPBXWqpKviWqpYCstu5JNVGJFtzQeIbV+RyeiRIUcrl5JiJKNW6fiSibNVeXNrVWFZ+iKucDeNe6J4UccWRRcbT5cJPDLQ4lyiy51gFERFmJ22ciymYKaGt18cK8uHcMBHdv/6msMCDuxpeOuH1Nr1QfzOGZKEG8YRgRkY2gbZ9d17vaOoKIss/qyPCNLTNLpqjnfAMSjG8opsCQ9i0yP9WHcngmShCf80xEZCdI22dAL+L2mYistM4a9jvpDJ2w467cGb/cUcj3CmavLU/lmRyeiRLUYR1ARJTFuH0mIvqv5kjhR63VJZXw5AwA/7LuSTZRvWtotPHQVJ3H4ZkoQSHX5Q3DiIgMcftMRPRpLbOKHw25MgTACuuWJOvvuHJ/+KGH3FQcxuGZKEHCa56JiEwFbvvsxK+xjiAiarqueENrVckYAaYBaLfuSaJT/vrSF6tScRCHZ6IEqcdHVRERWQvU9llw0bfOqTjIOoOISAFtriqZpyqnAnjduid5tGrY7DXFyT6FwzNRgjodl5tnIiJjAds+58U7hdc+E1FgtFYXrwm5MhTAE9YtSRJSde49av4jeck8hMMzUYJ4zTMRUTBw+0xEtGtN1xVv6BffevqOu3FnHAWO6/f+gFnJPIPDM1HCMvkSEiKi9BG07bMXB699JqJAWRU5tbO1uqQSiinIxIfGiFxdMHttUbJensMzUcJyrQOIiGiHIG2fFXIht89EFEQt1SV3K3QUgM3WLT4LierPjo++mJQv0Dk8ExERUcbg9pmIqGtaq0p/K+qdAuDf1i0+OzE/9MH0ZLwwh2eiBHXyUVVERIHC7TMRUdc0Vw//QyfkFAAvW7f4SRXVQ6ONh/r9uhyeiRLEG4YREQVL0LbP8bhcax1BRLQrz1UVv+rGna8AeM66xUe9HVd+5PeLcnimTGE2wHLzTEQUPEHaPgP4PrfPRBRkayPD3vTieacCaLZu8dG4ojlrz/TzBR0Y3mUtHtccq7Mp45jdtYufxEREwcPtMxFR96yPnPR+Xtw7HUCrdYtfVHWun89+dmD4nB1Rh7cpJn8IkvpA9N1Rvm2biCiQArZ9vvBbky//onUEEdHurI4M3+jF876uwFrrFl8ojuy/eeBUv17OAdDm14t1m2s38FCGUbvPJeHbtomIAilg2+fceNy92jqCiGhP1kdOel/jeacjQ66BVsXMkhvX7uPHa9kOz4peZmdTpuHnEhERfU6g4xqFIgAAIABJREFUts+C73P7TETpYH3kpPfj4p0JwWvWLT7YuyOu1/nxQqbXPIuqL98BIAJg9rnEt20TEQUXt89ERD3z7Mzh/0Kn9w0F3rJuSZQAU4tqVx+R6Os4ADb70NMjCt3X6mzKHGVl1+wF8BIAIiLauaBtn8eWX3GodQYRUVe0RIa/ApGzAGyxbklQrgfnhkRfxAH0XT9qekLE4eaZEqZ5H5l+E4aPqiIiCragbZ89KLfPRJQ2WmcWN0PkXACedUsiBDJx2Jzm4xN5DQcqG/wK6j49wO5syhShUGh/0/P5tm0iosAL0vZZoNw+E1FaaZlZvAwi1dYdCXLUi89I6AUAMds8AzjU8GzKEHEvfrjl+dw8ExEFX8C2zzncPhNRummZWTxHRe6x7kiEAhMS2T47cOzetg3gMMOzKVOI7edRjuXhRETUZdw+ExEl5oN+Gy4HdJ11RwKcuNfZ4ztvO2J797QDRo2q4I2eKEFyqOXpZrerJyKibgna9lnhXWMdQUTUHS9PPaPNiyMM4D3rlp4SyISiG9d8qScf63gqf/c7qDvn5w1w/8fwfMoAAiR04X+iQm6c1zwTEaWJIG2fAXyP22ciSjfrI6WviSPnAkjXSxddjTvTe/KBjrjxV/2u6Q6N64mW51N6i0ajDoDjLBs64266/sFBRJR1uH0mIkpc84ziX0P1FuuOnvv/7d15fFT19f/x97l3EkAFVKz7WmvrriSBBLQttLbWpSRYCYtKa6212hLiigo4TQngVtm0LbTVugEOFRLc/VqxP0VISALue6XuK4ogZJl7z+8PiEUFZpLMzLl35v18PNoHJJN7X/rAkDOfez9XRvevWtHhTYed/FbfdniGz+GZOq3h5TUHA9jJsoH3PBMRhUvAVp9/CZH9rSOIiDqql988HkCddUfnaDfP9X7T0a9yYrGb1ivwYTqSkiGOFFidm8LP8eRY6wblo6qIiEIlYKvP+QB4CxsRhc6S6KC4uP4vAGy0bukc54KB05b16NBXAIBYvvuq6H/eeedx8Y46RQTHWzfwUVVEROETsNVnIqJQarhiwIsierl1R+foN1rXyxkd+QoHABR4Nj1BSdnx3bU9zFcPKZwEvvnwzA3DiIjCJ2Crz0REodU4vmQWRP9l3dEpIr/tyMs3rzzr0+mpSTIiAKuHFD6lpeN6KuQY645NV9wREVHYcPWZiKjrFFCFfw6Az61bOkqBYwsm1xcl+/rNw7NrOjxD9QTT81MoaY/mHwBwrTuEl20TEYUSV5+JiFKjafzA/4qg2rqjMwR6brKvdQAgzxPb4VkweMiQ83YwbaDQcSAnWTcA3DCMiCjMuPpMRJQaPeMbrwfwlHVHhylGlVTV9UrmpQ4AxGI3rAH0zfRWbVcPd4f87xuen8JINBDDM1eeiYjCi6vPRESpsSQ6KC6q5wHwrVs6aKc2V4cn80Kn/RcKWZa+nsQUzqmW56dwOW1ExTEAAvFczDbrACIi6hKuPhMRpUbDxJI6AHdad3Sc/DKZV30xPAt0afpiElPBsMGDqyKWDRQeKpLUu0OZwOesERGFG1efiYhSxxP/CgAbrDs6qKSwatm3Er3of8OzI6bDswDf2HnPNbx0m5Ki0GHWDe248kxEFH553jv/EOAV6w4iorBbNX7A21Cdbt3RYRG3PNFLvhieP31n16cArE9rUAKqGGF5fgqHISMq+wGS8J2hTOFznomIwi8Wi3mAXGPdQUSUDVr85qkA3rPu6BDVMxO95IvhecmSaByC5ektSkBQXl7+251MGyjwHNGk7knIFPFcbhhGRJQFuPpMRJQaz0YHrRfRqdYdHXRYvykNR27vBc6WvxHg/9Lbk1Cv1kiEq8+0TSeOvnRHAKOsO7akXHkmIsoKXH0mIkqd/B30rwDete7oCN/3tzuLfml4Vsd/IL05SVAk/ZBqyj094q0jAST1HLbMybcOICKiFOHqMxFRajx54YCNKnq9dUfH6JDtffZLw3PNHbOeAfBGWnsS6z9kREWJcQMFleIC64SvivM5z0REWYOrz0REqdM73vwnhGv1+ahjqusP2tYnna9+QIEH09uTmOvIRdYNFDxlwytPBNDXuuOruGEYEVF24eozEVFqLIkOalboDOuOjogoTtnW574+PCvuT29OYqo47fQzLvqmdQcFjKuXWCdsTZwbhhERZRWuPhMRpU48Ep8D4HPrjqSJ/nRbn/ra8Nzddx+GYF16ixJy4753qXEDBciQEZX9oDjBumNrIq7LlWcioizD1WciotR4+vLjP4HgTuuODhh0/LVLe27tE18bnmOxGzaqojb9TQmdw9VnaufAn2TdsC2855mIKPtw9ZmIKHXUwQwAYfmZOX9ja973t/aJrw3PAOCq3JXenqTkxdWbYB1B9kqHjzkOIidad2wLV56JiLITV5+JiFKj6Yri5yH6qHVHskQxeGsf3+rwHPF3eRiKT9OblATF6LLyisOtM8iOiAgc52rrju0RrjwTEWUlrj4TEaWO+M7N1g3JUtFBW/v4VofnWCzaqoK701qUHBcObrCOIDulI8aWC3C8dQcREeUmrj4TEaVGT3/DQiAAC7TJObZ4an2fr35wq8MzAAgQjHcGRE4sG1WxzR3PKHuVl1/UA9DAv+OvfFQVEVHW4uozEVFqLIkOagawwLojSU6rr19bwNvm8Fwzb8aTUHkmvU3JEZU/Dj777O7WHZRZLa53BYADrDsSy7cOICKiNOLqMxFRajiqt1o3JMvxMehrH9vuV4j/t3TFdIQCh+zc3Osq6w7KnCGjxhwqwGXWHcngPc9ERNmNq89ERKnRMLHkSQD/te5Iikj/r35ou8OzdHdvA7AhbUEdoMClQ0ZcWGDdQelXVVXlOOr8HUA365ZkKHfbJiLKelx9JiLqOt30uKoa647kaEHRnMa8LT+y3eF50S3TPhVgfnqjkhZxxftreXkVr5HNck0vrKkEMNC6I1l8zjMRUfbj6jMRUWo40JAMz+jufeQfseUHtn/ZNgBP/OsA+GlL6gCFFLRG1lRZd1D6nDZi7JEimGzd0RF5iV9CRERZgKvPRERdd9B33nwckA+tO5Lh+F6/L/0+0RcsnjvrRUAeSF9SBykuGzJqzA+sMyj1Bp99dncfMhdAqDaHa7MOICKijODqMxFR18WGDfMgep91R3KkY8MzAAjk+vTEdIrjqHPraaPP3906hFKrV3OvGyF6lHVHR3HlmYgod3D1mYio68SX/7NuSI4eu+XvkhqeF82b9hggDWnp6Zx9/Xj+/MGDqyLWIZQapSMrzxXgHOuOzuCGYUREuYOrz0REKeC6S7Bp87CAk0MF+OJn/aSHT1+12pEA7YymGNx7zzVTAVxqnUJdM/SMiv4CmWXd0VncMIyIKLfkee/8o83da5wCh1i3UPodffUTu3RrixzuA4dAnG+o6k6Og43qy3oV/w2FvLBqQvGrGopBgCgYGq4sfLewuu5FAIdZtyTQ8+iqun0QLX4L6MDwfM9dMxeXjqioB/C1510ZurhsROUzNfOn32YdQp3zszMr9lVfFiIkj6XamojvceWZiCiHxGIxb+jIymsA/Zt1C6VHv+qG7/jwzwL0pDzkHetL+9WaChFAFYAoBAIBUFBd/2Eh9FFAYy1er3ufjR7eatlPFBKPIvjDM/IFhwF4C0jysm0AUFWFL1elrapzBKJ/KxtecYJ1CHVcaem4nnFP7gWwj3VLV8Qdl+80ExHlGN77nJ0K/rDih4WT6x714b0I6HgABUjq52X9BoDhgNzdzV33dsHk5RP6Vq3aOc25ROEm+rh1QjLU1S8G/KSHZwCouWv6QwCC9g+ZB5EFQ0ZddETil1JQlJdX5Ts7NN8twDHWLV0VcbnyTESUa3jvc3Ypqn7y4MLq+gfE8R+BYnAXD7ebqExy3JZXCibV/XLL+yWJaAtxbbROSFLnhmcAcESuRNDu6RDs7Kj38NARFQdbp1Bi5eXlbltkzR0K/Mi6JTXyrQOIiMgAV5+zQ8Gk+tEK9ylAf5LiQ+8mgr8XVNc90r9qxZ4pPjZR6DVFB7ymwBrrjkRUnQPbf93h4Xnh3OlPABpLaVFq7K2CJT8743cHWIfQtomItDp7/UUVw6xbUoUbhhER5SauPoebVMEpnFx3k4jeCmDHNJ7qB77rr+g3peHINJ6DKHQUUAFWWXckItD92n/d4eEZAHzPuQzAhpQVpYzs5/nuwz87s2Jf6xL6uqqqKqd0xJjZEPzKuiWV+JxnIqLcxdXncCpfsMAtcOvmQnFBJs6nwL6+7/2/oknLizNxPqIQCfyl2wrs3/7rTg3Pi2PT3xDgutQlpdS3PU+eKC2/6FvWIfQ/5eXl7qoX19wMyLnWLanWZh1ARERmuPocPgLIqy8f8BcAwzN86l1U5KHCKXVHZ/i8REH2gnVAEnq2bwDYqeEZALzPm68F8EbKklLrAHG9x8rKKw63DiGgvPyiHq3ungsV+Ll1SzpEXJcbgRAR5TCuPodLYXXdRaJqdRVcb/hYPLBq2a5G5ycKFpVXrROS4Tob9wO6MDwvXjx7g6j/m9Qlpdw+cOWJ0uFju7pjInXBaT//XZ9W13sIkCHWLekivOeZiCincfU5PPpNXtZfganGGQe0us5s4waiQHB9CcUbj77KvkAXhmcAWDR/1gMKmZeapLTYRRw8OHTk2LOsQ3JRaflF3/Jb3ScBfNe6JZ3U56OqiIhyHVefg29w1WMRX92/IADblShwekH18qxdWCBKVn2033sA1ll3JCIifYAuDs8A0M3zxwL4qMtF6ZOvwK1lIyuvLi8vd61jckXpyIpTxPXqAXzbuiXd4o7LlWciohzH1efgW+d2PxfQvtYd7RzI9KI5jeaDPJE1AV6zbkhERXcBUjA8x2IzP1SRC7uelFYC6LgWd69/lY6q3MM6JpuJiJSNrBgnkMUAdrHuyQTe80xERABXn4OsaE5jnopcZt2xJQUO8t+P8+pIynkKec+6IRGBsyuQguEZAGrnTr9DIAtTcax0EuD7olp/2qjK461bstHPzrpwr7IRFQ8BcjVS9GcrHFqtA4iIKAC4+hxc+n7bUCgOtO74KhFUWjcQWRPoB9YNiaVo5bldm9P6KwR39+0t7e+r/rtsZOWM8847j5fKpEjZ8MoTvbjfpMCPrFsyL986gIiIAoKrz8GkIkF94sdRRVOWF1hHEFlSRQiGZ6Ru5RkA7r3zT5/44p8NwE/VMdPIAbTi/c+6Pz5k1EVHWMeE2dCzL9y5dOTYv8HRBwHsad1DRERkiavPwXPM9U/vKMAJ1h3b4vtSZt1AZEok8MOzKHoBKb60dvHcWY+q4vpUHjPNih31VpaNrLz65JMrulnHhE3ZqIqfarP/jADnWLdYivNRVUREtAWuPgdLpPnz7yLAl4kJ5IfWDUSWFFhj3ZCIbv4ekvL7Uvfs3TwBkKWpPm4a5QE6Lr+3rBw6ouLH1jFhcNqI3327bGTlvVBZDGBf6x5r3DCMiIi2xNXnoJFC64Lt075SlUt7xRB9mai2WDck5Gg+AERSfdzZs2e3lY6q/JkoGgHsk+rjp9FhKvJQ2aixjyCuY2tiM5+3DgqaoWdfuLM26+UQtxJQrtRvxpXnzlGVU8tGVvJS/7BSXafAay6cpxbOn/aCdQ5R0OR57/yjzd1rnAKHWLeQfMe6IIEeR7v1BwD9X7cOIbKgDjZK0H+aVukGpGF4BoDaudPfP23UhcN89R9DgC+T2SrFCXBlVdnIsfN9z48ujs3K+W9kJ46+dMfura2/EpErAd3duidouOtcp/0QUF6qFlYCCAAfPspGjn0LwHyBc9OiedNWG5cRBUIsFvOGjqy8BtC/WbcQ9rIOSMRV7Akg53/mpNwk0NZNP1UEWh6QxscJLZw7bZmqXJyu46dZHoCzHNd5fuiosdN/dmZFTl6aXFo6rufQUZUX92hr+48IpnNw3jrlZdtE+wK4ROG/XDpy7OzTRp/P7xVE4L3PAdLTOiCR9s2IiHKR40mzdUNikp57nrdUO3/6jVCZnc5zpFl3VYz1PHmtbFTFraWjKo+2DsqE0pFj9i4bWXm19Gh+Q1Wv59C8fcLLtona5Qnwa78t/7kho8b8wDqGyBrvfQ6MtFxpmVIudrBOILLiORr4n6UFKkAGvpmsfX+X3/Xa85P9BXpSus+VRvlQGS3Qs8pGjX1MoH9t+RQL779/ZvBvbk9SVVWV0/TSJz90oOcKnFJA84N/9QQRBdRujjoPlY2suLhm3syZ1jFElnjvcxBICxDsn83V514ylLscx+mmfsD/GwVagDSvPAPAkiXRODZ0Gw5gZbrPlQECxWBVmZvfW94qHVE5rWxkZbGIhHbMPG3EhYcNHTn29ytfXPOqqD6simEI233qxnjZNtFWRQCZUTayosI6hMgSV5/tKbTVuiEx4c9elLPU98Pw5lELkKHLWGprr1lXOnLMqQJnGYD9M3HODNhNRCsBVJaOqFhdNrLyLvW9e7rp+8s3/UUZTCIiQ0aMORbAKaJOOUSPsm4iomwmN5SdMfbVmjtn3G9dQmSFq8+2BAj88OzA5/BMOUtV8kOwFNkKZGDluV3tvFnvqCc/BvB+ps6ZQQcCOk4c54lWd68Py0ZWzB86svKc0vLKQDwaYejICw8sHVV5ZtnIyltKR1S8I5AmgUzi4JwafFQV0Xa58HHHKeW/5WPJKGdx9dmYSghus+PKM+Uux5HgrzxrBlee29XGpr9UduaYH8FzlgDok8lzZ9AugAxX6HBxgbKRlR9A/SdV0Ag4T6vnPZPOx18NKa/cX1z/KFHnKHG0QBUDAewT+GenhViEl20TJbJLnhuJAjjfOoTIClefLQX/sm1fNPA7ghOli/roGfi9lsRgeAaAmjtmPVM6csxPBO4jgPbO9PkzT3eHSJkAZYBCXAdlI8euh8rrgK6GyOuq/lsQfAw4H8H3PnYiTrOnbnO+YGP7UVoVPVzxuotKj7ivfUS0DxR9HEf2UdWDADkQwIGOi16bHsCqCP6+ddmBK89ESTm3rLxiVk1s5vPWIUQW+NxnOyraIgH/yVwg2bqoRJSYhGJRtRUw2rq/dt6shtLhY04Rx7kfyMnn2u20+ZLpowDF//YbU8BxoD7gwEN8i5HMAaAKKBSOAJsGZGwekIP9F0KGxGH05znP4qRE4eOqK2MBnGcdQmSFq882RGR9wDfbDsvwQJQWqrpr0O95VpH1QAbvef6q2rtmLRUHPwDwkVUDZQu5BkCj1dnbrE5MFDKiKD/vvPP4fhPlLN77bEMVH1s3JCI+h2fKYaK7WSck5OtHgOHwDACL7pzR6KjzPQDvWHZQaKkqLq6ZN/1yGD7AMeJ6AX+vjCggBDu/92l+f+sMIkt53jv/EOAV645c4iD4w7Ny5ZlymMDZ1bohERFZAxgPzwCwcP60Fxz1BgP6pnULhUpcgJ/Xzp9xg3mI5wb9YjCiwBBHCq0biCxx9TnzVDXwwzMEe1snENnRfawLEgvAynO7hfNvfNnzIgOgWGXdQiEgWAcHpYvmzbjdOgXgPc9EHaLyLesEImtcfc4wJ/grz1DsV75ggWudQWTkQOuARBSb3oQLxPAMAPfEbng7349/F4p7rFso0N72fWdQzZ0z7rcOaad8VBVR8gQ7WycQWePqc2ap74Rhf528/zz/zRCsvhGlVlFV424AAv+oNpUArTy3i8VuWr/2/V1PU8ifrVsoeARY0ebFixbPn9a0lU+b7dslnh+3OndXCYT7nVFmSbD+3ukoVTG7TUM08PsFUwfs3mvjbQr8x7pDFb51Q7r5kRCsPAPwI/6B1g1EmeZHvAOtG5IR0bxgrTy3W7IkGq+dN/0CEVSAGxnTZgqZ533ePOi+2E3vbf0V8llmi7YUabU7d9eo+ob/3ignKT61TugSkQ1Wp1ZsekwGZYfZs2e3OZAp1h0CCcOqbJd0b9Vt/OwQLA70IOsGooxTPdA6IRmaJ+8BARye2y2aO2OW+v5gcCfuXBcH9PLaedNHLV48ezs/tOrqjBV9hed4a63O3VUKZ7V1A+Uaec26oGvUbNAQw3NTegRh9VlFP7A8fyYsjxZ/psAa646EFIdZJxBlmkCOsG5IwicN4wrXAgEenoFNz4Ju8+KFAB63biEL+qav+t2aeTMT3xemZs95bvns3V1CcTnYVjl2z8em3CSQldYNXaGQl3Px3JQes2fPbgN0smWDSmS15fkzRYDV1g2JqOrR1g1EGad6lHVCEl5v/0Wgh2cAuC9203t79Gr+oSquBbL/vhzaTHF/vofCxfNnLk/q5Y7cD4M/HwJZumRJNLT3PLt58QcAeNYdlDPWt6z1lllHdIWb17IcRs+Vd514Ut8PKVy6ee/darfztnxwz7xpz9ucO+NWWwckIoIwDBFEKSUIxZ/71e2/CPzwDGx6Z7Z2/oxx6uMEAG9Z91BaNauisvaumafGYjM/TPaLaudOfx/AijR2bZWKzsv0OVNp4a03fqxAqIcZChHRhfffP7PFOqMrFt725w8Ak8cqvnD3nTf+1+C8lGaxWMzzoVdbnFuBf6lqTmxEJyqrrRsSUWDf4qn1faw7iDJl4LRlPVRwsHVHIlt+/wjF8Nyu9q4ZS/I99xgA/7RuodQTaJMvft/a+TNmdOYvc4XOSUfXdry7MZIf6uEZAETlr9YNlBN8VUy3jkgNyfwz5hV3ZvyclDF79mq53eLeZ/Fxa6bPacUXf7V1QzJ8zw/DKhxRSjRvcI8AEPjnm2/5/SNUwzMAxGI3rKmZN2OYAKOBcDx6gBJqhcgfdu/VUrJ47qwXO3uQz97rcxsEL6UybHsUEn3otus+z9T50qXvYbvcocBT1h2U5UTvqJ03M9T3O7fL9zbenOFdw9f7Tt7sDJ6PMmzTzts6KcOnfbo2NuPhDJ/TjEjwL9sGABUpsW4gyhj1B1gnJGPL7x+hG57bLZo34/Z8Tw8DMNe6hTpPgSfgad+audOjmzZO6bwlS6JxgYxPVVsCT3fz3rk5Q+dKq2g06ovoROsOymqf+3Ena/6MxWKz10Iyd5mtAtcvnns9d9rOcsce2uc2IHObOIo40Vy5ZBsAfJVOvzmfSap6nHUDUaYInOOtG5IS1xfafxna4RkAYrGZH9bMm3EGHJwC4A3rHuoAxacQ/c3i+TO/VxObmbLNShbNnX43gL+k6njb8Inn4PRYLJY1G23VzJ15jwhmWHdQVlJAzlkcm55V36PzvT7TkIlBR+WZz7p/lviJAxR60WjU91V/hwxs4qiQeYvmTqtJ93mCZJVX/BqAEFwtJscJINYVRJkg0IHWDUnY0IQBX9xWE+rhuV3NnTPu9z9vPgzQywGst+6h7fIB3N7mxw+rmTtzdjre9d6jV3OFAv9O9XE380T9M+65c4bRzqjp8+m7u14CwRLrDsoyqr+vmTf9LuuMVIvFoq2e55YCeCd9Z5EPRGTIkltuaU7fOShINj9h4vJ0nkOB/3TznN+l8xxBpFH4gIZhZ/FdCqcu+451BFG6FUx+8gAF9rXuSEyf2/T9Y5OsGJ4BYPHi2Rtq5s28xvfkCEDvgtGjRGjbBPKoo1pQM2/G6PtiN72XrvPMnj27zXPahgL4V4oP/ZmjUrZo/qwHUnzcQFiyJBrPjzcPhepD1i2UFRSq0dq7ZmX6Ps6MuSd2w9sKvxSCdWk4/Ofqe6ctmjdtdRqOTQFWM2/G9QqkawPMt9XzT4jFbliTpuMHm8gz1gnJUM/9vnUDUfq537MuSI48u+XvsmZ4brc4Nv2NmnkzRzgi3wPwpHUPAYA+J+IMXTRv+g8Xzp+ZkY2p7r3zT5/s0av5JKikapOd13xxBy6cP/3eFB0vkGKx2WvXvt/nVIHeaN1Cofa5qp5eM3/mH7L9nsraebMaENeSFD+n93VH9bjau2YtTeExKUQWz5/5G4hcl8pjCvCKL/4Ji2OzXk/lcUMmFMMz1D/ROoEo3UQlHH/OBU9v+dusG57bLZw7/YmaeTOOU8FJYvD8XwIgeElER/U9tM/RFvdWzZ49u61m/vTfQHQIoK926iCCdQJctTEv/5jFc294LsWJgbRkSTS+aN7MMZv3EnjZuodCxRfgViByWO38mQutYzKlJjbzeXR3+isQQ9evelrk5Hv9MvVGIwWTqmrN3OmXiThDAfmgq8cTyMIWV4u68kSLrKDydOIXBYDICUVzGvOsM4jSRargAPoj645kqOd86U03yfJFAQCAiMiQEWN/KtDfA+hr3ZMDXhagOs97d25QNtUaPLgq0nvPT8oB/SWAQUj4TDl9E8DtKs7M2rnT309/YTCVl5e7re7ep2/+9/ZDhOBZfGTiM0AWOupPz/Whb8iIyn6Oo1OgOKEjX6fAv11xrlg4d9qydLVROJ16xgW7RDS/Er5WQLBzB7/8BRHnylzbHGxbCqY+/g3x8rv8ZkQmqPqDmiYOSNf+LUSmCibXF4lqKBY38xzsufzK4i9mgZwYnrdUNrziBAgugciPwd0MU0yWAvrHvofuWhuNRv3Er7dRXn5e7xa32/GOyBGq2F+AnXygRSCfCPCKJ87yXFll7oiTz6zola9yvHp6hCPYH5CeEOxg3UWZp8B6qKxTxSuug1Xf6LmxrquPmss2peUXfUtc/6cCnKqi/aDo+ZWXrFegUYB71ZN7amPTM/aMegqn8vKLerS63k8EKFWgEMChACJbeWmbAg8J5I58751/BuVN7KAonFz3GhTftO5IRBVXN00svsK6gygdCiYvnyAqwd8TRbC6cXzxQV/6UK4Nz+3KzhxzlHjOxQqMANDNuifE4gBqfNU/bt4llIiIvuK00efvrq15PX0/InG0rE/npomUG04+uaJb993aeqPV3Vld94s3ZzzN+y+fC75thdV1twM407ojEVG83DCxmLtuU1YqrK5vAjQMVwPf0Tih+KwtP5Czw3O7oWdfuDOa/XIFfgvgaOueEHkLkDtdJ/7nu++88b9I4ftwAAAV0UlEQVTWMURERESJFFUvP18hf7LuSIaqHNs0sX9O3wpD2aeo+smDFW7n9iLKMIFe0DCh5M9bfmxrl/vklEW3TPsUmx4JMee0UZXH+/DPBWToVi6xI2CDQmod6N9r5s98NNt30SUiIqLsoo4sRWBvLPsygV8OgMMzZRWFM8K6IVnqyNeeepHzK89bM/jss7v3bun5I6gMg6AsxwfpZgUeEZUFurHbotraa9LxPFMiIiKitJMqOAVu3RoAva1bEhL8p3F88cHWGUSpVFhd9xTCcbXvZwd/541dY8OGfWnfCA7PCQwZct4O7k7dT4XiZAV+AmAP66Z0U+BDETws0Pv8z3vcy4GZiIiIskVhdd1DAH5s3ZEMX53+Kyf2C8WuxESJFEytO1w8hGVT3ocbJxR/7VnUOX/ZdiKLF8/egE3P7oyJiJSNqihQDz+B4EQA/ZEdm421ArJCoA95Kg8WHrZLY5B3yyYiIiLqLBV9XFRCMTw7jv8rAByeKSs4cTlHJRwLtyr6+NY+zpXnLhh89tndd2npXeSrf5xCjhdgAIA+1l1JWAPIMhVdKqpPrO2+bsWSW25pto4iIiIiSrd+k5f199Wps+5I0voe+fG9n7jsOF4FSKF2ZNXz+d3c9W8B+g3rlmRs66oPrjx3weaB84nN/7sGAIaUV+4vrn+UqHMUHD0GiiMBfAtAd4PEZgCvAvqcijwF1afVc55ZHJv+hkELERERkbmG+ICGArfuAwC7W7ckYacNLZFhAG62DiHqim7OZ2WAhGJwBvDRKr9f49Y+weE5xTYPpm8AuG/Lj//srAv38uL+Qap6EAQHOcAeKrIbgN3gYzeI9gFkJwA7YPuXgrcA2ADoeqh8DMEHCvnYgf+xqrwHkdcBXe1GnNfvvn3au2n7ByUiIiIKIY3CL6jWRwQyyrolGSI4FxyeKexEzrFOSJZCH9bo1vfl52XbwSZVVVUCALwHmYiIiCg1CibVjxbRW607kiYY0Di+eLl1BlFnFE1ddqh6zvMAxLolGSoY3TS++PatfY4rz8Gm0WiU724QERERpVKk5QF4+T4AxzolKYqLAJRbZxB1hvrOpQjJ4AxAHYk8sq1PcuWZiIiIiHJOYXVdA4BC644kxX1PD1kZLVltHULUESVT6vZo87EaNvs/dUZT44TibX5fCMe7bUREREREKSRArXVDB0QcVyqtI4g6Ku7hdwjP4AwBarb3eQ7PRERERJRz4q7cZd3QQb8qmVK3h3UEUbKKrmns7QsusO7oCIX+c3uf5/BMRERERDln1RX9XwbwlHVHB+wY9+Qy6wiiZGlb24UC7Grd0QFPNU4oeWF7L+DwTEREREQ5ShdYF3SEil5w7ORl+1h3ECXSt2rVzoCMte7omMTfDzg8ExEREVFOEvjzrRs6qHtE3XHWEUSJOE7zpQB2tu7oCHH17oSv4W7bRERERJSriqrrVipwrHVH8qRFED+iYcLA16xLiLamoGrp3uJGXgKwk3VLBzzVOKE44fcBrjwTERERUc5SkXnWDR2j3RTutdYVRNsikchkhGtwhkKT+j7A4ZmIiIiIclae6K0A2qw7Oui0fn+o+5F1BNFXFU1ZXgDFaOuODorD825P5oUcnomIiIgoZy2/svh9APdZd3SU7+C68gULXOsOoi2pL9MRvhnz3qboce8k88Kw/YMREREREaWUOPI364ZOOOa1l/b/jXUEUbuCyXVnAfiudUfHyd+TfSWHZyIiIiLKad885L8PAvqGdUcnTOk/ecV+1hFExVPr+4jieuuOTni3l7fhwWRfzOGZiIiIiHJabNgwTyG3Wnd0Qq+4+n+xjiCKezoNwO7WHR0lir8viQ6KJ/t6Ds9ERERElPPU05sBeNYdHSXAyYWTlpdbd1Du2rx53VnWHZ3gO757S0e+gMMzEREREeW8ldGS1QBqrTs6RWRWyZS6PawzKPcUXdPY23cxx7qjU1Rr66NF/+nIl3B4JiIiIiIC4Iv/R+uGTtq9TXGrAGIdQrlF27yboDjQuqMzfEc7fI82h2ciIiIiIgArxw94EsAy645OUZxYMKn+t9YZlDsKqutOB/QM647O0RWb/3vvEA7PRERERESbKXCDdUOniV577KQVR1hnUPYrmPzkAQL81bqjs0Sc6zrzdRyeiYiIiIg2+9Z33lgEyGvWHZ3UwxX/7pKqul7WIZS9iuY05kHdOwHsbN3SKYLVPeMbFnXmSzk8ExERERFtFhs2zBPxZ1p3dMF34i7+zvufKV30g/gsAY6z7ugsgU7ryOOptsThmYiIiIhoCz3jzXMAvG3d0VkKnF5QXX+JdQdln8JJdWcCOM+6owveRTzvb539Yg7PRERERERbWBId1KzQa6w7ukanFFQvP8G6grJH4aS6QkhIH0u1mUKnNkQLN3T26zk8ExERERF9xbren8wR4C3rji6ICOTuwil1R1uHUPgdO3nZPiKoAdDDuqUL3um+o3Z61Rng8ExERERE9DWvjDmpBYqp1h1d1As+7j928rJ9rEMovI6/dmlPV537FdjXuqUrBFr95IUDNnblGByeiYiIiIi2Zo/IXwV43Tqji/Zx1ak95vqnd7QOofAZXPVYZGNr5J8AQn4Fg76xtvcnN3f1KByeiYiIiIi2ouHXhW1QnWLdkQKFkZaNdx8y64Fu1iEUHlIF5zO3xy0Afmzd0lWimPTKmJNaunocDs9ERERERNvwzUPfvAXA09YdXaY4sfenu941uOqxiHUKBZ8A0tetvxHAmdYtXSXAcz395n+k4lgcnomIiIiItiE2bJgnPiqtO1JBBaXr3B7zyhcscK1bKNgKq+unCvR8645UEB8Xdva5zl/F4ZmIiIiIaDsaripeIopa645UUOD0117efw4HaNqWgkl1VQodZ92RCqKoXXFV8f+l6ngcnomIiIiIEhHvYkC6fM9kICh++dpL+99ZNKcxzzqFgkMAKZxUd50IrrJuSZFWT3BpKg/I4ZmIiIiIKIGGCQNfU+iN1h0pNFw/aFs4uOqx7tYhZE8AKaiumwbBJdYtKTRj5YTiV1J5QA7PRERERERJUK9bNYD3rDtSR05dG+mx+Phrl/a0LiE7RXMa8wqr6/4BYKx1Swq9K3mRyak+KIdnIiIiIqIkrIwe+ylUs2nAgCh+tLE1srT/5BX7WbdQ5h1Z9dhO/gfxGgVGW7ekkgIVDeMK16b6uKKqqT4mEREREVHWKppUV6OCUuuOFHtHHP1pw5UlTdYhlBkFVUv3FjfvXkD7WrekkgL3N00oPiUdx+bKMxERERFRBziOMwbAOuuOFNtbfVnSr7ruZOsQSr+iKcsLxI3UZ9vgDGBdRJzfpOvgHJ6JiIiIiDqgfny/NxU63rojDXr5wL1F1fVXSxXnhGxVOKnuTPXlcQD7WLeknMqV9eP7vZmuw/OybSIiIiKiDpIqOAVu3VIAJdYtaaG4ry2v7aynLz/+E+sUSo0jq57Pz3fXTxfo+dYtaVLX5BUP1Cj8dJ2A7ygREREREXWQRuE7cH8BYINtSZoITsmL56/oO2lFP+sU6rq+VcsP7Oau+3cWD84bxPV/kc7BGeDwTERERETUKSsmFL2kKhdbd6SPHuyI/2Rh9fLfly9Y4FrXUOcUVNed7rjShGy9SgKAqlzccMWAF9N9Hl62TURERETUBYXVdbUAhlh3pNky13PPrI8W/cc6hJJz/LVLe25si1wPxa+tW9JLHmya0P9kBdI+2HLlmYiIiIioC+Ked64C71t3pNkAz/UaC6uXnyuAWMfQ9hVV1/14Y1vk6WwfnBV4P+7Ff56JwRngyjMRERERUZcV/qH+RDj6AHJjsHwC0F83Tih5wTqEvqxv1aqdnUjLNVCci+z/s6iADGmc0P/eTJ2QwzMRERERUQoUVtdNBzDWuiNDmgGt/qz3J9e/MuakFuuYXCeAFExePgoqNwDY3bonQ2Y0TiiuzOQJedk2EREREVEKyO6RSwE8bt2RId0Bqe61dtdXCibVj7aOyWVFU5YXFFTX/RsqdyB3BuflLV7PyzJ9Uq48ExERERGlSEHV0r3FjTQC2NO6JaMES9SXC5sm9n/KOiVX9K9asacX8SdD8Qvk0KKoAu/Dixc0RY97J9Pn5vBMRERERJRCfScvG+io8xiAPOuWDPMB3C2uf1UmHhuUqwZWLdu1xZUKQC4E0Mu6J8Piqv4JTRMH/Nvi5ByeiYiIiIhSrKi67mIFrrfuMOIDuNtzZcKqK/q/bB2TLY6semynfLf7bwVyOYCdrXssCHBJw4TiP5qdn8MzEREREVFqCSAF1XXzAAy3bjEUF2CBKv7YOLG40TomrIqmNO7le/EKEfwGOTo0byKxpgn9R2TqsVRbLeDwTERERESUeoOrHuv+mbvDvwAdaN1iTYGljsiMb377vwtjw4Z51j1h0Le67hBR/E4E5wLoYd1jrEG8yPcbooUbLCM4PBMRERERpUlRVeNuGokvg+Jb1i1BIMBbgNzpS/zPTeMH/te6J2gOmfVAt96f9Rmiqr8G8ENk/7OaExOszhOULL+y+H3zFA7PRERERETpUzR12aHqOU8C2MW6JUDiUHnAd/Tv63uteTDXnxXdb9Kyvh6cX0BwpgC7WvcEyCeAHtc4oeQF6xCAwzMRERERUdoVTF7xPVF9GNBu1i0BtBbAYoguaIn3eujZ6OGt1kGZcOykFUe44g2DynAIDrXuCaA2hZ7cNKHkEeuQdhyeiYiIiIgyoGBy3VmiuBW8FHd7PlHoAxB50It7Dz0VHfiBdVCqHFn1fH53WXecOjgJilMgONy6KcBUVX7RNLH/bdYhW+LwTERERESUIQXVy8cIZKZ1R0j4AFZC9SFVPOF0y3uyYVzhWuuoZJUvWOC+9sr+R8DHdwGcgE33MPc0zgoFER3bML4kcP+dcHgmIiIiIsqgwsn1V0J1snVHCPkAnhPRpeqjTlw83bOt+fkl0UHN1mEA0H/yiv1U/aMUKFTIwM27rPey7gobFZ3YNL6k2rpjazg8ExERERFlWFF1/dUKHWfdkQXiULwKwTMKvCjA6+JjdZsjq3f1Nry5JDoonsqTFV3T2Nvz/INcXw9U4CBADwbkSECPBjeES4XrGicUX2YdsS0cnomIiIiIDBROrrsJigusO7JYHMBHAnyswMcA1gj0Y4WsF0gzAPjwP2l/sQPJB2THTR9HL4HupEAfAfoAshugu4OXXafT7KYJxecrENgBNWIdQERERESUi5rixWMK3eXdFHKOdUuWigDYU4E92z+gm/dq083zmWyxd5tu8f/tH/3qZylNBP9oihdfEOTBGeDKMxERERGRGQGkYFLdDRBUWrcQGZnd5BVfoFH41iGJcHgmIiIiIjJWMKmuSgRXWXcQZZTojU3jSyqCvuLczrEOICIiIiLKdU0Ti6MKvdy6gyhTBHJN4/iSMWEZnAGuPBMRERERBUbR5LpLVHEttrzdlii7KEQubxzf/1rrkI7i8ExEREREFCAFk+pHi+hfAeRbtxClWByK3zZOLJ5jHdIZHJ6JiIiIiAKmsLr+B4DeDWBn6xaiFFmnvg5vuqrkAeuQzuLwTEREREQUQMdOWnGEK/59AA6wbiHqond8xzll5ZX9VlmHdAU3DCMiIiIiCqBVE/s953pOCYBG6xaiLnjGFack7IMzwOGZiIiIiCiw6qP93mvxNg4S4J/WLUSdsLBHfvy4+vH93rQOSQVetk1EREREFHACSGF1XYUC1wHIs+4hSsADtLrJK/mDRuFbx6QKh2ciIiIiopAomLTs+xDnLgH2sG4h2oaPBRjVMKH4YeuQVOPwTEREREQUIsdU1e3rurhbgP7WLURbEmBVG+S0pyb0f926JR14zzMRERERUYg8FS1+q7e38fsi+hfrFqIvCObk7+gPzNbBGeDKMxERERFRaBX+of5EOPoPAHtat1DO+lQV5zdNLJ5vHZJuHJ6JiIiIiEKsZErdHq0+bhbgZOsWyjmPeuKPXjV+wNvWIZnA4ZmIiIiIKOT+txu3XANoN+seynpxQCdn227aiXB4JiIiIiLKEoVT6o6Gj78DKLJuoazV5DvOOSuv7LfKOiTTODwTEREREWURqYJT4NT9CoI/AtjJuoeyxkZAr5Xd8yY3/LqwzTrGAodnIiIiIqIsdEx1/UGu6GxR/Mi6hULvcQfuuSsmFL1kHWKJwzMRERERUZYSQAqq634B4DoAfYxzKHw+Vsi4lRP636xAzg+OHJ6JiIiIiLLc0Vc/sUt+PH+cQi8EkG/dQ4EXh+BmdVonNF3x3Q+tY4KCwzMRERERUY7oV93wHQ/eDXysFW2TYAkElY1XFj9tnRI0HJ6JiIiIiHJMQfXyE0RlBgSHW7dQYLypKhOaJva/zTokqDg8ExERERHloKI5jXn6fvxsCK4CsI91D1mRDxX+H3t7zTOWRAc1W9cEGYdnIiIiIqIcdmTV8/ndnHW/gOD3APay7qGM+Vih1zle3qyGaOEG65gw4PBMREREREQ45vqnd8xr3vgrBa4EsLt1D6XNOoH8CXnu1IZxhWutY8KEwzMREREREX2hpKquV9zFuQqMBbCfdQ+lhgBvKWRmnqezl0eLP7PuCSMOz0RERERE9DVSBacgsvwUVZkgQH/rHuq0Z6C4sZe/8Tbe09w1HJ6JiIiIiGi7CqqXnyAil0DxYwBi3UMJKYB/wZfrm67q/7Bu+j11EYdnIiIiIiJKyjFVdfu6rp4hwAWA7G/dQ1/zCQQLHHFnrbiy6FnrmGzD4ZmIiIiIiDqkfMEC99WX9hsskF8DGAogYt2Uw3wAj4rInOb4TrXPRg9vtQ7KVhyeiYiIiIio04qqGveHGz9DgeEAjrHuySHPAHqX7+HOldGS1dYxuYDDMxERERERpUTfquUHuq6UKjAaQIF1T7YR4HVAYr6rtzVdUfy8dU+u4fBMREREREQp129Kw5G+Hz8dwMmAFAJwrJtCyAfQpMADULm7aWL/p6yDchmHZyIiIiIiSqviqfV9PB8/UOgJUJwKYG/rpgD7GMCjUDziOf59q8YPeNs6iDbh8ExERERERBkjVXCKIsuKfLiDoHocgIEAdrPusqLAGoE+KSJLFXjs4G+/sSI2bJhn3UVfx+GZiIiIiIjMCCAF1csPVTgDRfR4KAYAOATZeZm3D+A1AZapYqlG8MTKK4pf4HOYw4HDMxERERERBcqRVc/nR5zPD3GghY7gcIV/hEL6CbCHdVsHrFXgWRE8J4rnIWhsjm9c9Wx00HrrMOocDs9ERERERBQKJVPq9mhTHKSQgxzVAxU4SAUHCnAQFPsC6J65GmkB8BbEX61wXhf1V4s6r3uOtzovHvlPfbTfe5lroUzg8ExERERERFnhmOuf3jHv87Y+4rT2UXG+4Yv0gfq7AdhBFL1EHNeHRkTQEwCgsiOg+QptE5H1ACC+rIegzYf6gK4FsMFR52NVfAzRj9TxPmqNt37MFeTc8/8BldUFXwoEvkIAAAAASUVORK5CYII=","sponsors":null}` | GitOps configuration for portal | | gitops.createdby | string | `"iVBORw0KGgoAAAANSUhEUgAAAfQAAACxCAYAAAAyNE/hAAAAAXNSR0IArs4c6QAAQABJREFUeAHtnQe8FcX1xwVFsHfsBcUudrErKvau2ILGHnuP0fw1xlhi7LG3REXsjSjYC1gRe0ssqFQVFHtB+v/7e9x9zJ03u3f3lvduOefz+b2dOXPmzMxv9+6Zmd17X7uZSpRp06YthYsNSnRj1RuTgQHt2rX7NW7oXFu6rpaMKy+gfwHfYwrYWLExYAwYA3XDwCxlGMmm+Li9DH7MReMx0IUhD08Y9smU7ZVQnlS0A4WPJRlUYxmTmJnpV3ewfe64MMfOYCEwGXwHvgSvg1fBI0xcxnI0MQYyM8D1tjKVTgQ6rgjmA7rGPgBXcG3142hSIwyUI6DXyFCtm8ZA9TLAjXVxencG2BfophqSDihnA4uBdcARYAp1B3L8JzffRziaGAMFGeCaaYeRrrczQUevgiaQwhBgAd0jp5qz7au5c9Y3Y6DeGeDGugC4lHF+Ao4CccE8jgqt6HuCAfh5GWiVZWIMFGJgPwzOBX4wL1TPyquYAVuhV/HJsa7VNwME37UY4X+A3kMph2yIkzfxewqr9evL4bDWfcDF6YxheWccz8HNbU6+4ZJw0olBX9BwA2+AAVtAb4CTbEOsPga4qWpr/WagLfRCMhGDr4C23OfPHTkEZXa01+F/K44HELx+C1o1jnInhrqxM9wppBs6oDN+7eiEJpH/y3Gj621d8DkwqSEG2jqgaxWhD5c+ZCb1zcDUwPC+COhclVZXF7qKDOmhGWxb1ZRgexAN3pLQqF5Kuh/ombje1v82sqWunn2uAvQyql4Y7AHaA196oZgf+x2oP8EvtHxDM7BsYPR6wXIzu1YCzDSSihtGb1CsbN1IXNlYjQE+KJuBCTEfmPHo/wHmTcsUtsuDu0CcHJfWVz3aQcqLHjE31uM4s4wJPv7pcaLsHll8mG11MhCa2bdmT/U1HBNjoCEY4Kapr+k9CGYNDHgUug1ZIZ0Ovg+UB1XYDgV6welA8ItnpDeUr/N0ljUGFg1QoJcyTWqcgbYO6DVOn3XfGMjEwGVYLxCo8Q669QjMbwfKUqmoexuGeiku+jEdvWy3D/pGnzTrBTCTfAZC9/3QI7H8WparegZCJ7bqO20dNAZqjQFW53oxa7dAv8ei25nAq2NJgo/3cKDHWHeAvclPKslhjVeG8w4MYdkaH4Z13xhIzUBbvxSXuqNmaAzUOAOhl/umMaZeBF5tt5dF8PU+jvYvxRmBUBN9BcJFgL4Xr5fyNOH4FP/qc9mFNvWyn34wR+3OBfRWvx4n/MAxs+T8nUNF9b/sgn/dO5cD+iW/ecA4MIb+DuNYEcmdlyVwLo70bYfnaU/tVo3QxznpzDJA14440o7RSPrZ/GIn+bIL7eociJclwTjae7nsjTSCQ4gs5aW4LRqBIxtjYzPAZ6QLCMm91cQMHdwY3Aq+DnUW3VegL9ggS7+xvxO856Ep0KJbEVwOxgBfJqF4HuwNFPATBZvzgdp5H/wAQvItSr8vhyY6dgqpuy24G3wPQjIa5U2gm1OtYBL7p4Dbr7eiSujXAtcD9d2VzSKbpCMV9G0H13eIm489G9mflOQ3KsNuFnAIeAKEXvicin4wOBVospZasP8dcPuu9AFywHF2cDx4FbjSP3UDZpjPACz2dpnMmLaAnk+n5eqQAT4Tx8V8LlaohuHSt6VAv5g+xqkfokCrsIKC3ZCAk8XR6Y3+iYGykEpvq+vnSGOF8j6hiil0p8U6zRXgY2XwTApfkYl+kvc2oJVjQcFuZFQxd5zEcQ6g3xSQr5CkDeidQ5VT6EK7Snljwcf24MMUviKTsST+kOckIYNt6LNzIvodwAgQkoYN6O0TuLQiY8AYKA8DOwXcvMW24McBfauquBvqRTp9Bzn0fD+pL7tQ+Br110kySijTd+wVSPWcO43oHQRNDLQt36pCm9vT4CtgywwN696qlaT6vHyGepGp6g8GR4KqvE8zrjPom85jlp8b1qTsBupqp6fYn509CB8DwFLAxGGgKi8Up3+WNAbqgYG1AoPQjbBNhRuqfpxmINBz4JBMQDkcxL1cp+e5T+OnmJ2GNaibVZahgra7W+3dH9ranTYVPOYGIfkV5XAwJVSITsFuIH5S7WY4PnRvzrRt79SteJLxXEMj54GCj0JiOqP3PB7Dz6wx5UlqXTvFtpvkt+bLWu2DUfNM2QCMgSIY4IY1M9UWCFR9N6BrNRX96kJjDwJ/laQgfim4BQxjF0HbvbpPdAVaLR4D3PvGvOQfxmYdbH8hXYzcQyVNcMTJz0A37J3BQcAXTUK08lX/fHkUhV7ei0QTjv2iTO6oNp7wdEO8fFOWMa1Joi/wFz4/oTsfqN8jGDemTYFJwftkcCBwA87i5PVIYxPxSTqrTKPCzeBp8B74EWhsH4E0oknHxY7hrqT9SZj49F+we86p05xkHCeSObpZMSOha0f97Ae0+zQZLA12BLp25geubEHmBnCwq8yY/hD764DOq9pUG/rMmRTDACfXnqEXQ5zVaQgG+HwsAkKS6vlnpUiiQ6HnwXoxatmkNilfBXwOfDkzrh6G2nYOiV7y2jOhnp6Tfheo+EFcHVdPvU0DdW90beLS1GsP9HKdL3oBa9G4etJTvgEIvTR3aFw97P1n6KiaRFxvFVevGD3+7pvuOu/vaml8UWNtMDmv5vTMGxy6xPmgTC/mxb2n8fuEeqFn6NNbnDbtahKzxdU1fREMQKgF9CJ4syqNwQCfDwXAkLTZdiqd2S7QIQVXf9UWPEnYrQ9+83wogM0VqoA+LqDvH7J3ddQ9EISk4HNpKpUS0A8JNKqgm2rrHLsdgXY3XFH94OoRfVxA7+nyUY40bZUS0EMTwVfwOUehvmHTHtwBfBmFIhiY0ccF9CcKtdeI5f5WUiNyYGM2BirJQNz3b5u+tlXJhhN8Hx8oO5XtYG1ZFhTstEV9pWc4D/ltPF1SVj7uSDJQGW314fBiwE5b75WU4wLOj6I/YwL6Firs9AjhTq9gSfLre7qk7EP4eTrJoDXLCK4b0t6WXps/kN+TfhZ83ILNVGwPA9omd2UJMnpMkVYmY3hSWuNGsrOA3khn28baFgx8TaO6kfkS9yKab1fWPDdlraT8m/L36O7K2FDIftsMPm7nBq9nw2lkYMBIwbEiAkfyrefnrgwn85irSJEulaO+KdpoTZPdAo1dznn8PKAPqrAdT8FfAoV6+TCtvIGf/6U1biQ79+WWRhq3jdUYaBUGuPFo21UvG3X2GtSLX/d5utbIrkcjHb2GFNAvpZ+eumBWb793cKwKboM7tkOddKGkXgTzZQFfUcb8JgFferHsmowcudxELivFUeS/ksfQhK2YScdDdFIvP87pdLYH3M7K52Wio4tLZrl24nzUpd4Cel2eVhtUlTHwFv3xb4Y7ojuzDfoZeqFrGfqht5BLFX/SkuTvk6RCryz02KKTZ1PObIijVWhAKFUqxVGp/UpTf2nPSD91+5mnK5iljn405zUM9ZZ7JLOSEO8jIkXC0QJ6DDm25R5DjKmNgTIy0D/ga01uaisG9JVWVXJlG3zhK2ZAevZarbJgBTuWlqPJBD7tClSFcK1qV2derzOp3ifw6kTZUN20j6F+jJzYMZ+Bmlmhc0E9Stf9VU7+aBo3twEffs14mwW+9F3QuZsV0xOPYHeZq8PucPL7ujqlsdvK1WGn2fPtrq7ItF708V+oKtJVzVTTD5NcHejteej2CugrqapkIP28kh1vRd96BFEpqVWO9HhlCnAnJAryxUqo7oRinVm96QzUTECnu9pNsB2F8JXbLqDeDJ1+ZMGV0PZYVwz8l6TcOlF69pR2kX3c0X/DNc6ubvRMYPSb088zIJ0TV3qh35TyF1xlqWl8zo7PuNXd2IB/9e2VgD6r6p2sFarUPsSRXogLPcvPOoQXs1aoBnuuJ/2Dla/pi/u1vcXRzUyZAn1WWSpQIbRqD5iZKo6BWgrocWMwvTFQCwycRicHBzqq7wSvx01xVKAsswpfmqA9yfFQfIbeDn+Xcr395k4CJ2Cr/plMZyA0MfnaOJrpA+hxA7p2ALuD0HU9ncnAX65NLTTW9oq+Ia8Jg0kJDNiKtwTyrKoxkJYBgoFWwA8E7BdG15+bnI4lCT664eA50AUMIL+F75B+aBX0hqffElv3Ru0VN1YWjt5mxP7W+G5wNFtjMdFitA+30Mw00wkBXSHVMRj4sWcAvE8tVNHKkxnwSU22tlJjwBgohYFTqBxahegrbPpJUR2LEuoeRkX9WMtiOQd6RBIM6ujvytlEBz0X1b8edZ+PRmXBI7b6AfPbwE5Bg+pQhr6Hl/ae53Ok1Wiqn42Nhg43+j/h/wEbRboaP2pCqmfpruh/1af+QSFsV6Tyqa6DXNrnO2BiqkIMNMKWu54l3leIiBov1/ecfdEqYx5POcLLKzsa+Cu2gNlMemEljV2orqsb6WYaKc0KRM/Sd2PMz4KO3tj1THEw5VdwvBDbVC9mYb+y7MHOwBcF9UOAv/V+LbqTwBIgEt2U/4m/42k7FAgjO/1WeScyN4H9wT7k9UthevGv2uTLQIeWD+hCKnH6B+C+WLo/Y/2QsZ4fquDqsNNnT0Fqe6AdkO2o97JrU2tp+q+faNW1c4LT93ak9R/wtqH8dUffIomNrreHwFxe4SDqPuHpLNsWDHCSWuW33GnncVCMlOXZZFtwa23WJwNcxAoMeskoTvS76vqf0bsAPW9sFvJaGa8M/gD0u9pJfvQsfbbmyk4CvQJxSF5GuZZj2pxErxXnnuAz4MoEMrErdcpCv+We+qth1N/KbSyXLrhaxq4D8P+RiPjq2TyohAR2J4KQ6F4UnBig7wgOAl8CV34kE7tSp2yka0zaXwkn9DRbEb5L+S33Bagf+uc8v6A/GgR3edDvGlNP/xNgzbgRUBb6LfcT4+wbXd8IK/RGP8c2/ipjgNXI7dyoxtOtPmCOQPfmQ6fVoaAVsXZHtFXfASjA61hIbsXgCNqaGDJEfw9+16Xsj175huRfo0yryfeBXoSaE3QB2gUIPWufFb0C+gBQNcIY9QMmmtAv43RKK8pH0d/C8V0gPrtj22KHA512LNahXDsRrmxL5n3KXtIRfAR0zrqCXXJpDnmiVakmEuK1ZgVOvmHcuzKA54E7WdRu0DXgz5Q/zHEo0KRkGbADWAWERC9vvh0qMF0bMMDJsxV6G/BuTdY+A3x2ugF/tYuqJNFK8IA07GDXHujZeamin0SNfTZNWZus0MUBbZ+RYnCaXAWFup3AIyl8JJloV+CvwQZySsprYoUejYH+7gy0Ki9WxIneKUkUbGyFnshQfmHshzDfzHLGgDFQbgZYmeh7zWuDfwC961GqDMLB2vjtm8YRdlPBgdjqn2UkPjeP8fcd+n3wcYx8xdi0tfoyOjC62E4wrt+oq1X3lUX6+IJ62+Lnb0XWr8pqjKc/HdsUfF5EB3+hjt67uLSIulYlgQEL6AnkWJExUGkGuKl9D/5MO8uCK8BXGdtUwLkfbIEf4ZOM9fWrgOdRZz0wKGVdPQLQM+zVqHtvyjptYkb/tPrWFrEmT0UJPqYAvQi2BXgjpZOfsdNkoht1n0pZp6bMGNebdHhVoAmprsNCoknjbWBl6vYrZGzl2RmYJXsVq2EMGAPlZoAb3Fh86iWskziuA7YD3cHCoDNYCOiZ5LdAq6LXwGDwJHV/5FiS4EOBagvaV9sKgApeiwO1r5u1+vc60Bv6/bD/gWNa+TeGT3rGWXYkhlFXkw5X1JdUQl/fzI3rGCpsAlYEmkBpXF8CPQsvKPgZhB9NfPRym1btm4HFgM7NL0C+XgVPg4exzzJGTebmBZFMiRIVOGoC+KHnN+tEsql67jrQc3NNXsTJTmAFsAjoAMaA4eAxoJ99/oxjFhGf/rkfksWB2WZggBNpz9Az8GWmxoAxYAwYA8ZAJRiwLfdKsGo+jQFjwBgwBoyBVmbAAnorE27NGQPGgDFgDBgDlWDAAnolWDWfxoAxYAwYA8ZAKzNgAb2VCbfmjAFjwBgwBoyBSjBgAb0SrJpPY8AYMAaMAWOglRmwgN7KhFtzxoAxYAwYA8ZAJRiwgF4JVs2nMWAMGAPGgDHQygxYQG9lwq05Y8AYMAaMAWOgEgxYQK8Eq+bTGDAGjAFjwBhoZQYsoLcy4dacMWAMGAPGgDFQCQYsoFeCVfNpDBgDxoAxYAy0MgPt+C12/debUv5Ji/6Bw1pF9vsV6o1LWXd97PRPELKK/gGD/lmCiTEgBr7iH0QcalQYA8aAMVBvDCig618hzlpvA7PxGAMxDAwnoHeJKTO1MWAMGAM1y4BtudfsqbOOGwPGgDFgDBgDMxiwgD6DC0sZA8aAMWAMGAM1y4AF9Jo9ddZxY8AYMAaMAWNgBgN6Ge5rUMoz9E7Un2uGy0ypH7CemLLGvNh1SGnrmk0l842rsHTVMzAHPZy96ntpHTQGjAFjoJ4Y4KW63qBY2SItFzTweJGNjErbhtlVBwOc53OLPNdpqg2rjlFaL4wBY8AYKC8DpXxdrbw9MW/GQB0zwExDOw6tsevwPW/xT65jKqt2aJzj+emc+xhzKufi26rtsHWsJhjgutI1pWvLlYlcWz+6CqUtoPuMWN4YqAwDf8Ht6ZVxned1E3Iv5Wks01oMfEpDejQYyVgSi0SZejkSYHoxlnWBdrv6EFj0Wx8mlWNgMVz7O836bZWt/SYtoPuMWN4YMAaMAWMgyADB/FYKDnQK/4BuQ4J62nehnKqWLDcDFtDLzaj5MwaMAWOgChkg8OqXNhdwujaBQJz6nRLqr0RdN5jL1dpgb3C7MiZty4D7vKdte2KtGwPGgDFgDFSSgT/i/AMH/TM2tkSM/ZIxelO3MgO2Qm9lwq25hmVgNCN/LcXo58Oma8DudXTTAnpf9ZOvsLwxUCYG3sHPeDCb52+wl7dsGzFgAb2NiLdmG4sBtjavYcRCorCtuTsGDwaMNsLHpIDeVMZAqzDA9fc116f+sdFNQL8Vod/4uAD9II4mVcCABfQqOAnWBWPAGDAGaoEBgvddBPVH6auep48gP6YW+t0ofbSA3ihn2sZpDBgDjc5AWd6ZIojrFz6HNDqZ1Tj+spzgahyY9ckYMAaMAWMgj4GF83KWqTsGLKDX3Sm1ARkDxoAxkM8A2+T6lcJt8rWWqzcGbMu93s6ojafhGeDmvRskzO0R0Zet0qa35CnvQtm+YA2wLFgQHET58xxjhXqLUrgTWBksB1RXPzOrf/Ckt/CfwsdAjqkFn/q1K/l1pR9+mt7Wp1y/tKa+6pfJ1J5+iU3tfQQeB49gO4FjUYL/1ai4F9gQqK12YCQYAfSLew9HfSFdUaEvM9PAlmAD0DUH/eSn/rnUMCBu1Z9xHBMFXytgID8Sff/898Bfoc+LnfSujMb/s67CTWO/K3n31/BUrGtLL8ilFvwsjfEuYDOg869r8DugZ/Lazn8In/qKXWrBZw+Ml/Iq9MeP/M5EeWcO+4DuQNeSvlEiLoeC6Fr6lXTRQhvyuTNYFegc6nOia0rtvAP0C29P0KcpHKtPGID9c5bqOy013SOuqYb95yyMfXcQkg5pTyqVPww46IBuefBIoEyq7eL8U7YcuA9MAYXkHQy2jfPl67F9MuBQ7S0KbgeTA+WuaiSZ3/l+C+WpsxB4wHUUk/4e/UmgfQqf33k+Ur0wJt/gePCFVz+U/QXlpSDx/wJQfkSocgrdw0njpP4HAR+p/1sndVcCDwd8hFQvoowmJUndairDtl/AyeroOoObwaRAuav6nMzBBRsKGFBvEfAvMBEUkk8w2C/gJqjCdomAw6dCxgUv0lAl0xkDxkDNMaAb1btghyw950ayP/ZvgV4gzf1ideweo965HIuVHan4P9AbaNWaJPpRkzto7zKglVBBwU6r17fBHgWNZ5ppHmwuAwOpp1VkWQWfi+PwGXAF0Eq1kCiQnwxepa5WmTUj9Pd0Ovse0Ao2jWyM0WDqXQUKXQdx/npS8F+g67/QjrR+M12B/7os7WGrybBW34eCNBPv5bC7k3qaABQ7Lly0lDQf0Ja1TGMMGAO1xsANdLhTlk5zs7kY+75griz1sFVgPZP6Z2WsF5kruPnbulFZ3PEkCs6MK4z09EmPIp4EunlnEW0Na1JTNqEva+DsddCjCKfa0n0KH9pGrmqhj7OAW+nkBaBQUA2N5ViUj+Kj0HU4LVD5UnRZJ2JHUuf8gK8WKvp0AspHQTHnQRMAfS7LJsWQW7bGzZExYAy0CQMTaVUrYK3YvwdLgG9As3Cj2prMH5sV+YmRZPXrYF8C3cgUmBRgfPkbfp7heeFLfkGG/GRsPwJa2X0HtAOwFghtOZ9Ne3o++SrlcaKgr+e3vmgV9zL4FawGegB39XQ2fq9HV065FWeLBBxOQvcc+AzoXK0ENgRzAFeWJaOAsLurdNJ+gAvtYPg2ft5xV3RSE7QDY2p/il7Xx9dgPrAe6AZ82QaFvgO/C+dhql+Yy4fG55rqufXHQNeS2ouupTlJ+/In2nqMtnQegkK5zsvlINSu/D8PRgNNTnVNrQN8ORQ/T9PO3X5Bm+TpjD1DbxPm67dRril7hg4JnnRIe8apF3qGHrnTqk4BvKBgd15UKXfU8/GtQYsbGLpeYCzw5cWkhjAOPUOPfLxBQi/g5Qm6hUH/yMg7Ppxn7GWwHePZK6ubd96YyOu55S1A8lfPTTCLXaZn6NjrefKXIJLfSGgStIDfALrFwIMgJAr2iUKlmQMV30+sFCjER6Zn6NjHPct/n7KtAk3o5bW1gZ6fh+TCUB3pMI7jR37eBQrgeYJuAXA/CIkehSQKlTS+qU7lz0jvCVosltFtCT4FvgxH0T6uIcp0LfryVJx9SXpasYBeEoNW2WeAa8oCuv/xnTatHAH9RtzmBS6fez/vnAutjlrcpFx7yjcDk4EvS7p2bhrDuIA+gLLEMVOu552+6Obqv83d1CR63bx9Ger2x09jXDBYRnWwzRTQVY86UVD/hvTaka/QkXIF5ReAL1oBJwoVWj2g06b41kuFvmj73N9tyOs/5dqm/7dfkbyurxaTPFVGH3opTi6eAR3zGvAylF8lw4B08UxbZKkTBfVnSRcal863Xmz0ZaMWjnMKDFMH9NhZQZxz0xsDxkBNMqAt9dPY2su0pYr9X6inZ32/J63t71ihXFuMDwUMYm9WAVupJoDj8aet5yTRy2Ha9ndFE5bNXYWTDvlLnDTQBz1aqJjg/0Oc9wB7kn4zqSHKtWV8asBm44CuGlRn0Il5vI7oZcRejOUXT5+XpVzX2uHgybyC6Y9BLvB0UTZ0bcvPcfjTNZUkemFvRMCgR0CXp8L3DSh6g91TjEvn+6Y8B9MzZTmHiTPuQKOmchhg5rQu2UccVZTUze+JKKMjtnqut7SrS0gvQ/3xUTl1teLQ885al38yrrgPY62Prdr7fync6xl0ZqHezRkqaRt3D89+US9fKHsrber5caJgo9VfH4x0M3ZlDTL3ugqlsf8R+29Jzu+ULY1O27hnUV7opu9UK1+Sdj/Cm5BGPsBIz5DdxVhWftO0U5INnKp/+wecHM549Z5CQcFOuy2HYTgUdHQq7IR+fsp1Ll3RZM6Xu7HT+yKJgo1Wzf/C6FzPcE0vH8xS/65gQVipZ/i+LOIrislbQC+GtRl19P1LvRTki3vxRWULkgjZRuXu0b8w9eFIW9f1U23pxO2oautsnfXnrXKOh5vf3PjTiz4u9DKTrnNfZvMVBfJZ+hq6OYb6EDWpl4+OjjK54584HsCYLud4OzfnL73yVs/SF33muwKXX6WXB24wJ9vi35lK19ayIR1YyOvEILh93dMlZrEfBReanB3gGOplxR1BX0enZGiFXuq11OJ9Bq/N2Cz9np3CVYF/DhcLVJJtyWIBvWQKzYExUBMMaJVTtHBzUnDZDWwBdINaClRKsvT100An5gnoItVFJPYF7ipdZVrlquxCxvoqx36gDwFlDMeKS+7mrze5dwJrgVVAJ1Crskag448FdGlUj2PkBnTV0crZD+jS+1LJaymvLc7hEih2BT2BJrfLAn9xhqpyYgG9ctyaZ2OgmhgYXUxnuEmtT70bwerF1C+yzqgM9fRc2ZfYmygBegRj0sTkfhDa9VJdjVk4F9sHOOpR0RCOZRf8K2hfAg4BWXcyyt6fMjoMPQYITb7SNBmql3aLumLXUtRxzuGKpP8NNo50bXX0t27aqh/WrjFgDFSWAT13zSTcqE6hwgsgbTDXi05fZGokbJy5r2E3YS3BWWPSLoNW5OPCVk1avTCn1fxguEj9S3QJ/vKK8LkCCu0GHAPSBHNtKQ8HoUkM6qqSOQO9+TmgS6MK1Qv5D/mq6LXEOexNo2+AtMF8ArZZJhmhMcXqbIUeS02qgq+w6hOwHBnQaabvP1MKmDWp9GamKxPJ6CbUGqKVid4NMGlgBrhR7cLwL4mh4Bv0HwSg6/44UPBrVNi0qRDUv6YDpzHOszjuDX4HtgSha1+r9pPAj+BsULLQriYLDwI9Y/VlEopPgM/xh+jGg1/BzKCaRfdGX9Le/9LUC/n361U0zzlchwZ0/w+dC10r/vlT/jOgz5Ye6ZRdLKCXQCk3BX3oDkrjAttT09iFbKirG+hmobJy67hIR+FTz4JMGpQBrgGtfq4ODP8edOdzPYZeRGsyp+5ygXpVq2IsWjH1Fej73Bx3AieA7sCXP2NzPXXK8Vz9jzj3g7n8ngz0n8YUtFsI7euzWQvP1kOPeNaj77e3GFRhher58rmvaM0852Fm2tOjKB1deYbMGeBVzmHoJT1946mrW6GcadtyLyeb5ssYqA8GtmcYS3pDuY8b1L4gNpjn7PUWdk0KY/sR3AnWZwA9gb8K1OpdW/DlkCM8J5pY9KDtu0AwmOfsa4Xfgd74lNV/EtTORFbZO1BBgbMtZV0aX9vrwMvkt+H8DQHBYJ6zr9g5tIDunRHLGgPGQNPzZZ+G63yFn+dmvQC6DX19Lea5IStgnBboe8mrK3iaC79Le76fpc2PPF0ou3NIWW06xjKaPr3h9UuTxKM8XWIWrvQCo4KnK+PIKHi2pawWaPwGxp34zJ7xdKTe1oG6ZVFZQC8LjebEGKgrBlYKjEbPdQvJ+RjMW8iorcu5qe4K9My8kIS21ucoVClFud6K9kXvySQKfdZ5OTbRKKaQQDOFovFe8fxevtzZiwMO9bXA0OOMFqbYLYvy3y0K+He2ufEEilpNVexn5BR62KVSvbSAXilmza8xULsM6IUeX47jBquXw1qI9OBICg5vUVhlCvqp7wnfB/qQ1j9l6ZDQxT0DZSMCuqyqEL896Yv/TL3ZL2XaGbgDJPW32T4mMdzTL4pffee9UnIvjod4zjuR1z8I2tbT52UpXwfFC8CfdIxC988847bJhM7hUfQ79FJlUw8p60Xi/yrZXQvolWTXfBsDtcnAoEC39RyzPzelDUAnoCC+DNBLZE8DbclX9f2EvkbBXEFxFnAh+C/6E8CSQGPSPzHpCq6m7DDgywBfUUReL9NqS9oVrfz1T0SOBp1VwHEuIL4VBN4Ba0tfggwL1L0P/5uC9kD/EKU78INooFphFatoPUc+AHznWevlw8dp516giYyCvMbbAWwIbiCricBi0juiXYzf4dffaXBMWi05KNDSpuj0D1q2AjqfGtPiYBugyY0mkk16lVVCdFGbGAPGgDHgMvAAmb+B5Vwl6R1z0I1aL3E13Yg5Vr1wQ9Vk4x/AX+Euj04rPkFj0lvLcfdF/X/s1ykvSfCh3yi/FCeXe44WJn+NQPlvHMvN72B87gBc0Tl+Hmjs4kY8aeLwLShZGOtQxqKV6WPAX73uhU5Q4PuZg4JdcBdIJkC/A/8ix2oQ9UN8buh1Rt9H1wRXY9LEYzalW0uqekbdWiRYO8aAMTCDAW6aCiZaWf06Q5uX0k03LtiMzrOskoyCKF3ZBnyU0KWOlMUFc221H55QN2vRlVR4NKFSHL9fU0fBtxjRpGVMTEWNvSLxAO6fxXdPMC6mbannBHHBXIFxb/zcJsNqEPqiCcaBQOcjTuKCecU+IxU5gXGjM70xYAzUBgPcsLT62B7EBQB/ILrpngrO8QuqJc+Y9PxVz2ZvyNinN7HfgvqfZ6wXa44vTTD0jP6eWKOWBc+jWg+I68xCm1oF6wdy0rzgmNl/UgXafoHy7uDJJLtA2WvoNqH+/YGyNlXRp6F0YCugRyhpZDJGF4Ej0hgXY2MBvRjWrI4xUDkGdKPXDdtHlha1gtMq20WW+k223LAUQFYH2hr+qUnZ8o9WXdeCVbC/hKOChduu0rqRxUmor1r9pBXx5benZ61BoY+/gCMpVGDvC34MGk5X6kZ9PNiAOsMS7KIi/5wlBl58/gb2pbK2nTVpCInGNwjsh+3mQDsF8uuPGVVhof7dWGlL/dUE6yT+1a4/zgRXM4poexjYFo3QH8Txo+vlWbAfWJ86cdxQnCc67z4vSWPJq0wm07WkyvTtPQ56sfBvQJ+FkOiz0weshf1pHEPXfNIkS2PwOZePFhK3xdHCME7Bc4LelN0eV15AvyUDHFjApqmYdh4noQshq4ymjSWzVmpUe3jWKmaJCo1fvzJ2ZiHf9OFcbAraFfITUz6cPnSJKTN1DAOcEz1fXRcsB+YBX4Jh4H34TLoZYVK9wrhmpne6PywLdF1okfMNeItxaXytJvRFnzutwDsDBSe1/wH9GMux7EJ7i+B0RbBCzrkC0pu0NyKXr+iB9menAU2sFgMLgO+Britxr3RNCePRtbMmWAnMB7QdH31G4iYvmJRP4p4Xla8F82QMGAM1zwA3WAXtwTnU/HiiATCuKaSH5xCp2+RIX/RstWLPV/1B0Z4epwjP+WWtkaf9X2nnhdZoqzXaYDxa4Ws3Ie2OQtm7pRmFiTFgDBgDxoAxYAzUOAMW0Gv8BFr3jQFjwBgwBowBMWAB3a4DY8AYMAaMAWOgDhiwgF4HJ9GGYAwYA8aAMWAMWEC3a8AYMAaMAWPAGKgDBiyg18FJtCEYA8aAMWAMGAMW0O0aMAaMAWPAGDAG6oAB/Xcd/YhBuxRjmcr37JJ+tzaFi2QT+jInFkJI/B/2D9mEdPrvSfoBhUaXcZy/yY1Ogo3fGDAGjIF6ZUA/LDMSdEwxwB+wmTeFXSkm+nUw/TReOWVRnOnXhxpdVocA/UyhiTFgDBgDxkAdMmBb7nV4Um1IxoAxYAwYA43HgAX0xjvnNmJjwBgwBoyBOmTAAnodnlQbkjFgDBgDxkDjMWABvfHOuY3YGDAGjAFjoA4Z0EtxpwIdC0nw/68WqpSx/CXsr4ipsxv6pWPKktQ/U/jvJIMqKVuWfuxcJX2xbhgDxoAxYAzUGAOz8FWmq6qlz/SlP30RWghfPdP/mC0moH+P3xNbOKwyBePbhS5ZQK+y82LdMQaMAWOgVhiwLfdaOVPWT2PAGDAGjAFjIIEBC+gJ5FiRMWAMGAPGgDFQKwykeXZeK2OxfhoDxoAx0KYM5H7tcj468QuP+r5t085Y4w3HgAX0hjvlNuC2YIAbfW/a3T1D25Ow/QqMBWPASwSIjziaVBEDnNfl6M5BYFOwHpgdNAllP5EYDoaCx8ED1Rrk6atiwZJgNH3UtWdSgwxYQK/Bk2ZdrkkGVqPXe5bSc266CgwDwPXcdD8uxZfVLY0BzoX+P8TVQJO0uEeXc1HWLYc9OP6Tejdy/Cvn70eOVSH0aR86cgOYB/xM/lj616cqOmedyMRA3IWYyYkZGwPGQKswsDytnAT+y033eqD/U2DSygzAew+afA9ogpblHqrVu75x8wE+9K2WNhf6oW8OKXgrmEv0z7FuQr9CU87+1BQDWS7GmhqYddYYqGMGtLN2BBjKjXe/ah4n/dsVDHLwWDX3t1DfGEd3bPqDBQvZJpQvRtl/8HV6gk1rFW1IQ/4/5+qAbpPW6oC1Uz4GbMu9fFyaJ2OgtRmYgwbvJDBoO/9MtkmntXYHUrS3ODabO3b6oaeaFHiejY7fDeL+xbPGpX8x/SmYGWj1q39PHRL9y+q98HkZ521iyKCVdHH/Elvvb5jUGAMW0GvshFl364oBPQePW2Hrs6lgoG11vXC1A1gAhOT/UC5LcPhdlQb1UJ9rUXcCne4S6PhkdLeCc+B/lFvOOdFKXuf4KLCyU/YW6a3bOJirO4PAy2AjEMmbJJ6IMnasHQYsoNfOubKe1h8D47mh6+ZZSPRMUyu+34HzwFKBCvuiGw7+HCgzVXkY6B1wMxVdL87jQ4GymdCPQ38V5+96jn8BZ4J3QE/K2vxrbfRhCn3rSX+OBtrp+RBcjd7edIeIWhML6LV2xqy/DcmAbrwMvC833/s46u3qQwNEnE75h9jaG8oBckpRwatW2gp4vmjLPBjMXcNcgDwLP1qZP0++zYN51D/6Mp70pVHejrXLgL0UV7vnznregAxw8/0NHMbQT4sZ/rUEDT23rhZJet5cLX1M0484TvWCXGrh3PUD36SuYIbGQAYGLKBnIMtMjYFqYYCgcBF9Ca2qZkd/brX0k36sWUV9KaUrcbuZVbPSLmVwVrc+GIi7SOtjdDYKY6C+GdAqfR3QwxvmgazSLyfov+fpE7PU0Qt4XcFyYC6gleRQ8Ca+tOWfWvDVCeNeYK/UlTIY4n9ezNVP9XcR8D0YDV6hr79wLLd8HuNwA/Tvx5RVVA0HegSg8eu86RsOGv9wxt8m/aHtmeiTzsmqYGGgbwXoLXpxN4R+TeBYdqFNfZtA/40zemHxK9Kv0d6ocjZGOzPjT583vcOia06PKsT5UNr6jGPJkmtjXRxFbehdBo3n41Y5r3SgNyhWtkjLAA08XmQjZT2pafub1Y6x7VLk+NJW65amTzgbldZhEXbnpezDuUX4TltlWJo+lNuGzl0Q6ODbpbaDzzXB1IDvK9L4pt4S4BLwecBHpPqexDVAN85YoXxr8GsOetkqTiKb6PhqrFOnAGezgxPBW3GO0U8EA8DGTtWSk/hrD34Evoi3BUtuIKUD2uoMdL6Ggzj5lIJzQNxjgrzWsBsNonOho35qOLVgPyf4C9AP5sTJLxQ8BDZM6xjb2YDbL6VfV32OM4M/gFdBnLxNwT6gXdo2Q3bUXwHcDL4GcfImBSeDuUM+CumotxLoA74BcaLzdDnQZKkygnML6GWgFh4toOd4hAsL6BmuKfi6H/hScOJChWPBeL9iQl431MPiukbZdgl1k4rejfMZ6am8GRiZ5CRQdh06/0dTIpeZj/i6JdCGVJ8AraoqJvhvB/4EQpMK1EHRz7ieARI5oNwPIj+kHQh19wdjQRZ5AGPtsCQKNgrovryPYjWgYJ1WtBjMHGip0wlcCSaBtDIGw4MTB+YUYqs2NFmeDNKKzuspjpvmpD1Db6bCEsZAzTJwb6Dny/ChXz2g1+pGK90HKbsKaGs8rWgL9Sbq6utXrSa0p0cLz4IlMzZ6JPZareuXz8ohN+BkWsCRtplfo52HgVaEmYNHwGezCn/iXef4QqBHIWllDgy1K/YMPhZIWymNHf60Y3Extn1B3I/nxLnS79oPof7ycQYJeu06vALWSLDxi7ZFMYj2ZvcL4vLYakv9OXAcmCXOLqDX6lmr+dvBrIHyZpXTxtEotZ2fVnReLwm1YQE9LYVmZwxULwNP0rXQM24978sTbgK6OT0Kds8ryM/oh1L07C5OtJ3bK66wnHraORt//wBxNzwF2N9AnPSk4Mq4wix6nmEqkPwzoc7OlN0NtDX7GDgSLJZgX7CI+goKj4EkvnWuks7XxpQroM3HsVyiyeAfY5z9iv5NMBB8GWOzAvon6FPWiYZW9gpovuiaDU22Iru1SFwbZZKO9GkhyvVjO90T7HTNTU0o702ZdiKCkwH0GocmDHFtjM2Vv8bxJxAStXGdWzALjjdDUUpgX9l1mDG9Ju0nnQTX3fxuJkO6I030yGBfCdMXuBmEbriVaMt8NhgDXFvfc43rxSO9SOOKVhl5gq229t5GuXleAf8whLxuDg+B0UD3BK08fw904/ZXG3qW9wj+xlMWyX9JHBFlcketKnXzikQvRh0fZXLHb728m32HjIKVu8qW/fVAwVMvC02gL0uQ3hr8HfjjPoLyf2H3BmWlyp9xIP/7JTgSV9vlcC1t67mveL2NPozimEU0Tv9cqb7O0UVAfuVT50vnX6vfY8EywJWlyXQB37nKYtKMRytKwRd9x/4koO/ZN9/XsVeAPAscCdwAp/7cA3qCYmQclfRDPYPBh0C8a+Wua/AA4MuB9OVK+qbJRlAol49+QH3z5V0Ul4DH8aFJm2y7gv3BH4A/OVkN3YJgDGgW6mlyeh9YoVk5PSHObgP6GWed32ahznpkLgObNCunJw6h7FXstXvU9HKBnouZVJaBgttkNG/P0KdfoNoStmfoOS7SHuAs9HLQFXH1sVdAjuQsEu6NNq8aZd2BgqYv++QZBjJUGOVVilttBGpPV1F/d6CX3STa1tZNMiiUzQs+Br7cFKxQpBLnR4OkFwn99pUXh3pksWyaZrHrBUKi3++fPc4HZVrE6DMUPZfVc/cNE+xTP0PHz+IgFDOuQK9JRaxQvh7Q819fdglVwij0DD2q+zSJhUP1pKNsLxB69n17XJ1cvbOjBrzj38jHjo+y+YFeaotkGAlNoloIer3M54uuDU1IEwUbfVZ90eRieowhETo5fgXLl8aABfTp/J2XeLXmCjG1gJ6GKMcGzp4NXKK3OCYtktgrqJ/RoiCgwO7MgP8+AdM8FXVKDuhyiB8F9UdA7MQjahibDYAv2sEoq9CAAqcC+wi/sQJ5BdrrQce4DlHWAQwFvvRF0S6unqvHbk+g3ZvYYC57yrME9H9h70t/FLHBzuuTAq0vr7s2URqjuID+A2WdI7u4IzYX+g2RV/AL8od+URCacJwe14avp74C7jAQF8z1/soXwJeDfV9xeSre7Vcmf1qTPQkL6AF2yqyygD6dUAvo+ReWtr7LIrh9J991U05bsomCVfDm5lfCbq2A/+d8Oz9PnbIEdPlN29ec7bhAf7VFWnahHQXfbcA1QF8tSisvYhhcaaPfO+BEAX62LAPAXo8HEgWbVAEdOwUj/1sR2jkp2IbbAez1kp4vemSSJxjEBfRT8wxjMrn6oetgpVAV7PVuiC+PhWzjdFTWtxGSdg5C5/XZOH8hPf47A00KXdFjh5KenYfaMp0xYAy0DQOhm+qXhbrCszc9twsKd4vFgALVKRgIvvjPDP3ysuYL9HUe+rkx0PPyq2hYzyl9KfY9HN9PXp5+TQJPgmMoWBLoRafzgd4pSJKNKbw0xmDXgP5c2hgf0MeqsM97fhtrmK6gJ2adPNOHimjjbs+HsgW3m506em+goOS4Ck2aF42pHOI81Q5W5I82p4GxUT5w3Dmguz6gi1Xh/ysKB3oG3bnu5ym4feVVsqwxYAxUGQN8kPVMNrQF+UWarlJfwW99sCbQizwR5iOdJKlW90kOiimjvytTTy8JRf3UUYG0kFS8v7qh0wm9mSzoMUVXjgeD40Bop05vwt9Ivbcod2VLN0N6EtDLWm0pukZ80XfC9S2LLDJnwLhLQBdS6eXiYaGCGJ0mVVt5ZS0mooxB72Ws7tl9wnmJfYHOs02bDXF4FO0fltZBzm45z16PPJZSQNdbrKHZrGcfm9Vbd8fGliYXnEtxoVls5OHPJNaIMhmO32J7dAp7bWXdksLOTIyBamNgh0CHFFieC+ibVdxENiVzKNgJtLjJNRtWQYK+LkM3tALWKmp5UBNCQPiEjp5B/7Vr8CAIPc8+CH1zQMdW9+WFgSv6L3o/uYo2SId2gbR9LZQqoQlpyOdIeNDkJq2EOOsQqLx4QKdJWbnFP6/y36NMjXSeBXLuL8VZ7uIrNqAPpP2BadqnHc1yiwnov9LGPYXawL9mzxbQCxFl5VXFANdtOzqkoOyLvsoyxlcqn/vMnkPydKD6VS30txcd/BeYp6o7mtA5nQvGsS0m/wP+8+Id0Z3gVF+ItH9exjnlbZV0v35Y7j5MTunw15R2kZkmtmkkNKH4Ok3FtDacfy2c505rX4TdZM0ETYwBY6B2Gdibrmur3Jek54x6hrmnX8HL6zngBw6Gke7v2VQ8y03wSBq5rkBDWoV9CBQso+N5pLuBqhGC+k+MR18lvNjrlB/gQ6vKObw6bZHVbmel5PNKOU7p9+eAXVk55/xP4fz/QDuVmph+bgE9cBZNZQzUAgPcHLR9d0mgr9+juyGgb/r6F/pQMH8MvSYB74EPuPl8x7FZaGvF5kwrJWhT26AXBZpTH+8EbwD1dbRvQ91rfF2V5DVJ8kVff5sv4pyjvjr1C0ZuQFkWHUXxLzH6TiuQD+34XEo7H5ehrefL4KMUF6GxdS3FYUxdteMGdE3e/hhjm1U90gJ6VsrM3hioAga4uesrWA8Af3Wn3p3PjT9uNaUbsC+/x76vr/TybfHc+q/0YS6vHzeTP4L+xm7Rwo3ehwk9E/VctUk2FCS0Lawbuytvk9nYUeilrXXBa46utZOvBhqcwLm4MaCvNdVIOqzPjPtNiA25luZhfFpVl0vEoTs51vWtf/X6VjkaaF8OJ+bDGDAGWo8BbjJ6lvkocG/4UQc+JXFVlHGP1FNQ6OLqSD/BzaRQMFeVNbx6rZHt7jWioHcc/Y0N5jn71Tn6z6A9V8Vl4bAH0LsHxYpeRPRlXGBMD/tG5E8N6BJV9DX0AlhinYTCZyj7zSvfr5g2iqnjtVvWLPxPwaE+U65o0ny8q0iTLjC2AQEfejE9s4TasYCemUarYAy0HQN8iBXkXgFbBXqhgLcbN6cJgTKpVg3o3w/o8lS0qVXLyXnK9BndKF3R/48oGGyx0QtEK7kVSX/G2H71dKHseSFlqTr61AMfj4ALSOtX9nTDTy3Y74bxHoEKzwV0d6Ob6On1U7C7e7rYLLadKdQPDm0da5ShIMf9fV4VTRCv9nSJWfqzDAb/5bh+omHrF/YJNHk6/dQEMZXkbDU2/9qN6mvS8HWUyR2Pw347T5eYxf5ADAZxzNvBsoCeSJsVGgNtzwAf2vZAP5qib2sMAe6WXdRBBc59uOkmBeg5I2PnuBF+YwNsruxi7BXUi5HRXqVO5EPbzp5Z0z9j6egpV6I/if2gvDd1enr1Ss7itwdOFMxnzzk7kePr6ENfQ8uZzDhgp2B+Gwhx/eAMy+kpzuNIUn6gVN3b8FVwfNgsh+1zYGWg378vS1DH11nAn2jot8kV+EJjw3yGYLMeuReBHuE8Sb5qgjqcP60+AVd0vvXTtuIxUbDZCINngMY2kHyLoE4bP1N2PnBFk1f9nOs6rjKUxka/RKdrT4+e1N4T5JuDugX0EGumMwZah4GF+TDqt59DOAe9fu9bL6qNBboJ7h3TrUnoD+VmoRfbkuR/gUIFpCtpZw6/DJ2CwiBwiF+WIa+3433R6laBPVYYi7Z2P/MMFOB1c13K0+tlvznBtej7+mWl5vGrG+Z/QBTMI5fdSLxMuQK7vmuuf7DUDcwF9M861gO9wcvY9QPNN97IAUdNwO518m7yPDI+f5qUPYrP80ALf+jmA3ok8C6IAoq4fgh9wYkAdonCeRmOgR+QVOcC8DxtBFez6DUZux6bV8DiQDI3qKqgTn8ULLXT5YquN53nY0AHt0BpdEuCK0i+ABaUDlkEDEQfnYMmZe7PdRzfcBWk9aLcEPkBSucJuvZgO5SDweUgit36/DYH9VnImBgDxkDbMKAP/d9KbFrfT96TG+3zhfxgM4ybguw282yPJb8PZVrRjQK64a4KVgSl3iOG4sOXHVG8T3tPcdQLYWuCC+hff46u3ErmHFdBWquSodTVakoBXxORVYD6G9qBQF2a0C993ewovPQBLW7o6LSyKri6wsaXiSiOwr92V1oI+u9od2cKNCFQ8ItEfTgDnEz5QI6fAt3glwU9wGzAF02G5vOVRebPpd4awH98sAm6t+iTzosmKpqMdAZa3a4NQqJ+VeS8hRorpIPzD+j/77DTRFqcRjIviauB/nHUsxxHAvV7ebApmBn4onJdn3lCGxPxsRvK14DuAZHIx/HgcMo1+RaHP4AlgXYyFgMh0QSg6XNa6oc15Nx0xoAx0DoMPE8zB3KDGJ6hueOwHQK0anNlITK9XEWZ0jfh50/Av7Eth06IJHQvuoTC3kATC1dmJbODq6h0Go7v4ib7Oe30BUuVob2p+DgAvy8m+aJcz2MV1PsB/3GDAncaHn7FTtfJ/RxLFvzQpWkH4EjBeEfPoYJg1xy8ohbZcWj2wt+gFiVtqKA/AxjfwXRB166uNVc0KdrTVcSkx6DfFV/+SrzJHL3+iY9W3HqMs3iTcsYfnde0k0RdP7vj7ztVd2cgypsYA8ZA9TOgmfvOfIg3B8OzdBd7bcXqhvRbhnrjsT0ig32zKe19SebiZkWGBHXV7jbA33Yu5OUaDDRpKavQH02gVgPXA+0sFCuaGGyDv7it9jy/uXa1QtOqLavofK+Lj7IE86hx/GmSsAu4DBTDxePUWx0/gzhWndCv2+hUTzC2iM5pbGvg49WkupS/Q3l3kGgX40Pf9DgL9MCPJkZNYgE9YsKOxkB1MzCU7l0OtgK6WQwotrvUfZS6ejlJW35Johu12ukGdIMrVs6n4hkg7u37WL/0dSSF2q69A2hVmyT/pXBr6hzLUTe8sgu+fwJH4Xh1cCv4EaQVrdr0iKUbPp5JW0l22H/CQY8mtMPyNSgkozE4BXSn7geFjIspx+9UoDZ0LQ1K6eN17PTy5vZAk72qFfr3Ap1bHvwdaAJTSHT97Q92oO5XhYxVjt0XHPQc/BDwOSgkekxzN1iLuvrve1PcCrO4GUsbA8ZAxRi4D88fZvCugKSbgoLAGD64aW7iqd3jT6t8/cvFzTnuCBQ0FwS6cQ0DWj3cg90IjnrxZ2YOByntyPdOOjaJD43l7/h4gGMvsGIOs3L8Fqitt0FQqK929qe+gqHqbwQWBe3AcPAx6Iedu9I5D93CwJVU/XUrxKVpS/wdTJ+O4CgOtdJaE6jNeYFutNoG/Qa8CQaDl6mnG3JRQt1JVLyaNm/gGJ23rqQXAbqX63p5AzwNBmFfaAKEWZMcw9+OubQOmfpIO2pzC/qlvuwCtJugPs0PNOEZBV4Bj2H7Ece0on4c5Bk3bS17uqTsgxR+4hmoL6mE/v6EoV54VFDfBmwHlgIan65rfT7l7/EcDySzCfV0nm6hDU2aNwY7gRWB2ugE9BnRpOwl8Aj2ZbuO8ZcvdEJvcRYrW+R7i8/RwONFNqKLqaDgW2+mVkrmKtQBGtYbspWUboX6oHI6MKqCndBNtqDQvl48qZQoWJkYA8aAMVB3DLSvuxHZgIwBY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TFgAb3+zqmNyBgwBowBY6ABGbCA3oAn3YZsDBgDxoAxUH8MWECvv3NqIzIGjAFjwBhoQAYsoDfgSbchGwPGgDFgDNQfAxbQ6++c2oiMAWPAGDAGGpABC+gNeNJtyMaAMWAMGAP1x4AF9Po7pzYiY8AYMAaMgQZkwAJ6A550G7IxYAwYA8ZA/TEwS/0NyUZkDNQGA9OmTVuDns7Srl27N9weo5+d/KquLpD+jHrfuHrqrUx+TlfnpX+mzgfYLYF+UfAh+Z9cG8pmI78a+IqyESpD15nD0krHSLNtTLl8bETZcuAh/P7o21G+B7qZKbsvKkO3H+mO6G6NdO6R8mPIj6P8nkiPbkvS6v8d6L8hvzzp7cFr5AdzbCHY7IRyWdAXm+/IL0B6xzyMRcwAAA2jSURBVBaGMxRq89Eoi/1upOeO8rnj5xxfx+4HT9+Upc7WJHT+24HXwHPYTuPYLNj0JvMt+sekJK8+za90jOg8PIFd1P8vyD/t21K+DLrNwEeUD/HLQ3nqrIh+TaBz+Bl4m7ofcswT7OZBsUueMj8zlnpP5qta5vDTFe1aYAXwFXiZev/lmCfY6RrRdd0/r4AMZRtw0PnvT/n3UTn6XqSnoOsX6dwj5YuRXwesCn4Cb2H7MsdYoc4OFIr3ftj+HGtIAbbzcVgXrA6mgv+Bp6k3hWNQqDMXBeqT6uiaeQe8QR31r3xCQ71BsbJF2p7QwONFNjIqTRv4nqtI/2mq6WQkCk52SeOoBJtuiR3IFeJ/VAltFKp6Xso+nFvIUQnlw9L0odI29L8rmJobh4Jds6BbI6dPOhzYXCGXwHhwUgWVy5TjBTm7zQM+VsuV3RCVkT86p4s7XBvZxh2peGuusgJDC6FsOBjrFpB/O1fnBFcfpSmbCBQMm4X8Dbk6Tdc76YXABJBnF1VA3wkoiH8GdKMUP+uBJMnzheFHMcaaUGii0izk1d4zAXudO02ymoX8ZPBqpCD9OkiS52WLQXsg7jRuBeA8QfcU0LW3Xl5BIIPNguBuEJJ7UWqy1yzkVwkZOrpBzcaBBHbzgT6OvZtUDNBktFnI/wzebVY4CfTRtaAJXrOgHwNa3AfQzQp075kEfBGfazc7cRLoFwW6FiVHO0V5ScragT+AH4AvI1HsmFchl0HfC4z1K5D/Cuzt1rEVusuGpY2B1mPgKJpSANGsXDcBdwUwmrzKIzmdhG5kx0YKjqHV5kXoF87ZaJJwALgdvJTT5QXMnC7L4VaMhwQqtFg5BWxKUV3MjUsrbJejVP6o8zV1H8J4L47dyL/nVVTAnRdcQtk0r+xB8ld6OmVDq6If0bsr067k/w5uz7X7KWnJKUC7CA+AK8A3YC+gFbN8JMkRFM6ZM1BbJwO1Ea14f1AZ41CwVtkz4GKwB2gS9DuT6Aluxy5vYjLdYsZfbBcg9zZYHNwDbgVDgcamCaVWx5tgtwa+vibtyqNkdD360tRHX6k8fubm8AboAv4DbgIfAU109gFHghewW5H2JpIum+BTn0XthOjciJcLga4V9Wl78Eegtleh7RGkXTmcTAeglbk+y3ET3KsoOwZoMnE8eB3MDHTuTwP98b8V/geSbhLy+uxfAL4CR4FXgK7TDcHZ4B5slqfO+aRLF5zZCh0SCshchZimvq3QcyTBRV2v0BnfbOBb8DJ4APwGFoq7Rih7DWS6gWF/CJAc6vtFV+wKfX/fV9o8bd6qziBZV+hTqKPVz2jgrwYLrtDVP+ptDST/9PuL7mmglfBiURnpaIWugFtQsNcKfZxviO4gIGneYSCt8y1Zyrf389jkrdDdcsqOkBNEk7agUPZQk8W0aZvLgHQH8CH4BeStdEMOsLkPSJr779qhP66plDFFevLRCv1fkS7tkbrRNXJGqA7lPcGebhn5sqzQ8XMykNwBFGTzBN2K4KQ8JRl0swBdm/8DfwESBeg8QbddU8n0XbRoUtZsQ9kC4BzQ3DbptYCu8Y/Bgs3GuQQ61dG1J5u1pW7vG1neGDAGKs7AvrQwH7gRaBXSEbQIvOhMZpppAiScChYHd3Hjar7hZSDnaWyHAy0+Zo3qkV6GtFZkj7LC+SLSl/H4Xc7XHI7PD3LpU92+OOXlTIq3SeBy2tK9XqtHTai0GzGaY6xgr1VyLzAQ2+DEBr1WnNoF2AP75TgWLdTXhPZAMARcEHJEe3rO3Dx5CNmUoBNXWgUfTRtTfD/o9L7B5b6evHZKdG3qs3wzUF3x7Iv8TwUH4kcr+TxB9w04C7htn4iRVv6Ho28xYVQdyg7L2TRNNmYhY2IMGAOty4A+8D+Ae8FvQFt4WnFdxIdUH/rWEj2bW9NrrHml6umVPRT7zTz9lfT5fU9X1iz+r6DdjXCq54Xngv/L0gD1qT7t37m6ugHfn6t/MMd2IG41KX7WytlGh5vxd2uUcY5qpFMuL58KcH/L5Z/LHXW4GuwHjtWROgM49gMD8OvezFGVJvjTyu4avCgwaAtevGnichEoJNG4HylgqPKtgOw/dWw3pu3rnbySD9CnpzxdlI3aewybrJ+BxQNtye+mkfOkI3UXoVx4kLZ/SLINlOmzrEnnbdTVrpu27TXBWYT8GMden7OP0X3s6LTC10RLE/pI9LLexFxGnPwEno8K/SO2egygPjfxZwHdZ8jyxkAFGeDDtx7u1wXX8mH8VU2hU7A5B+wAdINvLVFQySI9MBZcUTB631VUKH0oflcHp8PXYLjrn7GdW7A/GxwC7sdHe44HAQW4uKCllfWiwJU53YyTnp/0eCcfJa+gry9FGdJ6IUs39yOAArtWpYK2TrelfATpcoquq9+Di3NOT6KNX1I0oAAnGTv9EPs3ClqRfWS4EgnBlU/IxAX0iOfIn1uvUFrci89ipai2OV8r0uCW4E44/TbX+E0cdwKHgfOkw64Th/nAe8p7ovvBK45uIGn5lIhTfXNhWlMu/o/OURP/uqhNjAFjoPUY0IxeMi8f9L8JpJdo0oS36nJFFTkcjNduHvZIaEmBR4uAZnCz0YokjfyWM9LNLSTSRzYtymnnZ5R7Ak2CboO3ZVsYJSio/znFj4Jtqast0p5gKXALZXEr4z6U6YUjF1dTJyTq+zU5PJMzuIy6Wh3nCbqfgLa916FgaaB6Cg43grIKbWjbX9eY5A1wW1Oq8J8o+KxWwDQqj+wj81tINF8nufSlUWHgGNWP/AVMYlWaUGpr2oeCaxrRY5DJIGvbekmtHViBa0ovp91DWp8RiXbcZlaCc6BrYyhYVXlPFIyvBaFzL0664Md9ZJNXnbLZUCwHmvizgJ5Hj2WMgcoxwIdPK4l9cy38juNZOfwhp1OwyRSocvWKPQzjZvO+CxzpxhMnU7HVlmAz4gwD+uiG3d0vY8wKrAuDyMY3acrT7v9IHA7mBfcD3UyziG7wuucdBA4F08DNoBzyC/07VsDZnmAc0NZrxyTn2I/M1dHqdaMk2xLKXszV1c6GxpxG3sboR6CXKxcKVUC/IPrDwE/gLc+mxbVSoG0FZa1yD8Dv4p6vpix6PdbQufdlGr4n+8Ao1Vipp4D7KtAb+5v4zqM8ZVplNwnp2UkoeGsyqEC9Uw7bcZwANEnfGUTyPIkFqSe+moW2h4NjUJzQrJyRUB1dr6fOULVIqUwTB9naS3EiwcQYaCUGtCLWSlQfXgUxF73J68N7JKhHGcCgfgZ6k1criibJ3RgVaCV3TT/E/+XmJ5urgJ4ZagWYRbRC1xa7JlC7gmfw9xnHsgo+f8ChVsXLgJNBszDerfybOvnOGCg4ftVs2MYJxqAgrd0FBfN+9HFpt0vkde32A+r7ydgr+Bct1J9IZa145wH/wX/zNSKn5OfmcCcYlEtLXU5R21ql34n/vIkVeX074FzK9CZ711yjmpBrcnEqfZ/DBbrlgQJ9tBtHcqY/A63GL8NHLyk82crLK3sR+AicQZ0jpHAFna7jM8HH4EKVZf1AqI6JMWAMZGSAD59WkwrW34N/cQP41XVB+d3k/w60ItLbrlo1VJvoJbEVA536jP7eEtA3qygfQd3jUPwb6Ec6FAwUNLYHXcBd2NzBMY2cgtF6YIM0xpEN/vUVOPXzjJzuX1FZzHEH7EOrxfH4OiCmTqS+noTG+39qE3s9O9c1cD5Yn7SuhZeAJnF7AgWHs0HVCH2+hX52o0MK7O+TfpbjJ0BBbQswJ9A7AoV4xKyw4Ode2tB7Egp+7+baU0BbFOwIFOyvAZoYllVoW+0pQF4L9KLZQI7vAU0ktgW6Dp4AY4BEwVqf0T7KuIKvUdR/FN1OHFcgr5fhxpHeF50+5/o64BCOr4PJYH2ga1kTQQXxJqHOeOz2IfMguJ602nylqXC6vbgaDvbBtul+Uo6ArllH03KfY1bRzS2tiNzZ0ho7dl876aSkZlTFjiPJr8rku5B8g0Gl2lfbvxTqQK5cF9qwlLZZzYanrCC7SnERfSBTdqVsZtvgSTdCvRWeF8zVAjr9GMiNJHXD3xvcBqpNdqVDgi+6+SlQJgpjvJUxDsXoYrAXmBUoQOhGpQDoy5coWnzm8TMJP6rv3mCjuvocjQATI4V31IRCwfgnoElFSPR5VbkeA+i8+eIHFOU1lmahj/oO+Z9Q9AV/BiegQ9X007Snkz8QHA+mgeHgKMp9DrTq9dtC1SST+KtyHQvJVAw0nvGFDP1y+nQyff4P+r+AjcAuQBy/Cs6jfBBHV8Sd+vWbq0ybxt+ZtDcA+7NBd6CtbPV7MLiccpW5onHF3dtUT+UavytBLvDdh7ZfwPACsAHQqln8vgvOBv/GBpOm73wvR14/Ffwtx5Bch3Jz8Htwpgyw1e7CKiT/DjQhOkpqMApcAVp8nZA671BHgfuvYAdwCJBoVX4p+Cs2zeOXMxNjwBioMAN8KOeiCUG/zR282WGjoLAg0PNYzdabBL10HdB9mVMVPFBndoy06vueenkTCMrmRq/V1TjK8gIfZZrkdwbNfUA3B3mtjuJkAn50k08tuXZm9fuW2kEdGOZ41bPmzIG2rYZPn+emvwrYrSK0p+vuR9rUxKdVhbb1ef2VtjVJKbvgX59Rnf/g/SDUIHU6Sk+dCaHy/weN5Lia9jbZjQAAAABJRU5ErkJggg=="` | - createdby.png - base64 | | gitops.css | string | `"/* gitops default css */\n"` | - multiline string - gitops.css | | gitops.favicon | string | `"AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"` | - favicon in base64 | diff --git a/helm/portal/templates/deployment.yaml b/helm/portal/templates/deployment.yaml index 894dd831..07d4da19 100644 --- a/helm/portal/templates/deployment.yaml +++ b/helm/portal/templates/deployment.yaml @@ -117,8 +117,7 @@ spec: - name: APP value: {{ .Values.global.portalApp | quote }} - name: GEN3_BUNDLE - # optional: true - value: "" + value: {{ .Values.gitops.gen3Bundle | quote }} - name: LOGOUT_INACTIVE_USERS valueFrom: configMapKeyRef: diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 2ec452f7..9eb3f444 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -205,6 +205,8 @@ extraImages: # -- (map) GitOps configuration for portal gitops: + # -- (string) + gen3Bundle: "" # -- (string) multiline string - gitops.json json: | { From 46efca69c60a7dec1a97cf8101d66000c07e3b73 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 5 Dec 2024 14:39:29 -0600 Subject: [PATCH 276/279] Do not set a default auth namespace in sheepdog --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/sheepdog/Chart.yaml | 2 +- helm/sheepdog/README.md | 4 ++-- helm/sheepdog/values.yaml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 7b195584..2a5772bc 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -76,7 +76,7 @@ dependencies: repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog - version: 0.1.19 + version: 0.1.20 repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher diff --git a/helm/gen3/README.md b/helm/gen3/README.md index a4a81281..3f73ecf8 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -38,7 +38,7 @@ Helm chart to deploy Gen3 Data Commons | file://../portal | portal | 0.1.22 | | file://../requestor | requestor | 0.1.16 | | file://../revproxy | revproxy | 0.1.19 | -| file://../sheepdog | sheepdog | 0.1.19 | +| file://../sheepdog | sheepdog | 0.1.20 | | file://../sower | sower | 0.1.15 | | file://../ssjdispatcher | ssjdispatcher | 0.1.13 | | file://../wts | wts | 0.1.18 | diff --git a/helm/sheepdog/Chart.yaml b/helm/sheepdog/Chart.yaml index 8cb88f98..5512b98d 100644 --- a/helm/sheepdog/Chart.yaml +++ b/helm/sheepdog/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.19 +version: 0.1.20 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sheepdog/README.md b/helm/sheepdog/README.md index 6081137c..ce1f501c 100644 --- a/helm/sheepdog/README.md +++ b/helm/sheepdog/README.md @@ -1,6 +1,6 @@ # sheepdog -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Sheepdog Service @@ -23,7 +23,7 @@ A Helm chart for gen3 Sheepdog Service | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.labelSelector.matchExpressions[0].values | list | `["sheepdog"]` | Value for the match expression key. | | affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[0].podAffinityTerm.topologyKey | string | `"kubernetes.io/hostname"` | Value for topology key label. | | arboristUrl | string | `"http://arborist-service"` | URL for the arborist service | -| authNamespace | string | `"default"` | | +| authNamespace | string | `""` | | | automountServiceAccountToken | bool | `false` | Automount the default service account token | | autoscaling | map | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for autoscaling the number of replicas | | autoscaling.enabled | bool | `false` | Whether autoscaling is enabled | diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml index 7b7b09df..e3706f94 100644 --- a/helm/sheepdog/values.yaml +++ b/helm/sheepdog/values.yaml @@ -180,7 +180,7 @@ indexdUrl: http://indexd-service fenceUrl: http://fence-service # -- (string) URL for the arborist service arboristUrl: http://arborist-service -authNamespace: default +authNamespace: "" # -- (list) Volumes to mount to the container. volumeMounts: From a16c492866358d6acb1aa00b1804a3feeec2d04c Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 5 Dec 2024 14:44:18 -0600 Subject: [PATCH 277/279] Bump gen3 chart --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/portal/values.yaml | 2 +- helm/ssjdispatcher/README.md | 3 +++ 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index caa86e2d..51cb9d46 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.50 +version: 0.1.51 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 1d851dc4..108a2841 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.50](https://img.shields.io/badge/Version-0.1.50-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.51](https://img.shields.io/badge/Version-0.1.51-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml index 9eb3f444..622c2fc3 100644 --- a/helm/portal/values.yaml +++ b/helm/portal/values.yaml @@ -205,7 +205,7 @@ extraImages: # -- (map) GitOps configuration for portal gitops: - # -- (string) + # -- (string) gen3Bundle: "" # -- (string) multiline string - gitops.json json: | diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 54bea67c..8867a6ef 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -44,6 +44,9 @@ A Helm chart for gen3 ssjdispatcher | global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. | | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | +| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any indexd secrets you have deployed. | +| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | | global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. | From 5baba7201f4d6cee107504122c0f32330b08c980 Mon Sep 17 00:00:00 2001 From: Jawad Qureshi Date: Thu, 5 Dec 2024 14:45:23 -0600 Subject: [PATCH 278/279] Bump gen3 chart --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/ssjdispatcher/Chart.yaml | 2 +- helm/ssjdispatcher/README.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 51cb9d46..6224603b 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -80,7 +80,7 @@ dependencies: repository: "file://../sheepdog" condition: sheepdog.enabled - name: ssjdispatcher - version: 0.1.14 + version: 0.1.15 repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 108a2841..174aacf3 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -40,7 +40,7 @@ Helm chart to deploy Gen3 Data Commons | file://../revproxy | revproxy | 0.1.19 | | file://../sheepdog | sheepdog | 0.1.20 | | file://../sower | sower | 0.1.15 | -| file://../ssjdispatcher | ssjdispatcher | 0.1.14 | +| file://../ssjdispatcher | ssjdispatcher | 0.1.15 | | file://../wts | wts | 0.1.18 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | | https://helm.elastic.co | elasticsearch | 7.10.2 | diff --git a/helm/ssjdispatcher/Chart.yaml b/helm/ssjdispatcher/Chart.yaml index 336e01a5..f56d5b40 100644 --- a/helm/ssjdispatcher/Chart.yaml +++ b/helm/ssjdispatcher/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/ssjdispatcher/README.md b/helm/ssjdispatcher/README.md index 8867a6ef..e5b9890e 100644 --- a/helm/ssjdispatcher/README.md +++ b/helm/ssjdispatcher/README.md @@ -1,6 +1,6 @@ # ssjdispatcher -![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 ssjdispatcher From 0c71be3cee79ca86521cc26e6d709a05cc8efeb5 Mon Sep 17 00:00:00 2001 From: EliseCastle23 <109446148+EliseCastle23@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:29:07 -0700 Subject: [PATCH 279/279] creating PR for small helm fixes (#219) * creating PR for small helm fixes * updating pelican export image to "master" as the code has been fixed to work with Helm * fixing gen3 chart versions * fixing etl environment variable error * fixing syntax error, updating comment, and removing checksum for deleted configmap. * fixing aws-configuration error * bumping gen3 chart version * feat(helm-fixes): Added a few more fixes * version bump * wrong gen3 version * adding a new line at the end of values.yaml --------- Co-authored-by: Ed --- helm/etl/Chart.yaml | 2 +- helm/etl/README.md | 2 +- helm/etl/templates/etl-job.yaml | 6 +-- helm/fence/Chart.yaml | 2 +- helm/fence/README.md | 2 +- helm/fence/templates/usersync-cron.yaml | 4 +- helm/gen3/Chart.yaml | 12 ++--- helm/gen3/README.md | 15 +++--- helm/gen3/templates/cluster-secret-store.yaml | 6 +++ helm/gen3/values.yaml | 7 +++ helm/manifestservice/Chart.yaml | 2 +- helm/manifestservice/README.md | 2 +- .../templates/manifestservice-creds.yaml | 2 + helm/metadata/Chart.yaml | 2 +- helm/metadata/README.md | 4 +- helm/metadata/templates/deployment.yaml | 1 - helm/metadata/templates/metadata.yaml | 10 ---- helm/metadata/values.yaml | 2 +- helm/sower/Chart.yaml | 2 +- helm/sower/README.md | 17 ++++--- helm/sower/templates/_helpers.tpl | 7 +++ helm/sower/templates/external-secret.yaml | 18 +++++++ helm/sower/templates/sower-jobs-g3auto.yaml | 10 ++++ helm/sower/values.yaml | 49 +++++++++++++++++-- 24 files changed, 135 insertions(+), 51 deletions(-) delete mode 100644 helm/metadata/templates/metadata.yaml create mode 100644 helm/sower/templates/sower-jobs-g3auto.yaml diff --git a/helm/etl/Chart.yaml b/helm/etl/Chart.yaml index d55e0945..83ba97e5 100644 --- a/helm/etl/Chart.yaml +++ b/helm/etl/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/etl/README.md b/helm/etl/README.md index 4c1c5995..3ef0e7e9 100644 --- a/helm/etl/README.md +++ b/helm/etl/README.md @@ -1,6 +1,6 @@ # etl -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 etl diff --git a/helm/etl/templates/etl-job.yaml b/helm/etl/templates/etl-job.yaml index 9272940c..0056c497 100644 --- a/helm/etl/templates/etl-job.yaml +++ b/helm/etl/templates/etl-job.yaml @@ -52,7 +52,7 @@ spec: name: etl-mapping - name: fence-yaml configMap: - name: useryaml + name: fence containers: - name: gen3-spark image: {{ .Values.image.spark.repository }}:{{ .Values.image.spark.tag }} @@ -156,7 +156,7 @@ spec: - name: SPARK_DRIVER_MEMORY value: 6g - name: ETL_FORCED - value: {{ .Values.etlForced }} + value: {{ .Values.etlForced | quote }} - name: gen3Env valueFrom: configMapKeyRef: @@ -183,7 +183,7 @@ spec: - name: "fence-yaml" readOnly: true mountPath: "/gen3/tube/user.yaml" - subPath: useryaml + subPath: user.yaml resources: requests: cpu: {{ .Values.resources.tube.requests.cpu }} diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml index 02930bbf..4df81c7f 100644 --- a/helm/fence/Chart.yaml +++ b/helm/fence/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.26 +version: 0.1.27 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/fence/README.md b/helm/fence/README.md index 690caa00..89908be8 100644 --- a/helm/fence/README.md +++ b/helm/fence/README.md @@ -1,6 +1,6 @@ # fence -![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.27](https://img.shields.io/badge/Version-0.1.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Fence diff --git a/helm/fence/templates/usersync-cron.yaml b/helm/fence/templates/usersync-cron.yaml index 2349f8ce..d10ad669 100644 --- a/helm/fence/templates/usersync-cron.yaml +++ b/helm/fence/templates/usersync-cron.yaml @@ -119,8 +119,8 @@ spec: echo "ERROR: failed to generate ETL config" exit 1 fi - # kubectl delete configmap fence > /dev/null 2>&1 - # kubectl create configmap fence --from-file=/tmp/user.yaml + kubectl delete configmap fence > /dev/null 2>&1 + kubectl create configmap fence --from-file=/tmp/user.yaml if [ "${slackWebHook}" != 'None' ]; then curl -X POST --data-urlencode "payload={\"text\": \"AWSHelper: Syncing users on ${gen3Env}\"}" "${slackWebHook}" fi diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 6224603b..84b9ccd7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -28,7 +28,7 @@ dependencies: version: 0.1.16 repository: file://../common - name: etl - version: 0.1.6 + version: 0.1.7 repository: file://../etl condition: etl.enabled - name: frontend-framework @@ -36,7 +36,7 @@ dependencies: repository: "file://../frontend-framework" condition: frontend-framework.enabled - name: fence - version: 0.1.26 + version: 0.1.27 repository: "file://../fence" condition: fence.enabled - name: guppy @@ -52,11 +52,11 @@ dependencies: repository: "file://../indexd" condition: indexd.enabled - name: manifestservice - version: 0.1.17 + version: 0.1.18 repository: "file://../manifestservice" condition: manifestservice.enabled - name: metadata - version: 0.1.16 + version: 0.1.17 repository: "file://../metadata" condition: metadata.enabled - name: peregrine @@ -84,7 +84,7 @@ dependencies: repository: "file://../ssjdispatcher" condition: ssjdispatcher.enabled - name: sower - version: 0.1.15 + version: 0.1.16 condition: sower.enabled repository: "file://../sower" - name: wts @@ -128,7 +128,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.51 +version: 0.1.52 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 174aacf3..a39e4aed 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.1.51](https://img.shields.io/badge/Version-0.1.51-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.52](https://img.shields.io/badge/Version-0.1.52-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -24,22 +24,22 @@ Helm chart to deploy Gen3 Data Commons | file://../audit | audit | 0.1.16 | | file://../aws-es-proxy | aws-es-proxy | 0.1.13 | | file://../common | common | 0.1.16 | -| file://../etl | etl | 0.1.6 | -| file://../fence | fence | 0.1.26 | +| file://../etl | etl | 0.1.7 | +| file://../fence | fence | 0.1.27 | | file://../frontend-framework | frontend-framework | 0.1.6 | | file://../gen3-network-policies | gen3-network-policies | 0.1.2 | | file://../guppy | guppy | 0.1.16 | | file://../hatchery | hatchery | 0.1.12 | | file://../indexd | indexd | 0.1.18 | -| file://../manifestservice | manifestservice | 0.1.17 | -| file://../metadata | metadata | 0.1.16 | +| file://../manifestservice | manifestservice | 0.1.18 | +| file://../metadata | metadata | 0.1.17 | | file://../neuvector | neuvector | 0.1.2 | | file://../peregrine | peregrine | 0.1.17 | | file://../portal | portal | 0.1.22 | | file://../requestor | requestor | 0.1.16 | | file://../revproxy | revproxy | 0.1.19 | | file://../sheepdog | sheepdog | 0.1.20 | -| file://../sower | sower | 0.1.15 | +| file://../sower | sower | 0.1.16 | | file://../ssjdispatcher | ssjdispatcher | 0.1.15 | | file://../wts | wts | 0.1.18 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | @@ -176,6 +176,9 @@ Helm chart to deploy Gen3 Data Commons | revproxy.ingress.enabled | bool | `false` | Whether to create the custom revproxy ingress | | revproxy.ingress.hosts | list | `[{"host":"chart-example.local"}]` | Where to route the traffic. | | revproxy.ingress.tls | list | `[]` | To secure an Ingress by specifying a secret that contains a TLS private key and certificate. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for External Secrets and DB Secrets. | +| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | +| secrets.awsSecretAccessKey | str | `nil` | AWS secret access key ID. Overrides global key. | | sheepdog.enabled | bool | `true` | Whether to deploy the sheepdog subchart. | | ssjdispatcher.enabled | bool | `false` | Whether to deploy the ssjdispatcher subchart. | | wts.enabled | bool | `true` | Whether to deploy the wts subchart. | diff --git a/helm/gen3/templates/cluster-secret-store.yaml b/helm/gen3/templates/cluster-secret-store.yaml index 28ffe29e..38650a4c 100644 --- a/helm/gen3/templates/cluster-secret-store.yaml +++ b/helm/gen3/templates/cluster-secret-store.yaml @@ -12,10 +12,16 @@ spec: region: {{ .Values.global.aws.region }} auth: secretRef: + {{- if .Values.global.aws.useLocalSecret.localSecretName }} accessKeyIDSecretRef: name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: access-key secretAccessKeySecretRef: name: {{ .Values.global.aws.useLocalSecret.localSecretName }} key: secret-access-key + {{- else }} + jwt: + serviceAccountRef: + name: {{ .Values.global.aws.secretStoreServiceAccount.name }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 4caa59a8..05519614 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -321,3 +321,10 @@ neuvector: DB_HOST: development-gen3-postgresql # hostname/service name for our ElasitcSearch instance, used to allow egress from containers ES_HOST: gen3-elasticsearch-master + +# -- (map) Secret information for External Secrets and DB Secrets. +secrets: + # -- (str) AWS access key ID. Overrides global key. + awsAccessKeyId: + # -- (str) AWS secret access key ID. Overrides global key. + awsSecretAccessKey: diff --git a/helm/manifestservice/Chart.yaml b/helm/manifestservice/Chart.yaml index 84194a1a..cde53eee 100644 --- a/helm/manifestservice/Chart.yaml +++ b/helm/manifestservice/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/manifestservice/README.md b/helm/manifestservice/README.md index cc328847..5fef5aa6 100644 --- a/helm/manifestservice/README.md +++ b/helm/manifestservice/README.md @@ -1,6 +1,6 @@ # manifestservice -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes diff --git a/helm/manifestservice/templates/manifestservice-creds.yaml b/helm/manifestservice/templates/manifestservice-creds.yaml index 54c5f29a..11fd9990 100644 --- a/helm/manifestservice/templates/manifestservice-creds.yaml +++ b/helm/manifestservice/templates/manifestservice-creds.yaml @@ -9,8 +9,10 @@ stringData: { "manifest_bucket_name": "{{ .Values.manifestserviceG3auto.bucketName }}", "hostname": "{{ .Values.global.hostname }}", + {{ if and .Values.manifestserviceG3auto.awsaccesskey .Values.manifestserviceG3auto.awssecretkey }} "aws_access_key_id": "{{ .Values.manifestserviceG3auto.awsaccesskey }}", "aws_secret_access_key": "{{ .Values.manifestserviceG3auto.awssecretkey }}", + {{ end }} "prefix": "{{ .Values.manifestserviceG3auto.prefix }}" } {{- end }} \ No newline at end of file diff --git a/helm/metadata/Chart.yaml b/helm/metadata/Chart.yaml index ecaa6636..02368daa 100644 --- a/helm/metadata/Chart.yaml +++ b/helm/metadata/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/metadata/README.md b/helm/metadata/README.md index e577d5fc..642e62b3 100644 --- a/helm/metadata/README.md +++ b/helm/metadata/README.md @@ -1,6 +1,6 @@ # metadata -![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 Metadata Service @@ -118,5 +118,5 @@ A Helm chart for gen3 Metadata Service | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | -| useAggMds | bool | `"True"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | +| useAggMds | bool | `"False"` | Set to true to aggregate metadata from multiple other Metadata Service instances. | | volumeMounts | list | `[{"mountPath":"/src/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/mds/.env","name":"config-volume-g3auto","readOnly":true,"subPath":"metadata.env"},{"mountPath":"/aggregate_config.json","name":"config-volume","readOnly":true,"subPath":"aggregate_config.json"},{"mountPath":"/metadata.json","name":"config-manifest","readOnly":true,"subPath":"json"}]` | Volumes to mount to the container. | diff --git a/helm/metadata/templates/deployment.yaml b/helm/metadata/templates/deployment.yaml index e4c6ee87..58e06603 100644 --- a/helm/metadata/templates/deployment.yaml +++ b/helm/metadata/templates/deployment.yaml @@ -25,7 +25,6 @@ spec: {{- include "metadata.selectorLabels" . | nindent 8 }} {{- include "common.extraLabels" . | nindent 8 }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/metadata.yaml") . | sha256sum }} {{- if .Values.metricsEnabled }} {{- include "common.grafanaAnnotations" . | nindent 8 }} {{- end }} diff --git a/helm/metadata/templates/metadata.yaml b/helm/metadata/templates/metadata.yaml deleted file mode 100644 index 58700a6e..00000000 --- a/helm/metadata/templates/metadata.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: manifest-metadata -data: - metadata.json: | - { - "USE_AGG_MDS": "{{ .Values.USE_AGG_MDS }}", - "AGG_MDS_NAMESPACE": "{{ .Values.AGG_MDS_NAMESPACE }}" - } \ No newline at end of file diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml index 99cbd8ba..fd63e46d 100644 --- a/helm/metadata/values.yaml +++ b/helm/metadata/values.yaml @@ -173,7 +173,7 @@ debug: false # -- (string) Elasticsearch endpoint. esEndpoint: http://gen3-elasticsearch-master:9200 # -- (bool) Set to true to aggregate metadata from multiple other Metadata Service instances. -useAggMds: "True" +useAggMds: "False" # -- (string) Namespae to use if AggMds is enabled. aggMdsNamespace: default diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml index b47cda9f..c683d22b 100644 --- a/helm/sower/Chart.yaml +++ b/helm/sower/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/sower/README.md b/helm/sower/README.md index 4b883c3c..3aa7dc4a 100644 --- a/helm/sower/README.md +++ b/helm/sower/README.md @@ -1,6 +1,6 @@ # sower -![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.16](https://img.shields.io/badge/Version-0.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 sower @@ -31,9 +31,11 @@ A Helm chart for gen3 sower | awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | -| externalSecrets | map | `{"createK8sPelicanServiceSecret":false,"pelicanserviceG3auto":null}` | External Secrets settings. | -| externalSecrets.createK8sPelicanServiceSecret | string | `false` | Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets | map | `{"createK8sPelicanServiceSecret":false,"createK8sSowerJobsSecret":false,"pelicanserviceG3auto":null,"sowerjobsG3auto":null}` | External Secrets settings. | +| externalSecrets.createK8sPelicanServiceSecret | string | `false` | Will create the Helm "pelicanservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | +| externalSecrets.createK8sSowerJobsSecret | string | `false` | Will create the Helm "sower-jobs-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. | | externalSecrets.pelicanserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto" | +| externalSecrets.sowerjobsG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "sower-jobs-g3auto" | | fullnameOverride | string | `""` | Override the full name of the deployment. | | gen3Namespace | string | `"default"` | Namespace to deploy the job. | | global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration | @@ -45,7 +47,7 @@ A Helm chart for gen3 sower | global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. | | global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. | | global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. | -| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. | +| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sower secrets you have deployed. | | global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. | | global.hostname | string | `"localhost"` | Hostname for the deployment. | | global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. | @@ -85,7 +87,7 @@ A Helm chart for gen3 sower | resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests | | resources.requests.cpu | string | `"100m"` | The amount of CPU requested | | resources.requests.memory | string | `"20Mi"` | The amount of memory requested | -| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for Usersync and External Secrets. | +| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Values for sower secrets and keys for External Secrets. | | secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. | | secrets.awsSecretAccessKey | str | `nil` | AWS access key ID. Overrides global key. | | securityContext | map | `{}` | Security context for the containers in the pod | @@ -122,7 +124,7 @@ A Helm chart for gen3 sower | sowerConfig[0].container.env[7].name | string | `"SHEEPDOG"` | | | sowerConfig[0].container.env[7].valueFrom.secretKeyRef.key | string | `"sheepdog"` | | | sowerConfig[0].container.env[7].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | | -| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | | +| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:master"` | | | sowerConfig[0].container.memory-limit | string | `"12Gi"` | | | sowerConfig[0].container.name | string | `"job-task"` | | | sowerConfig[0].container.pull_policy | string | `"Always"` | | @@ -161,7 +163,7 @@ A Helm chart for gen3 sower | sowerConfig[1].container.env[8].name | string | `"SHEEPDOG"` | | | sowerConfig[1].container.env[8].valueFrom.secretKeyRef.key | string | `"sheepdog"` | | | sowerConfig[1].container.env[8].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | | -| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | | +| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:master"` | | | sowerConfig[1].container.memory-limit | string | `"12Gi"` | | | sowerConfig[1].container.name | string | `"job-task"` | | | sowerConfig[1].container.pull_policy | string | `"Always"` | | @@ -177,6 +179,7 @@ A Helm chart for gen3 sower | sowerConfig[1].restart_policy | string | `"Never"` | | | sowerConfig[1].volumes[0].name | string | `"pelican-creds-volume"` | | | sowerConfig[1].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | | +| sowerjobsG3auto | string | `"{\n \"index-object-manifest\": {\n \"job_requires\": {\n \"arborist_url\": \"http://arborist-service\",\n \"job_access_req\": []\n },\n \"bucket\": \"$bucketName\",\n \"indexd_user\": \"diirm\",\n \"indexd_password\": \"$indexdPassword\"\n },\n \"download-indexd-manifest\": {\n \"job_requires\": {\n \"arborist_url\": \"http://arborist-service\",\n \"job_access_req\": []\n },\n \"bucket\": \"$bucketName\"\n },\n \"get-dbgap-metadata\": {\n \"job_requires\": {\n \"arborist_url\": \"http://arborist-service\",\n \"job_access_req\": []\n },\n \"bucket\": \"$bucketName\"\n },\n \"ingest-metadata-manifest\": {\n \"job_requires\": {\n \"arborist_url\": \"http://arborist-service\",\n \"job_access_req\": []\n },\n \"bucket\": \"$bucketName\"\n }\n}\n"` | Additional configuration for Sower Jobs Passed in as a multiline string. This secret can be mounted in sowerConfig. | | strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy | | strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. | | strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. | diff --git a/helm/sower/templates/_helpers.tpl b/helm/sower/templates/_helpers.tpl index 1815359e..8f5b72b8 100644 --- a/helm/sower/templates/_helpers.tpl +++ b/helm/sower/templates/_helpers.tpl @@ -72,4 +72,11 @@ Create the name of the service account to use */}} {{- define "pelicanservice-g3auto" -}} {{- default "pelicanservice-g3auto" .Values.externalSecrets.pelicanserviceG3auto }} +{{- end }} + +{{/* + Sowerjobs g3 Auto Secrets Manager Name +*/}} +{{- define "sower-jobs-g3auto" -}} +{{- default "sower-jobs-g3auto" .Values.externalSecrets.sowerjobsG3auto }} {{- end }} \ No newline at end of file diff --git a/helm/sower/templates/external-secret.yaml b/helm/sower/templates/external-secret.yaml index 43132663..5296a3d0 100644 --- a/helm/sower/templates/external-secret.yaml +++ b/helm/sower/templates/external-secret.yaml @@ -16,4 +16,22 @@ spec: remoteRef: #name of secret in secrets manager key: {{include "pelicanservice-g3auto" .}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sower-jobs-g3auto +spec: + refreshInterval: 5m + secretStoreRef: + name: {{include "common.SecretStore" .}} + kind: SecretStore + target: + name: sower-jobs-g3auto + creationPolicy: Owner + data: + - secretKey: config.json + remoteRef: + #name of secret in secrets manager + key: {{include "sower-jobs-g3auto" .}} {{- end }} \ No newline at end of file diff --git a/helm/sower/templates/sower-jobs-g3auto.yaml b/helm/sower/templates/sower-jobs-g3auto.yaml new file mode 100644 index 00000000..0a789e88 --- /dev/null +++ b/helm/sower/templates/sower-jobs-g3auto.yaml @@ -0,0 +1,10 @@ +{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sSowerJobsSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: sower-jobs-g3auto +type: Opaque +stringData: + config.json: | + {{ .Values.sowerjobsG3auto | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml index 8725100a..d3b7d5a9 100644 --- a/helm/sower/values.yaml +++ b/helm/sower/values.yaml @@ -55,7 +55,7 @@ global: dispatcherJobNum: "10" # -- (map) External Secrets settings. externalSecrets: - # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. + # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any sower secrets you have deployed. deploy: false # -- (string) Will deploy a separate External Secret Store for this service. separateSecretStore: false @@ -65,12 +65,16 @@ metricsEnabled: false # -- (map) External Secrets settings. externalSecrets: - # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + # -- (string) Will create the Helm "pelicanservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. createK8sPelicanServiceSecret: false # -- (string) Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto" pelicanserviceG3auto: + # -- (string) Will create the Helm "sower-jobs-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. + createK8sSowerJobsSecret: false + # -- (string) Will override the name of the aws secrets manager secret. Default is "sower-jobs-g3auto" + sowerjobsG3auto: -# -- (map) Secret information for Usersync and External Secrets. +# -- (map) Values for sower secrets and keys for External Secrets. secrets: # -- (str) AWS access key ID. Overrides global key. awsAccessKeyId: @@ -222,7 +226,7 @@ sowerConfig: action: export container: name: job-task - image: quay.io/cdis/pelican-export:GPE-1252 + image: quay.io/cdis/pelican-export:master pull_policy: Always env: - name: DICTIONARY_URL @@ -278,7 +282,7 @@ sowerConfig: action: export-files container: name: job-task - image: quay.io/cdis/pelican-export:GPE-1252 + image: quay.io/cdis/pelican-export:master pull_policy: Always env: - name: DICTIONARY_URL @@ -337,6 +341,41 @@ sowerConfig: secretName: pelicanservice-g3auto restart_policy: Never +# -- (string) Additional configuration for Sower Jobs Passed in as a multiline string. This secret can be mounted in sowerConfig. +sowerjobsG3auto: | + { + "index-object-manifest": { + "job_requires": { + "arborist_url": "http://arborist-service", + "job_access_req": [] + }, + "bucket": "$bucketName", + "indexd_user": "diirm", + "indexd_password": "$indexdPassword" + }, + "download-indexd-manifest": { + "job_requires": { + "arborist_url": "http://arborist-service", + "job_access_req": [] + }, + "bucket": "$bucketName" + }, + "get-dbgap-metadata": { + "job_requires": { + "arborist_url": "http://arborist-service", + "job_access_req": [] + }, + "bucket": "$bucketName" + }, + "ingest-metadata-manifest": { + "job_requires": { + "arborist_url": "http://arborist-service", + "job_access_req": [] + }, + "bucket": "$bucketName" + } + } + # -- (map) Service account to use or create. serviceAccount: # -- (bool) Specifies whether a service account should be created.